All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH -v2 0/4] x86: check stack overflows more reliably
@ 2011-11-29  6:08 Mitsuo Hayasaka
  2011-11-29  6:08 ` [PATCH -v2 1/4] [BUGFIX] x86: add user_mode_vm check in stack_overflow_check Mitsuo Hayasaka
                   ` (3 more replies)
  0 siblings, 4 replies; 10+ messages in thread
From: Mitsuo Hayasaka @ 2011-11-29  6:08 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, H. Peter Anvin, Randy Dunlap
  Cc: x86, linux-kernel, linux-doc, yrl.pp-manager.tt

Hi,

This patch series adds the following three features about stack
overflow checking. The (3) feature works if the sysctl parameter
is enabled.

(1) add user mode vm check
    The kernel stack overflow is checked in stack_overflow_check(),
    which may wrongly detect the overflow if the user stack pointer
    points to the kernel stack intentionally or accidentally.
    To avoid this misdetection, bail out early if the user stack is
    used.

(2) check stack overflow in detail
    Currently, only kernel stack is checked for the overflow,
    which is not sufficient for systems that need a high reliability.
    To enhance it, expand stack overflow checking to IRQ and
    exception stacks.

(3) panic on stack overflow
    Currently, kernel messages are output on the detection of
    stack overflow. Similarly, its's not sufficient for systems
    that need a high reliability since it may corrupt data and the
    additional corruption may occur due to reading them. To enhance
    reliability, cause a panic for the overflows according to the
    sysctl parameter. In addition, it is also useful for analyzing
    the reason why it occurred using kdump which is a crash dumping
    mechanism. This option is disabled by default in sysctl.


Changes in v2:
 - Remove DEBUG_STACKOVERFLOW_DETAIL option in Kconfig.
 - Change the default overflow checking to the detail-check instead
   of original one that only checks the kernel stack overflow.
 - Remove the changes related to binary sysctl.

Thanks,

---

Mitsuo Hayasaka (4):
      x86: cleanup the range of stack overflow checking
      x86: panic on detection of stack overflow
      x86: check stack overflow in detail
      [BUGFIX] x86: add user_mode_vm check in stack_overflow_check


 Documentation/sysctl/kernel.txt |   14 ++++++++++++++
 arch/x86/Kconfig.debug          |    7 +++++--
 arch/x86/kernel/irq_32.c        |    2 ++
 arch/x86/kernel/irq_64.c        |   36 ++++++++++++++++++++++++++++++------
 include/linux/kernel.h          |    1 +
 kernel/sysctl.c                 |    9 +++++++++
 6 files changed, 61 insertions(+), 8 deletions(-)

-- 
Mitsuo Hayasaka (mitsuo.hayasaka.hu@hitachi.com)

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH -v2 1/4] [BUGFIX] x86: add user_mode_vm check in stack_overflow_check
  2011-11-29  6:08 [PATCH -v2 0/4] x86: check stack overflows more reliably Mitsuo Hayasaka
@ 2011-11-29  6:08 ` Mitsuo Hayasaka
  2011-12-05 13:17   ` [tip:x86/debug] x86: Add " tip-bot for Mitsuo Hayasaka
  2011-11-29  6:08 ` [PATCH -v2 2/4] x86: check stack overflow in detail Mitsuo Hayasaka
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 10+ messages in thread
From: Mitsuo Hayasaka @ 2011-11-29  6:08 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, H. Peter Anvin, Randy Dunlap
  Cc: x86, linux-kernel, linux-doc, yrl.pp-manager.tt, Mitsuo Hayasaka,
	Thomas Gleixner, Ingo Molnar, H. Peter Anvin

The kernel stack overflow is checked in stack_overflow_check(),
which may wrongly detect the overflow if the stack pointer in
user space points to the kernel stack intentionally or
accidentally. So, the actual overflow is never detected after
this misdetection because WARN_ONCE() is used on the detection
of it.

This patch adds user-mode-vm checking before it to avoid this
problem and bails out early if the user stack is used.

Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
---

 arch/x86/kernel/irq_64.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index acf8fbf..69bca46 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -38,6 +38,9 @@ static inline void stack_overflow_check(struct pt_regs *regs)
 #ifdef CONFIG_DEBUG_STACKOVERFLOW
 	u64 curbase = (u64)task_stack_page(current);
 
+	if (user_mode_vm(regs))
+		return;
+
 	WARN_ONCE(regs->sp >= curbase &&
 		  regs->sp <= curbase + THREAD_SIZE &&
 		  regs->sp <  curbase + sizeof(struct thread_info) +


