From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH RFC] x86/traps: Improve hypervisor stack overflow detection Date: Fri, 20 Nov 2015 11:03:56 +0000 Message-ID: <564EFE1C.4090402@citrix.com> References: <1447954456-17855-1-git-send-email-andrew.cooper3@citrix.com> <564F09EE02000078000B7118@prv-mh.provo.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <564F09EE02000078000B7118@prv-mh.provo.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich Cc: Atom2 , Xen-devel List-Id: xen-devel@lists.xenproject.org On 20/11/15 10:54, Jan Beulich wrote: >>>> On 19.11.15 at 18:34, wrote: >> @@ -394,9 +401,8 @@ void show_stack_overflow(unsigned int cpu, const struct cpu_user_regs *regs) >> (void *)esp_top, (void *)esp_bottom, (void *)esp, >> (void *)per_cpu(init_tss, cpu).esp0); >> >> - /* Trigger overflow trace if %esp is within 512 bytes of the guard page. */ >> - if ( ((unsigned long)(esp - esp_top) > 512) && >> - ((unsigned long)(esp_top - esp) > 512) ) >> + /* Trigger overflow trace if %esp is anywhere within the guard page. */ >> + if ( (esp & PAGE_MASK) != (esp_top - PAGE_SIZE) ) > Is this correct? I'd suspect this to be wrong when esp is in the > lower of the two primary stack pages. If we have hit a double fault from the stack guard pages, one way or another %esp is somewhere in the guard page. Although now you point this out, it still might be just in the primary stack and very close to the boundary, or misaligned across the boundary. Being an abort means that %esp in the exception frame might not be the exact %esp which caused the issue. I will reintroduce some slop into the check. ~Andrew