From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xen.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
Jan Beulich <JBeulich@suse.com>
Subject: [PATCH] x86/traps: Improve hypervisor stack overflow detection
Date: Mon, 15 Feb 2016 10:03:16 +0000 [thread overview]
Message-ID: <1455530596-14548-1-git-send-email-andrew.cooper3@citrix.com> (raw)
A sample Gentoo compliation of Xen contains
lea -0x1058(%rsp),%rsp
orq $0x0,(%rsp)
lea 0x1020(%rsp),%rsp
Whatever the reason for silly code like this, it fools the current stack
overflow detection logic in the #DF handler (which triggers reliably on the
'orq' instruction).
Update the overflow condition to declare an overflow if %esp is anywhere
within the guard page, rather than just within the upper 8th of the page.
Additionally, check %esp against the expected stack base in all builds.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
v2: Reintroduce 512 bytes of slop on top of the guard page.
---
xen/arch/x86/traps.c | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 26a5026..3604753 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -451,10 +451,17 @@ void show_stack(const struct cpu_user_regs *regs)
void show_stack_overflow(unsigned int cpu, const struct cpu_user_regs *regs)
{
-#ifdef MEMORY_GUARD
unsigned long esp = regs->rsp;
+ unsigned long curr_stack_base = esp & ~(STACK_SIZE - 1);
+#ifdef MEMORY_GUARD
unsigned long esp_top, esp_bottom;
+#endif
+
+ if ( _p(curr_stack_base) != stack_base[cpu] )
+ printk("Current stack base %p differs from expected %p\n",
+ _p(curr_stack_base), stack_base[cpu]);
+#ifdef MEMORY_GUARD
esp_bottom = (esp | (STACK_SIZE - 1)) + 1;
esp_top = esp_bottom - PRIMARY_STACK_SIZE;
@@ -462,9 +469,12 @@ void show_stack_overflow(unsigned int cpu, const struct cpu_user_regs *regs)
(void *)esp_top, (void *)esp_bottom, (void *)esp,
(void *)per_cpu(init_tss, cpu).esp0);
- /* Trigger overflow trace if %esp is within 512 bytes of the guard page. */
- if ( ((unsigned long)(esp - esp_top) > 512) &&
- ((unsigned long)(esp_top - esp) > 512) )
+ /*
+ * Trigger overflow trace if %esp is anywhere within the guard page, or
+ * with fewer than 512 bytes remaining on the primary stack.
+ */
+ if ( (esp > (esp_top + 512)) ||
+ (esp < (esp_top - PAGE_SIZE)) )
{
printk("No stack overflow detected. Skipping stack trace.\n");
return;
--
2.1.4
reply other threads:[~2016-02-15 10:03 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1455530596-14548-1-git-send-email-andrew.cooper3@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).