From mboxrd@z Thu Jan 1 00:00:00 1970 From: Samuel Thibault Subject: Re: stack protection in mini-os Date: Thu, 31 Jul 2008 22:10:14 +0100 Message-ID: <20080731211014.GU4565@implementation> References: <9e53c8b90807311358udea192dl64815be5a1bd1a20@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Return-path: Content-Disposition: inline In-Reply-To: <9e53c8b90807311358udea192dl64815be5a1bd1a20@mail.gmail.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Harald Roeck Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Hello, For stubdomains, what I did is to add a check for ESP relative to the bottom of the stack in a frequently called function, (think about something like errno_location()) Harald Roeck, le Thu 31 Jul 2008 13:58:36 -0700, a =E9crit : > If we overflow the stack and run into the > mapped out stack page xen crashes and the machine reboots. Uh, that's bad! Which version of Xen is this with? That is a bug of Xen, can you reproduce it with a RC of 3.3? > it looks like xen is trying to push the arguments for the page fault > trap onto the mapped out page. Most probably yes, but it should catch the error. > rbp: 000000000007b120 rsp: 000000000007aff0 r8: 0000000000000010 > ... >=20 > fyi: the read only page in this setup was 0x7a000. So that's coherent indeed, but I guess you'd like to have the backtrace. > so my question: is it possible to set an "alternate" trap stack? I don't think the hypervisor provides this for kernel level. > or the failsafe_callback? failsafe_callback is only called when you get a fault during the execution of callback, not during normal flow. Samuel