[v2,0/6] wchan: Fix ORC support and leaky fallback

Message ID	20210929220218.691419-1-keescook@chromium.org (mailing list archive)
Headers	show Return-Path: <linux-hardening-owner@kernel.org> From: Kees Cook <keescook@chromium.org> To: Peter Zijlstra <peterz@infradead.org> Cc: Kees Cook <keescook@chromium.org>, kernel test robot <oliver.sang@intel.com>, Vito Caputo <vcaputo@pengaru.com>, Jann Horn <jannh@google.com>, Ingo Molnar <mingo@redhat.com>, Juri Lelli <juri.lelli@redhat.com>, Vincent Guittot <vincent.guittot@linaro.org>, Dietmar Eggemann <dietmar.eggemann@arm.com>, Steven Rostedt <rostedt@goodmis.org>, Ben Segall <bsegall@google.com>, Mel Gorman <mgorman@suse.de>, Daniel Bristot de Oliveira <bristot@redhat.com>, Andrew Morton <akpm@linux-foundation.org>, Christian Brauner <christian.brauner@ubuntu.com>, Anand K Mistry <amistry@google.com>, "Kenta.Tada@sony.com" <Kenta.Tada@sony.com>, Alexey Gladkov <legion@kernel.org>, =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>, Michal Hocko <mhocko@suse.com>, Helge Deller <deller@gmx.de>, Qi Zheng <zhengqi.arch@bytedance.com>, "Tobin C. Harding" <me@tobin.cc>, Tycho Andersen <tycho@tycho.pizza>, Thomas Gleixner <tglx@linutronix.de>, Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>, Mark Rutland <mark.rutland@arm.com>, Jens Axboe <axboe@kernel.dk>, Stefan Metzmacher <metze@samba.org>, Lai Jiangshan <laijs@linux.alibaba.com>, Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, "Eric W. Biederman" <ebiederm@xmission.com>, Ohhoon Kwon <ohoono.kwon@samsung.com>, Kalesh Singh <kaleshsingh@google.com>, YiFei Zhu <yifeifz2@illinois.edu>, Josh Poimboeuf <jpoimboe@redhat.com>, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-hardening@vger.kernel.org, x86@kernel.org Subject: [PATCH v2 0/6] wchan: Fix ORC support and leaky fallback Date: Wed, 29 Sep 2021 15:02:12 -0700 Message-Id: <20210929220218.691419-1-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	wchan: Fix ORC support and leaky fallback \| expand [v2,0/6] wchan: Fix ORC support and leaky fallback [v2,1/6] Revert "proc/wchan: use printk format instead of lookup_symbol_name()" [v2,2/6] sched: Add wrapper for get_wchan() to keep task blocked [v2,3/6] proc: Use task_is_running() for wchan in /proc/$pid/stat [v2,4/6] proc: Only report /proc/$pid/wchan when process is blocked [v2,5/6] x86: Fix get_wchan() to support the ORC unwinder [v2,6/6] leaking_addresses: Always print a trailing newline

Message ID

20210929220218.691419-1-keescook@chromium.org (mailing list archive)

Headers

From: Kees Cook <keescook@chromium.org>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Kees Cook <keescook@chromium.org>,
 kernel test robot <oliver.sang@intel.com>, Vito Caputo <vcaputo@pengaru.com>,
 Jann Horn <jannh@google.com>, Ingo Molnar <mingo@redhat.com>,
 Juri Lelli <juri.lelli@redhat.com>,
 Vincent Guittot <vincent.guittot@linaro.org>,
 Dietmar Eggemann <dietmar.eggemann@arm.com>,
 Steven Rostedt <rostedt@goodmis.org>, Ben Segall <bsegall@google.com>,
 Mel Gorman <mgorman@suse.de>,
 Daniel Bristot de Oliveira <bristot@redhat.com>,
 Andrew Morton <akpm@linux-foundation.org>,
 Christian Brauner <christian.brauner@ubuntu.com>,
 Anand K Mistry <amistry@google.com>,
 "Kenta.Tada@sony.com" <Kenta.Tada@sony.com>,
 Alexey Gladkov <legion@kernel.org>,
 =?utf-8?q?Michael_Wei=C3=9F?= <michael.weiss@aisec.fraunhofer.de>,
 Michal Hocko <mhocko@suse.com>, Helge Deller <deller@gmx.de>,
 Qi Zheng <zhengqi.arch@bytedance.com>, "Tobin C. Harding" <me@tobin.cc>,
 Tycho Andersen <tycho@tycho.pizza>, Thomas Gleixner <tglx@linutronix.de>,
 Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>,
 Mark Rutland <mark.rutland@arm.com>, Jens Axboe <axboe@kernel.dk>,
 Stefan Metzmacher <metze@samba.org>, Lai Jiangshan <laijs@linux.alibaba.com>,
 Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>,
 "Eric W. Biederman" <ebiederm@xmission.com>,
 Ohhoon Kwon <ohoono.kwon@samsung.com>, Kalesh Singh <kaleshsingh@google.com>,
 YiFei Zhu <yifeifz2@illinois.edu>, Josh Poimboeuf <jpoimboe@redhat.com>,
 linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
 linux-hardening@vger.kernel.org, x86@kernel.org
Subject: [PATCH v2 0/6] wchan: Fix ORC support and leaky fallback
Date: Wed, 29 Sep 2021 15:02:12 -0700
Message-Id: <20210929220218.691419-1-keescook@chromium.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

wchan: Fix ORC support and leaky fallback | expand

Message

Kees Cook Sept. 29, 2021, 10:02 p.m. UTC

Hi,

This attempts to solve the issues from the discussion here[1]. Specifically:

1) wchan leaking raw addresses since 152c432b128c (v5.12).

patch 1 fixes this with a revert.

2) wchan has been broken under ORC, seen as a failure to stack walk
   resulting in _usually_ a 0 value, since ee9f8fce9964 (v4.14).

patches 2-5 fixes this with Qi Zheng's new get_wchan() and changes to
the /proc code to use the new helper suggested by Peter to do the stack
walk only if the process can be kept blocked:
https://lore.kernel.org/lkml/20210929194026.GA4323@worktop.programming.kicks-ass.net/

Peter, can you take this via -tip?

Thanks!

-Kees

[1] https://lore.kernel.org/lkml/20210924054647.v6x6risoa4jhuu6s@shells.gnugeneration.com/

v1: https://lore.kernel.org/lkml/20210924062006.231699-3-keescook@chromium.org/

Kees Cook (5):
  Revert "proc/wchan: use printk format instead of lookup_symbol_name()"
  sched: Add wrapper for get_wchan() to keep task blocked
  proc: Use task_is_running() for wchan in /proc/$pid/stat
  proc: Only report /proc/$pid/wchan when process is blocked
  leaking_addresses: Always print a trailing newline

Qi Zheng (1):
  x86: Fix get_wchan() to support the ORC unwinder

 arch/x86/kernel/process.c    | 51 +++---------------------------------
 fs/proc/array.c              |  7 ++---
 fs/proc/base.c               | 20 ++++++++------
 include/linux/sched.h        |  1 +
 kernel/sched/core.c          | 16 +++++++++++
 scripts/leaking_addresses.pl |  3 ++-
 6 files changed, 36 insertions(+), 62 deletions(-)

Comments

Josh Poimboeuf Sept. 30, 2021, 1:01 a.m. UTC | #1

On Wed, Sep 29, 2021 at 03:02:12PM -0700, Kees Cook wrote:
> Hi,
> 
> This attempts to solve the issues from the discussion here[1]. Specifically:
> 
> 1) wchan leaking raw addresses since 152c432b128c (v5.12).
> 
> patch 1 fixes this with a revert.
> 
> 2) wchan has been broken under ORC, seen as a failure to stack walk
>    resulting in _usually_ a 0 value, since ee9f8fce9964 (v4.14).
> 
> patches 2-5 fixes this with Qi Zheng's new get_wchan() and changes to
> the /proc code to use the new helper suggested by Peter to do the stack
> walk only if the process can be kept blocked:
> https://lore.kernel.org/lkml/20210929194026.GA4323@worktop.programming.kicks-ass.net/
> 
> Peter, can you take this via -tip?

It all looks sane to me.  Thanks for cleaning up this mess.

- Should we use a similar sched wrapper for /proc/$pid/stack to make its
  raciness go away?

- At the risk of triggering a much larger patch set, I suspect
  get_wchan() can be made generic ;-)  It's just a glorified wrapper
  around stack_trace_save_tsk().

Regardless:

Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>

Peter Zijlstra Sept. 30, 2021, 8:40 a.m. UTC | #2

On Wed, Sep 29, 2021 at 06:01:57PM -0700, Josh Poimboeuf wrote:

> - Should we use a similar sched wrapper for /proc/$pid/stack to make its
>   raciness go away?

Alternatively, can we make /stack go away? AFAICT the semantics of that
are far worse in that it wants the actual kernel stack of a task,
blocked or not, which is a total pain in the arse (not to mention a
giant infoleak and side-channel).

> - At the risk of triggering a much larger patch set, I suspect
>   get_wchan() can be made generic ;-)  It's just a glorified wrapper
>   around stack_trace_save_tsk().

Done that for you :-)

Kees Cook Sept. 30, 2021, 3:18 p.m. UTC | #3

On Thu, Sep 30, 2021 at 10:40:11AM +0200, Peter Zijlstra wrote:
> On Wed, Sep 29, 2021 at 06:01:57PM -0700, Josh Poimboeuf wrote:
> 
> > - Should we use a similar sched wrapper for /proc/$pid/stack to make its
> >   raciness go away?
> 
> Alternatively, can we make /stack go away? AFAICT the semantics of that
> are far worse in that it wants the actual kernel stack of a task,
> blocked or not, which is a total pain in the arse (not to mention a
> giant infoleak and side-channel).
> 
> > - At the risk of triggering a much larger patch set, I suspect
> >   get_wchan() can be made generic ;-)  It's just a glorified wrapper
> >   around stack_trace_save_tsk().
> 
> Done that for you :-)

Thanks! I wasn't sure the renaming was worth the churn, but the other
cleanups make it much nicer. :)

Do you want me to re-collect the resulting series, or do you have a tree
already for -tip for this?

-Kees

Peter Zijlstra Sept. 30, 2021, 6:39 p.m. UTC | #4

On Thu, Sep 30, 2021 at 08:18:34AM -0700, Kees Cook wrote:
> Do you want me to re-collect the resulting series, or do you have a tree
> already for -tip for this?

I stuck it here:

  https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git/log/?h=sched/wchan

I'm waiting on the robots to tell I wrecked the world... :-)