linux/arch
Dmitry Vyukov 75edb54a1d x86: Fix KASAN false positives in thread_saved_pc()
thread_saved_pc() reads stack of a potentially running task.
This can cause false KASAN stack-out-of-bounds reports,
because the running task concurrently poisons and unpoisons
own stack.

The same happens in get_wchan(), and get get_wchan() was fixed
by using READ_ONCE_NOCHECK(). Do the same here.

Example KASAN report triggered by sysrq-t:

  BUG: KASAN: out-of-bounds in sched_show_task+0x306/0x3b0 at addr ffff880043c97c18
  Read of size 8 by task syz-executor/23839
  [...]
  page dumped because: kasan: bad access detected
  [...]
  Call Trace:
   [<ffffffff8175ea0e>] __asan_report_load8_noabort+0x3e/0x40
   [<ffffffff813e7a26>] sched_show_task+0x306/0x3b0
   [<ffffffff813e7bf4>] show_state_filter+0x124/0x1a0
   [<ffffffff82d2ca00>] fn_show_state+0x10/0x20
   [<ffffffff82d2cf98>] k_spec+0xa8/0xe0
   [<ffffffff82d3354f>] kbd_event+0xb9f/0x4000
   [<ffffffff843ca8a7>] input_to_handler+0x3a7/0x4b0
   [<ffffffff843d1954>] input_pass_values.part.5+0x554/0x6b0
   [<ffffffff843d29bc>] input_handle_event+0x2ac/0x1070
   [<ffffffff843d3a47>] input_inject_event+0x237/0x280
   [<ffffffff843e8c28>] evdev_write+0x478/0x680
   [<ffffffff817ac653>] __vfs_write+0x113/0x480
   [<ffffffff817ae0e7>] vfs_write+0x167/0x4a0
   [<ffffffff817b13d1>] SyS_write+0x111/0x220

Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: glider@google.com
Cc: kasan-dev@googlegroups.com
Cc: kcc@google.com
Cc: linux-kernel@vger.kernel.org
Cc: ryabinin.a.a@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-05 08:41:52 +01:00
..
alpha dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
arc dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
arm ARM: wire up copy_file_range() syscall 2016-01-27 18:14:46 +00:00
arm64 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-01 15:56:08 -08:00
avr32 dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
blackfin dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
c6x dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
cris Merge branch 'akpm' (patches from Andrew) 2016-01-21 12:32:08 -08:00
frv dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
h8300 Merge branch 'akpm' (patches from Andrew) 2016-01-21 12:32:08 -08:00
hexagon dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
ia64 [IA64] Enable copy_file_range syscall for ia64 2016-01-22 14:20:01 -08:00
m32r m32r: fix m32104ut_defconfig build fail 2016-01-14 16:00:49 -08:00
m68k dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
metag dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
microblaze dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
mips Revert "MIPS: bcm63xx: nvram: Remove unused bcm63xx_nvram_get_psi_size() function" 2016-01-27 20:51:50 +01:00
mn10300 dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
nios2 dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
openrisc dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
parisc dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
powerpc powerpc fixes for 4.5 2016-01-29 16:10:16 -08:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2016-01-29 16:05:18 -08:00
score
sh sh: fix smp_store_mb for !SMP 2016-01-26 10:18:29 +02:00
sparc dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
tile dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
um um: kill pfn_t 2016-01-15 17:56:32 -08:00
unicore32 dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00
x86 x86: Fix KASAN false positives in thread_saved_pc() 2016-02-05 08:41:52 +01:00
xtensa dma-mapping: remove <asm-generic/dma-coherent.h> 2016-01-20 17:09:18 -08:00
.gitignore
Kconfig dma-mapping: always provide the dma_map_ops based implementation 2016-01-20 17:09:18 -08:00