Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
GfA
/
linux_kernel
5
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

kcov: prefault the kcov_area

On many architectures the vmalloc area is lazily faulted in upon first
access.  This is problematic for KCOV, as __sanitizer_cov_trace_pc
accesses the (vmalloc'd) kcov_area, and fault handling code may be
instrumented.  If an access to kcov_area faults, this will result in
mutual recursion through the fault handling code and
__sanitizer_cov_trace_pc(), eventually leading to stack corruption
and/or overflow.

We can avoid this by faulting in the kcov_area before
__sanitizer_cov_trace_pc() is permitted to access it.  Once it has been
faulted in, it will remain present in the process page tables, and will
not fault again.

[akpm@linux-foundation.org: code cleanup]
[akpm@linux-foundation.org: add comment explaining kcov_fault_in_area()]
[akpm@linux-foundation.org: fancier code comment from Mark]
Link: http://lkml.kernel.org/r/20180504135535.53744-3-mark.rutland@arm.com
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mark Rutland 7 жил өмнө
parent
c9484b986e
commit
dc55daff90
1 өөрчлөгдсөн 16 нэмэгдсэн , 0 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 16 0
      kernel/kcov.c

+ 16 - 0
kernel/kcov.c
Файл харах 

@@ -324,6 +324,21 @@ static int kcov_close(struct inode *inode, struct file *filep)
 
 	return 0;
 
 }
 
 
+/*
 
+ * Fault in a lazily-faulted vmalloc area before it can be used by
 
+ * __santizer_cov_trace_pc(), to avoid recursion issues if any code on the
 
+ * vmalloc fault handling path is instrumented.
 
+ */
 
+static void kcov_fault_in_area(struct kcov *kcov)
 
+{
 
+	unsigned long stride = PAGE_SIZE / sizeof(unsigned long);
 
+	unsigned long *area = kcov->area;
 
+	unsigned long offset;
 
+
 
+	for (offset = 0; offset < kcov->size; offset += stride)
 
+		READ_ONCE(area[offset]);
 
+}
 
+
 
 static int kcov_ioctl_locked(struct kcov *kcov, unsigned int cmd,
 
 			     unsigned long arg)
 
 {
 
@@ -372,6 +387,7 @@ static int kcov_ioctl_locked(struct kcov *kcov, unsigned int cmd,
 
 #endif
 
 		else
 
 			return -EINVAL;
 
+		kcov_fault_in_area(kcov);
 
 		/* Cache in task struct for performance. */
 
 		t->kcov_size = kcov->size;
 
 		t->kcov_area = kcov->area;