From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH RFC] x86/traps: Improve hypervisor stack overflow detection Date: Thu, 19 Nov 2015 17:36:54 +0000 Message-ID: <564E08B6.8030404@citrix.com> References: <1447954456-17855-1-git-send-email-andrew.cooper3@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1447954456-17855-1-git-send-email-andrew.cooper3@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Xen-devel Cc: Atom2 , Jan Beulich List-Id: xen-devel@lists.xenproject.org On 19/11/15 17:34, Andrew Cooper wrote: > A sample Gentoo compliation of Xen contains > > lea -0x1058(%rsp),%rsp > orq $0x0,(%rsp) > lea 0x1020(%rsp),%rsp > > Whatever the reason for silly code like this, it fools the current stack > overflow detection logic in the #DF handler (which triggers reliably on the > 'orq' instruction). > > Update the overflow condition to declare an overflow if %esp is anywhere > within the guard page, rather than just within the upper 8th of the page. > > Additionally, check %esp against the expected stack base in all builds. > > Signed-off-by: Andrew Cooper > --- > CC: Jan Beulich > CC: Atom2 > > Currently untested, therefore RFC > > Atom2: If you have a free moment, would you mind giving this patch a spin on a > debug hypervisor? I would expect it to top erroniously informing you that no > overflow was detected > --- Another question is whether, given that the sample above moves the stack by more than 4k, it would be wise to also guard the 4th currently-spare page between the primary stack and IST stacks. ~Andrew