[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] x86/traps: improve hypervisor stack overflow detection

commit 2c56cda8bc596b5073d0fd602e6069f768640ac1
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Mon Feb 15 14:14:43 2016 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Feb 15 14:14:43 2016 +0100

    x86/traps: improve hypervisor stack overflow detection
    
    A sample Gentoo compliation of Xen contains
    
        lea    -0x1058(%rsp),%rsp
        orq    $0x0,(%rsp)
        lea    0x1020(%rsp),%rsp
    
    Whatever the reason for silly code like this, it fools the current stack
    overflow detection logic in the #DF handler (which triggers reliably on the
    'orq' instruction).
    
    Update the overflow condition to declare an overflow if %esp is anywhere
    within the guard page, rather than just within the upper 8th of the page.
    
    Additionally, check %esp against the expected stack base in all builds.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
---
 xen/arch/x86/traps.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 47100ea..564a107 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -451,10 +451,17 @@ void show_stack(const struct cpu_user_regs *regs)
 
 void show_stack_overflow(unsigned int cpu, const struct cpu_user_regs *regs)
 {
-#ifdef MEMORY_GUARD
     unsigned long esp = regs->rsp;
+    unsigned long curr_stack_base = esp & ~(STACK_SIZE - 1);
+#ifdef MEMORY_GUARD
     unsigned long esp_top, esp_bottom;
+#endif
+
+    if ( _p(curr_stack_base) != stack_base[cpu] )
+        printk("Current stack base %p differs from expected %p\n",
+               _p(curr_stack_base), stack_base[cpu]);
 
+#ifdef MEMORY_GUARD
     esp_bottom = (esp | (STACK_SIZE - 1)) + 1;
     esp_top    = esp_bottom - PRIMARY_STACK_SIZE;
 
@@ -462,9 +469,12 @@ void show_stack_overflow(unsigned int cpu, const struct 
cpu_user_regs *regs)
            (void *)esp_top, (void *)esp_bottom, (void *)esp,
            (void *)per_cpu(init_tss, cpu).esp0);
 
-    /* Trigger overflow trace if %esp is within 512 bytes of the guard page. */
-    if ( ((unsigned long)(esp - esp_top) > 512) &&
-         ((unsigned long)(esp_top - esp) > 512) )
+    /*
+     * Trigger overflow trace if %esp is anywhere within the guard page, or
+     * with fewer than 512 bytes remaining on the primary stack.
+     */
+    if ( (esp > (esp_top + 512)) ||
+         (esp < (esp_top - PAGE_SIZE)) )
     {
         printk("No stack overflow detected. Skipping stack trace.\n");
         return;
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.