Re: [syzbot] KASAN: stack-out-of-bounds Read in profile_pc

From: Andi Kleen
Date: Wed Jun 02 2021 - 19:35:21 EST

Next message: Austin Kim: "Re: [PATCH] selinux: remove duplicated LABEL_INITIALIZED check routine"
Previous message: Kirill A. Shutemov: "Re: [RFCv2 13/13] KVM: unmap guest memory using poisoned pages"
In reply to: Josh Poimboeuf: "Re: [syzbot] KASAN: stack-out-of-bounds Read in profile_pc"
Next in thread: Josh Poimboeuf: "Re: [syzbot] KASAN: stack-out-of-bounds Read in profile_pc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

profile_pc() assumes the return address is either directly at regs->sp,
or one word adjacent to it due to saved flags, both of which are just
completely wrong. This code has probably never worked with ORC, and
nobody noticed apparently.

I presume it used to work because the lock functions were really simple, but that's not true anymore.

We could just use ORC to unwind to the next frame. Though, isn't
/proc/profile redundant, compared to all the more sophisticated options
nowadays? Is there still a distinct use case for it or can we just
remove it?

It's still needed for some special cases. For example there is no other viable way to profile early boot without a VM

I would just drop the hack to unwind, at least for the early boot profile use case locking profiling is usually not needed.

-Andi

Next message: Austin Kim: "Re: [PATCH] selinux: remove duplicated LABEL_INITIALIZED check routine"
Previous message: Kirill A. Shutemov: "Re: [RFCv2 13/13] KVM: unmap guest memory using poisoned pages"
In reply to: Josh Poimboeuf: "Re: [syzbot] KASAN: stack-out-of-bounds Read in profile_pc"
Next in thread: Josh Poimboeuf: "Re: [syzbot] KASAN: stack-out-of-bounds Read in profile_pc"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]