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH -v2 2/4] x86: check stack overflow in detail
  2011-11-29  6:08 [PATCH -v2 0/4] x86: check stack overflows more reliably Mitsuo Hayasaka
  2011-11-29  6:08 ` [PATCH -v2 1/4] [BUGFIX] x86: add user_mode_vm check in stack_overflow_check Mitsuo Hayasaka
@ 2011-11-29  6:08 ` Mitsuo Hayasaka
  2011-12-05 13:18   ` [tip:x86/debug] x86: Check " tip-bot for Mitsuo Hayasaka
  2011-11-29  6:08 ` [PATCH -v2 3/4] x86: panic on detection of stack overflow Mitsuo Hayasaka
  2011-11-29  6:08 ` [PATCH -v2 4/4] x86: cleanup the range of stack overflow checking Mitsuo Hayasaka
  3 siblings, 1 reply; 10+ messages in thread
From: Mitsuo Hayasaka @ 2011-11-29  6:08 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, H. Peter Anvin, Randy Dunlap
  Cc: x86, linux-kernel, linux-doc, yrl.pp-manager.tt, Mitsuo Hayasaka,
	Thomas Gleixner, Ingo Molnar, H. Peter Anvin

Currently, only kernel stack is checked for the overflow, which is
not sufficient for systems that need a high reliability. To enhance
it, it is required to check the IRQ and exception stacks, as well.

This patch checks all the stack types and will cause messages of
stacks in detail when free stack space drops below a certain
limit except user stack.

Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
---

 arch/x86/Kconfig.debug   |    7 +++++--
 arch/x86/kernel/irq_64.c |   29 +++++++++++++++++++++++------
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index bf56e17..4caec12 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -63,8 +63,11 @@ config DEBUG_STACKOVERFLOW
 	bool "Check for stack overflows"
 	depends on DEBUG_KERNEL
 	---help---
-	  This option will cause messages to be printed if free stack space
-	  drops below a certain limit.
+	  Say Y here if you want to check the overflows of kernel, IRQ
+	  and exception stacks. This option will cause messages of the
+	  stacks in detail when free stack space drops below a certain
+	  limit.
+	  If in doubt, say "N".
 
 config X86_PTDUMP
 	bool "Export kernel pagetable layout to userspace via debugfs"
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 69bca46..11ae893 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -36,18 +36,35 @@ EXPORT_PER_CPU_SYMBOL(irq_regs);
 static inline void stack_overflow_check(struct pt_regs *regs)
 {
 #ifdef CONFIG_DEBUG_STACKOVERFLOW
+	struct orig_ist *oist;
+	u64 irq_stack_top, irq_stack_bottom;
+	u64 estack_top, estack_bottom;
 	u64 curbase = (u64)task_stack_page(current);
 
 	if (user_mode_vm(regs))
 		return;
 
-	WARN_ONCE(regs->sp >= curbase &&
-		  regs->sp <= curbase + THREAD_SIZE &&
-		  regs->sp <  curbase + sizeof(struct thread_info) +
-					sizeof(struct pt_regs) + 128,
+	if (regs->sp >= curbase &&
+	    regs->sp <= curbase + THREAD_SIZE &&
+	    regs->sp >= curbase + sizeof(struct thread_info) +
+				  sizeof(struct pt_regs) + 128)
+		return;
+
+	irq_stack_top = (u64)__get_cpu_var(irq_stack_union.irq_stack);
+	irq_stack_bottom = (u64)__get_cpu_var(irq_stack_ptr);
+	if (regs->sp >= irq_stack_top && regs->sp <= irq_stack_bottom)
+		return;
+
+	oist = &__get_cpu_var(orig_ist);
+	estack_top = (u64)oist->ist[0] - EXCEPTION_STKSZ;
+	estack_bottom = (u64)oist->ist[N_EXCEPTION_STACKS - 1];
+	if (regs->sp >= estack_top && regs->sp <= estack_bottom)
+		return;
 
-		  "do_IRQ: %s near stack overflow (cur:%Lx,sp:%lx)\n",
-			current->comm, curbase, regs->sp);
+	WARN_ONCE(1, "do_IRQ: %s near or already stack overflow (cur:%Lx,sp:%lx,irq stk top-bottom:%Lx-%Lx,exception stk top-bottom:%Lx-%Lx)\n",
+		current->comm, curbase, regs->sp,
+		irq_stack_top, irq_stack_bottom,
+		estack_top, estack_bottom);
 #endif
 }
 


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH -v2 3/4] x86: panic on detection of stack overflow
  2011-11-29  6:08 [PATCH -v2 0/4] x86: check stack overflows more reliably Mitsuo Hayasaka
  2011-11-29  6:08 ` [PATCH -v2 1/4] [BUGFIX] x86: add user_mode_vm check in stack_overflow_check Mitsuo Hayasaka
  2011-11-29  6:08 ` [PATCH -v2 2/4] x86: check stack overflow in detail Mitsuo Hayasaka
@ 2011-11-29  6:08 ` Mitsuo Hayasaka
  2011-12-05 13:19   ` [tip:x86/debug] x86: Panic " tip-bot for Mitsuo Hayasaka
  2011-12-05 13:26   ` [tip:x86/debug] x86: Fix the 32-bit stackoverflow-debug build tip-bot for Ingo Molnar
  2011-11-29  6:08 ` [PATCH -v2 4/4] x86: cleanup the range of stack overflow checking Mitsuo Hayasaka
  3 siblings, 2 replies; 10+ messages in thread
From: Mitsuo Hayasaka @ 2011-11-29  6:08 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, H. Peter Anvin, Randy Dunlap
  Cc: x86, linux-kernel, linux-doc, yrl.pp-manager.tt, Mitsuo Hayasaka,
	Randy Dunlap, Thomas Gleixner, Ingo Molnar, H. Peter Anvin

Currently, messages are just output on the detection of stack
overflow, which is not sufficient for systems that need a
high reliability. This is because in general the overflow may
corrupt data, and the additional corruption may occur due to
reading them unless systems stop.

