davidlt/kernel-ark
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fork: support VMAP_STACK with KASAN_VMALLOC

Browse Source 
Supporting VMAP_STACK with KASAN_VMALLOC is straightforward:

 - clear the shadow region of vmapped stacks when swapping them in
 - tweak Kconfig to allow VMAP_STACK to be turned on with KASAN

Link: http://lkml.kernel.org/r/20191031093909.9228-4-dja@axtens.net
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Daniel Axtens 2019-11-30 17:54:57 -08:00 committed by Linus Torvalds
parent 0651391693
commit eafb149ed7
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
arch/Kconfig
View File

@ -843,16 +843,17 @@ config HAVE_ARCH_VMAP_STACK
config VMAP_STACK config VMAP_STACK
default y default y
bool "Use a virtually-mapped stack" bool "Use a virtually-mapped stack"
depends on HAVE_ARCH_VMAP_STACK && !KASAN depends on HAVE_ARCH_VMAP_STACK
depends on !KASAN || KASAN_VMALLOC
---help--- ---help---
Enable this if you want the use virtually-mapped kernel stacks Enable this if you want the use virtually-mapped kernel stacks
with guard pages. This causes kernel stack overflows to be with guard pages. This causes kernel stack overflows to be
caught immediately rather than causing difficult-to-diagnose caught immediately rather than causing difficult-to-diagnose
corruption. corruption.
This is presently incompatible with KASAN because KASAN expects To use this with KASAN, the architecture must support backing
the stack to map directly to the KASAN shadow map using a formula virtual mappings with real shadow memory, and KASAN_VMALLOC must
that is incorrect if the stack is in vmalloc space. be enabled.
config ARCH_OPTIONAL_KERNEL_RWX config ARCH_OPTIONAL_KERNEL_RWX
def_bool n def_bool n

4
kernel/fork.c
View File

@ -93,6 +93,7 @@
#include <linux/livepatch.h> #include <linux/livepatch.h>
#include <linux/thread_info.h> #include <linux/thread_info.h>
#include <linux/stackleak.h> #include <linux/stackleak.h>
#include <linux/kasan.h>
#include <asm/pgtable.h> #include <asm/pgtable.h>
#include <asm/pgalloc.h> #include <asm/pgalloc.h>
@ -223,6 +224,9 @@ static unsigned long *alloc_thread_stack_node(struct task_struct *tsk, int node)
if (!s) if (!s)
continue; continue;
/* Clear the KASAN shadow of the stack. */
kasan_unpoison_shadow(s->addr, THREAD_SIZE);
/* Clear stale pointers from reused stack. */ /* Clear stale pointers from reused stack. */
memset(s->addr, 0, THREAD_SIZE); memset(s->addr, 0, THREAD_SIZE);