[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v3 1/2] x86/traps: guard top-of-stack reads


  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <JBeulich@xxxxxxxx>
  • Date: Mon, 15 Jul 2019 15:00:39 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=suse.com;dmarc=pass action=none header.from=suse.com;dkim=pass header.d=suse.com;arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yUUSs4hO/I1VqoM1938k8FBeM59LlV/DoUjLRcNzEY4=; b=RBwXTfa7mtC12E1azAGUbHH8ZMj8O6vPGaXqXIXfyMJCKQJ4lVLW6boHReALQots/oFa1IygQyFTOz/s2EWkfL81x8AJJNx/4JbcROuTbVbskQk7+GzT1fmXiPKKcmiOg9rWEKIaXOGcch7zdtwaTXI9CkORFQKVX/36DZCbM6d/Xhq6BeKbTVw21UjFSP9Ru31O7y6Oj+NCj3GcBdvU2JpPZEBN7e8FdCIov0VDh28P1gOwLmEkxNk2ZLdWUlxpRvpjPCv/ZU6EmkdrcL03cXPiOTlxuSr0zsPi8cx3X/w1tSaJOkghMJ/JiBf/sVF/opr6jKWenxoHoK59d+oZ/A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CiI52cGfI3cP8/VdyigypzkHY5sjXuxWcpVn1nh3gYquWrbfculYAbjj34Lhgz6IRNJt7OlqiSRTyB3RM/dvOVcqwrCeOJak2uTP0U+mHo051gRLTb8cUtSlYIqVpeTt/oQYM2UOFJIsnl/myv6O/ZRum8cPl8Upx3YnN/T7JhSkQ/3aOuzVE4Y6x0GE9dIjWHgt9sP5awJQK+oVFveGCoGtieLa+ks7G89TJYOJcY6wPTbfQq4sopLfLuz6hQqw2BBpInEnZQaSLvPFVkPVC7zcP4asEdla9LB38c3tei7bOZTO381jQvhDOfhKAcr/PREh9EhvInfJEhWoeD35QA==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=JBeulich@xxxxxxxx;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Delivery-date: Mon, 15 Jul 2019 15:02:22 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHVOx4Q9IEYs8wHZ02rzC92a0citA==
  • Thread-topic: [PATCH v3 1/2] x86/traps: guard top-of-stack reads

Nothing guarantees that the original frame's stack pointer points at
readable memory. Avoid a (likely nested) crash by attaching exception
recovery to the read (making it a single read at the same time). Don't
even invoke _show_trace() in case of a non-readable top slot.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
v2: Name asm() arguments. Use explicit "fault" variable.

--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -486,17 +486,31 @@ static void _show_trace(unsigned long sp
  
  static void show_trace(const struct cpu_user_regs *regs)
  {
-    unsigned long *sp = ESP_BEFORE_EXCEPTION(regs);
+    unsigned long *sp = ESP_BEFORE_EXCEPTION(regs), tos = 0;
+    bool fault = false;
  
      printk("Xen call trace:\n");
  
+    /* Guarded read of the stack top. */
+    asm ( "1: mov %[data], %[tos]; 2:\n"
+          ".pushsection .fixup,\"ax\"\n"
+          "3: movb $1, %[fault]; jmp 2b\n"
+          ".popsection\n"
+          _ASM_EXTABLE(1b, 3b)
+          : [tos] "+r" (tos), [fault] "+qm" (fault) : [data] "m" (*sp) );
+
      /*
       * If RIP looks sensible, or the top of the stack doesn't, print RIP at
       * the top of the stack trace.
       */
      if ( is_active_kernel_text(regs->rip) ||
-         !is_active_kernel_text(*sp) )
+         !is_active_kernel_text(tos) )
          printk("   [<%p>] %pS\n", _p(regs->rip), _p(regs->rip));
+    else if ( fault )
+    {
+        printk("   [Fault on access]\n");
+        return;
+    }
      /*
       * Else RIP looks bad but the top of the stack looks good.  Perhaps we
       * followed a wild function pointer? Lets assume the top of the stack is a
@@ -505,7 +519,7 @@ static void show_trace(const struct cpu_
       */
      else
      {
-        printk("   [<%p>] %pS\n", _p(*sp), _p(*sp));
+        printk("   [<%p>] %pS\n", _p(tos), _p(tos));
          sp++;
      }
  

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.