[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH RFC] x86/traps: Improve hypervisor stack overflow detection

A sample Gentoo compliation of Xen contains

    lea    -0x1058(%rsp),%rsp
    orq    $0x0,(%rsp)
    lea    0x1020(%rsp),%rsp

Whatever the reason for silly code like this, it fools the current stack
overflow detection logic in the #DF handler (which triggers reliably on the
'orq' instruction).

Update the overflow condition to declare an overflow if %esp is anywhere
within the guard page, rather than just within the upper 8th of the page.

Additionally, check %esp against the expected stack base in all builds.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Atom2 <ariel.atom2@xxxxxxxxxx>

Currently untested, therefore RFC

Atom2: If you have a free moment, would you mind giving this patch a spin on a
debug hypervisor?  I would expect it to top erroniously informing you that no
overflow was detected
 xen/arch/x86/traps.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index e21fb78..d429149 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -383,10 +383,17 @@ void show_stack(const struct cpu_user_regs *regs)
 void show_stack_overflow(unsigned int cpu, const struct cpu_user_regs *regs)
     unsigned long esp = regs->rsp;
+    unsigned long curr_stack_base = esp & ~(STACK_SIZE - 1);
     unsigned long esp_top, esp_bottom;
+    if ( _p(curr_stack_base) != stack_base[cpu] )
+        printk("Current stack base %p differs from expected %p\n",
+               _p(curr_stack_base), stack_base[cpu]);
     esp_bottom = (esp | (STACK_SIZE - 1)) + 1;
     esp_top    = esp_bottom - PRIMARY_STACK_SIZE;
@@ -394,9 +401,8 @@ void show_stack_overflow(unsigned int cpu, const struct 
cpu_user_regs *regs)
            (void *)esp_top, (void *)esp_bottom, (void *)esp,
            (void *)per_cpu(init_tss, cpu).esp0);
-    /* Trigger overflow trace if %esp is within 512 bytes of the guard page. */
-    if ( ((unsigned long)(esp - esp_top) > 512) &&
-         ((unsigned long)(esp_top - esp) > 512) )
+    /* Trigger overflow trace if %esp is anywhere within the guard page. */
+    if ( (esp & PAGE_MASK) != (esp_top - PAGE_SIZE) )
         printk("No stack overflow detected. Skipping stack trace.\n");

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.