From: Jann Horn <jannh@google.com>
To: security@kernel.org
Cc: Jann Horn <jannh@google.com>
Subject: [PATCH 3/3] sched: panic on corrupted stack end
Date: Wed,  1 Jun 2016 11:55:07 +0200
Message-Id: <1464774907-7753-3-git-send-email-jannh@google.com>
X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020
In-Reply-To: <1464774907-7753-1-git-send-email-jannh@google.com>
References: <CAG48ez3HNCkbW0rFyQJqAvaLNxtLWTKMdPoo6TruYdkpE7oVvg@mail.gmail.com>
 <1464774907-7753-1-git-send-email-jannh@google.com>
X-Spam-Status: No, hits=-5.1 required=5 tests=DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VERIFIED
X-Spam-Checker-Version: SpamAssassin 3.4.0-outflux_revision__1.66__
X-Virus-Scanned: ClamAV using ClamSMTP
Envelope-To: kees@outflux.net
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.73

Until now, hitting this BUG_ON caused a recursive oops (because oops
handling involves do_exit(), which calls into the scheduler, which in
turn raises an oops), which caused stuff below the stack to be
overwritten until a panic happened (e.g. via an oops in interrupt context,
caused by the overwritten CPU index in the thread_info).

Just panic directly.

Signed-off-by: Jann Horn <jannh@google.com>
---
 kernel/sched/core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index 7f2cae4..8dbe9be 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -3156,7 +3156,8 @@ static noinline void __schedule_bug(struct task_struct *prev)
 static inline void schedule_debug(struct task_struct *prev)
 {
 #ifdef CONFIG_SCHED_STACK_END_CHECK
-	BUG_ON(task_stack_end_corrupted(prev));
+	if (task_stack_end_corrupted(prev))
+		panic("corrupted stack end detected inside scheduler\n");
 #endif
 
 	if (unlikely(in_atomic_preempt_off())) {
-- 
2.8.0.rc3.226.g39d4020