Commit eafb149e authored by Daniel Axtens's avatar Daniel Axtens Committed by Linus Torvalds

fork: support VMAP_STACK with KASAN_VMALLOC

Supporting VMAP_STACK with KASAN_VMALLOC is straightforward:

 - clear the shadow region of vmapped stacks when swapping them in
 - tweak Kconfig to allow VMAP_STACK to be turned on with KASAN

Link: http://lkml.kernel.org/r/20191031093909.9228-4-dja@axtens.netSigned-off-by: default avatarDaniel Axtens <dja@axtens.net>
Reviewed-by: default avatarDmitry Vyukov <dvyukov@google.com>
Reviewed-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 06513916
...@@ -843,16 +843,17 @@ config HAVE_ARCH_VMAP_STACK ...@@ -843,16 +843,17 @@ config HAVE_ARCH_VMAP_STACK
config VMAP_STACK config VMAP_STACK
default y default y
bool "Use a virtually-mapped stack" bool "Use a virtually-mapped stack"
depends on HAVE_ARCH_VMAP_STACK && !KASAN depends on HAVE_ARCH_VMAP_STACK
depends on !KASAN || KASAN_VMALLOC
---help--- ---help---
Enable this if you want the use virtually-mapped kernel stacks Enable this if you want the use virtually-mapped kernel stacks
with guard pages. This causes kernel stack overflows to be with guard pages. This causes kernel stack overflows to be
caught immediately rather than causing difficult-to-diagnose caught immediately rather than causing difficult-to-diagnose
corruption. corruption.
This is presently incompatible with KASAN because KASAN expects To use this with KASAN, the architecture must support backing
the stack to map directly to the KASAN shadow map using a formula virtual mappings with real shadow memory, and KASAN_VMALLOC must
that is incorrect if the stack is in vmalloc space. be enabled.
config ARCH_OPTIONAL_KERNEL_RWX config ARCH_OPTIONAL_KERNEL_RWX
def_bool n def_bool n
......
...@@ -93,6 +93,7 @@ ...@@ -93,6 +93,7 @@
#include <linux/livepatch.h> #include <linux/livepatch.h>
#include <linux/thread_info.h> #include <linux/thread_info.h>
#include <linux/stackleak.h> #include <linux/stackleak.h>
#include <linux/kasan.h>
#include <asm/pgtable.h> #include <asm/pgtable.h>
#include <asm/pgalloc.h> #include <asm/pgalloc.h>
...@@ -223,6 +224,9 @@ static unsigned long *alloc_thread_stack_node(struct task_struct *tsk, int node) ...@@ -223,6 +224,9 @@ static unsigned long *alloc_thread_stack_node(struct task_struct *tsk, int node)
if (!s) if (!s)
continue; continue;
/* Clear the KASAN shadow of the stack. */
kasan_unpoison_shadow(s->addr, THREAD_SIZE);
/* Clear stale pointers from reused stack. */ /* Clear stale pointers from reused stack. */
memset(s->addr, 0, THREAD_SIZE); memset(s->addr, 0, THREAD_SIZE);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment