From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: LKML <linux-kernel@vger.kernel.org>,
x86@kernel.org, Andy Lutomirski <luto@kernel.org>,
Josh Poimboeuf <jpoimboe@redhat.com>
Subject: Re: [patch V3 21/32] x86/exceptions: Split debug IST stack
Date: Tue, 16 Apr 2019 15:07:44 -0700 [thread overview]
Message-ID: <20190416220744.GA2487@linux.intel.com> (raw)
In-Reply-To: <20190414160145.439944544@linutronix.de>
On Sun, Apr 14, 2019 at 05:59:57PM +0200, Thomas Gleixner wrote:
> The debug IST stack is actually two separate debug stacks to handle #DB
> recursion. This is required because the CPU starts always at top of stack
> on exception entry, which means on #DB recursion the second #DB would
> overwrite the stack of the first.
>
> The low level entry code therefore adjusts the top of stack on entry so a
> secondary #DB starts from a different stack page. But the stack pages are
> adjacent without a guard page between them.
>
> Split the debug stack into 3 stacks which are separated by guard pages. The
> 3rd stack is never mapped into the cpu_entry_area and is only there to
> catch triple #DB nesting:
>
> --- top of DB_stack <- Initial stack
> --- end of DB_stack
> guard page
>
> --- top of DB1_stack <- Top of stack after entering first #DB
> --- end of DB1_stack
> guard page
>
> --- top of DB2_stack <- Top of stack after entering second #DB
> --- end of DB2_stack
> guard page
>
> If DB2 would not act as the final guard hole, a second #DB would point the
> top of #DB stack to the stack below #DB1 which would be valid and not catch
> the not so desired triple nesting.
>
> The backing store does not allocate any memory for DB2 and its guard page
> as it is not going to be mapped into the cpu_entry_area.
>
> - Adjust the low level entry code so it adjusts top of #DB with the offset
> between the stacks instead of exception stack size.
>
> - Make the dumpstack code aware of the new stacks.
>
> - Adjust the in_debug_stack() implementation and move it into the NMI code
> where it belongs. As this is NMI hotpath code, it just checks the full
> area between top of DB_stack and bottom of DB1_stack without checking
> for the guard page. That's correct because the NMI cannot hit a
> stackpointer pointing to the guard page between DB and DB1 stack. Even
> if it would, then the NMI operation still is unaffected, but the resume
> of the debug exception on the topmost DB stack will crash by touching
> the guard page.
>
> Suggested-by: Andy Lutomirski <luto@kernel.org>
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> ---
One nit below on the docs, otherwise:
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
> V2 -> V3: Fix off by one in in_debug_stack()
> ---
> Documentation/x86/kernel-stacks | 7 ++++++-
> arch/x86/entry/entry_64.S | 8 ++++----
> arch/x86/include/asm/cpu_entry_area.h | 14 ++++++++++----
> arch/x86/include/asm/debugreg.h | 2 --
> arch/x86/include/asm/page_64_types.h | 3 ---
> arch/x86/kernel/asm-offsets_64.c | 2 ++
> arch/x86/kernel/cpu/common.c | 11 -----------
> arch/x86/kernel/dumpstack_64.c | 12 ++++++++----
> arch/x86/kernel/nmi.c | 20 +++++++++++++++++++-
> arch/x86/mm/cpu_entry_area.c | 4 +++-
> 10 files changed, 52 insertions(+), 31 deletions(-)
>
> --- a/Documentation/x86/kernel-stacks
> +++ b/Documentation/x86/kernel-stacks
> @@ -76,7 +76,7 @@ The currently assigned IST stacks are :-
> middle of switching stacks. Using IST for NMI events avoids making
> assumptions about the previous state of the kernel stack.
>
> -* ESTACK_DB. DEBUG_STKSZ
> +* ESTACK_DB. EXCEPTION_STKSZ (PAGE_SIZE).
>
> Used for hardware debug interrupts (interrupt 1) and for software
> debug interrupts (INT3).
> @@ -86,6 +86,11 @@ The currently assigned IST stacks are :-
> avoids making assumptions about the previous state of the kernel
> stack.
>
> + To handle nested #DB correctly there exist two instances of DB stacks. On
> + #DB entry the IST stackpointer for #DB is switched to the second instance
> + so a nested #DB starts from a clean stack. The nested #DB switches to
Pretty sure the "to" at the end is unwanted.
> + the IST stackpointer to a guard hole to catch triple nesting.
> +
> * ESTACK_MCE. EXCEPTION_STKSZ (PAGE_SIZE).
>
> Used for interrupt 18 - Machine Check Exception (#MC).
next prev parent reply other threads:[~2019-04-16 22:07 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-14 15:59 [patch V3 00/32] x86: Add guard pages to exception and interrupt stacks Thomas Gleixner
2019-04-14 15:59 ` [patch V3 01/32] mm/slab: Fix broken stack trace storage Thomas Gleixner
2019-04-14 16:16 ` Andy Lutomirski
2019-04-14 16:34 ` Thomas Gleixner
2019-04-15 9:02 ` [patch V4 " Thomas Gleixner
2019-04-15 13:23 ` Josh Poimboeuf
2019-04-15 16:07 ` Thomas Gleixner
2019-04-15 16:16 ` Josh Poimboeuf
2019-04-15 17:05 ` Andy Lutomirski
2019-04-15 21:22 ` Thomas Gleixner
2019-04-16 11:37 ` Vlastimil Babka
2019-04-16 14:10 ` [patch V5 01/32] mm/slab: Remove " Thomas Gleixner
2019-04-16 15:16 ` Vlastimil Babka
2019-04-15 21:20 ` [patch V4 01/32] mm/slab: Fix " Thomas Gleixner
2019-04-15 16:21 ` Peter Zijlstra
2019-04-15 16:58 ` [patch V3 " Andy Lutomirski
2019-04-14 15:59 ` [patch V3 02/32] x86/irq/64: Limit IST stack overflow check to #DB stack Thomas Gleixner
2019-04-17 14:02 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 03/32] x86/dumpstack: Fix off-by-one errors in stack identification Thomas Gleixner
2019-04-17 14:03 ` [tip:x86/irq] " tip-bot for Andy Lutomirski
2019-04-14 15:59 ` [patch V3 04/32] x86/irq/64: Remove a hardcoded irq_stack_union access Thomas Gleixner
2019-04-17 14:03 ` [tip:x86/irq] " tip-bot for Andy Lutomirski
2019-04-14 15:59 ` [patch V3 05/32] x86/irq/64: Sanitize the top/bottom confusion Thomas Gleixner
2019-04-17 14:04 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 06/32] x86/idt: Remove unused macro SISTG Thomas Gleixner
2019-04-17 14:05 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 07/32] x86/64: Remove stale CURRENT_MASK Thomas Gleixner
2019-04-17 14:06 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 08/32] x86/exceptions: Remove unused stack defines on 32bit Thomas Gleixner
2019-04-17 14:06 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 09/32] x86/exceptions: Make IST index zero based Thomas Gleixner
2019-04-17 14:07 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 10/32] x86/cpu_entry_area: Cleanup setup functions Thomas Gleixner
2019-04-17 14:08 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 11/32] x86/exceptions: Add structs for exception stacks Thomas Gleixner
2019-04-16 18:20 ` Sean Christopherson
2019-04-17 14:08 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 12/32] x86/cpu_entry_area: Prepare for IST guard pages Thomas Gleixner
2019-04-17 14:09 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 13/32] x86/cpu_entry_area: Provide exception stack accessor Thomas Gleixner
2019-04-17 14:10 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 14/32] x86/traps: Use cpu_entry_area instead of orig_ist Thomas Gleixner
2019-04-17 14:10 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 15/32] x86/irq/64: Use cpu entry area " Thomas Gleixner
2019-04-17 14:11 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 16/32] x86/dumpstack/64: Use cpu_entry_area " Thomas Gleixner
2019-04-17 14:12 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 17/32] x86/cpu: Prepare TSS.IST setup for guard pages Thomas Gleixner
2019-04-17 14:13 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 18/32] x86/cpu: Remove orig_ist array Thomas Gleixner
2019-04-17 14:13 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 19/32] x86/exceptions: Disconnect IST index and stack order Thomas Gleixner
2019-04-17 14:14 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 20/32] x86/exceptions: Enable IST guard pages Thomas Gleixner
2019-04-17 14:15 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 21/32] x86/exceptions: Split debug IST stack Thomas Gleixner
2019-04-16 22:07 ` Sean Christopherson [this message]
2019-04-17 14:15 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 22/32] x86/dumpstack/64: Speedup in_exception_stack() Thomas Gleixner
2019-04-17 14:16 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 15:59 ` [patch V3 23/32] x86/irq/32: Define IRQ_STACK_SIZE Thomas Gleixner
2019-04-17 14:17 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 16:00 ` [patch V3 24/32] x86/irq/32: Make irq stack a character array Thomas Gleixner
2019-04-17 14:18 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 16:00 ` [patch V3 25/32] x86/irq/32: Rename hard/softirq_stack to hard/softirq_stack_ptr Thomas Gleixner
2019-04-17 14:18 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 16:00 ` [patch V3 26/32] x86/irq/64: Rename irq_stack_ptr to hardirq_stack_ptr Thomas Gleixner
2019-04-17 14:19 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 16:00 ` [patch V3 27/32] x86/irq/32: Invoke irq_ctx_init() from init_IRQ() Thomas Gleixner
2019-04-17 14:20 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 16:00 ` [patch V3 28/32] x86/irq/32: Handle irq stack allocation failure proper Thomas Gleixner
2019-04-17 14:20 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 16:00 ` [patch V3 29/32] x86/irq/64: Init hardirq_stack_ptr during CPU hotplug Thomas Gleixner
2019-04-17 14:21 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
2019-04-14 16:00 ` [patch V3 30/32] x86/irq/64: Split the IRQ stack into its own pages Thomas Gleixner
2019-04-17 14:22 ` [tip:x86/irq] " tip-bot for Andy Lutomirski
2019-04-14 16:00 ` [patch V3 31/32] x86/irq/64: Remap the IRQ stack with guard pages Thomas Gleixner
2019-04-17 14:22 ` [tip:x86/irq] " tip-bot for Andy Lutomirski
2019-04-14 16:00 ` [patch V3 32/32] x86/irq/64: Remove stack overflow debug code Thomas Gleixner
2019-04-17 14:23 ` [tip:x86/irq] " tip-bot for Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190416220744.GA2487@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.