This patch adds the sysctl parameter kernel.panic_on_stackoverflow
and causes a panic when detecting the overflows of kernel, IRQ
and exception stacks except user stack according to the parameter.
It is disabled by default.

Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: Randy Dunlap <rdunlap@xenotime.net>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
---

 Documentation/sysctl/kernel.txt |   14 ++++++++++++++
 arch/x86/kernel/irq_32.c        |    2 ++
 arch/x86/kernel/irq_64.c        |    5 +++++
 include/linux/kernel.h          |    1 +
 kernel/sysctl.c                 |    9 +++++++++
 5 files changed, 31 insertions(+), 0 deletions(-)

diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 1f24636..6d8cd8b 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -49,6 +49,7 @@ show up in /proc/sys/kernel:
 - panic
 - panic_on_oops
 - panic_on_unrecovered_nmi
+- panic_on_stackoverflow
 - pid_max
 - powersave-nap               [ PPC only ]
 - printk
@@ -393,6 +394,19 @@ Controls the kernel's behaviour when an oops or BUG is encountered.
 
 ==============================================================
 
+panic_on_stackoverflow:
+
+Controls the kernel's behavior when detecting the overflows of
+kernel, IRQ and exception stacks except a user stack.
+This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled.
+
+0: try to continue operation.
+
+1: panic immediately.
+
+==============================================================
+
+
 pid_max:
 
 PID allocation wrap value.  When the kernel's next PID value
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
index 7209070..e16e99eb 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -43,6 +43,8 @@ static void print_stack_overflow(void)
 {
 	printk(KERN_WARNING "low stack detected by irq handler\n");
 	dump_stack();
+	if (sysctl_panic_on_stackoverflow)
+		panic("low stack detected by irq handler - check messages\n");
 }
 
 #else
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 11ae893..5448bf6 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -26,6 +26,8 @@ EXPORT_PER_CPU_SYMBOL(irq_stat);
 DEFINE_PER_CPU(struct pt_regs *, irq_regs);
 EXPORT_PER_CPU_SYMBOL(irq_regs);
 
+int sysctl_panic_on_stackoverflow;
+
 /*
  * Probabilistic stack overflow check:
  *
@@ -65,6 +67,9 @@ static inline void stack_overflow_check(struct pt_regs *regs)
 		current->comm, curbase, regs->sp,
 		irq_stack_top, irq_stack_bottom,
 		estack_top, estack_bottom);
+
+	if (sysctl_panic_on_stackoverflow)
+		panic("low stack detected by irq handler - check messages\n");
 #endif
 }
 
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index e8b1597..ff83683 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -341,6 +341,7 @@ extern int panic_timeout;
 extern int panic_on_oops;
 extern int panic_on_unrecovered_nmi;
 extern int panic_on_io_nmi;
+extern int sysctl_panic_on_stackoverflow;
 extern const char *print_tainted(void);
 extern void add_taint(unsigned flag);
 extern int test_taint(unsigned flag);
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index ae27196..99a3815 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -803,6 +803,15 @@ static struct ctl_table kern_table[] = {
 		.mode		= 0644,
 		.proc_handler	= proc_dointvec,
 	},
+#if defined(CONFIG_DEBUG_STACKOVERFLOW)
+	{
+		.procname	= "panic_on_stackoverflow",
+		.data		= &sysctl_panic_on_stackoverflow,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec,
+	},
+#endif
 	{
 		.procname	= "bootloader_type",
 		.data		= &bootloader_type,


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH -v2 4/4] x86: cleanup the range of stack overflow checking
  2011-11-29  6:08 [PATCH -v2 0/4] x86: check stack overflows more reliably Mitsuo Hayasaka
                   ` (2 preceding siblings ...)
  2011-11-29  6:08 ` [PATCH -v2 3/4] x86: panic on detection of stack overflow Mitsuo Hayasaka
@ 2011-11-29  6:08 ` Mitsuo Hayasaka
  2011-12-05 13:19   ` [tip:x86/debug] x86: Clean up " tip-bot for Mitsuo Hayasaka
  3 siblings, 1 reply; 10+ messages in thread
From: Mitsuo Hayasaka @ 2011-11-29  6:08 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, H. Peter Anvin, Randy Dunlap
  Cc: x86, linux-kernel, linux-doc, yrl.pp-manager.tt, Mitsuo Hayasaka,
	Thomas Gleixner, Ingo Molnar, H. Peter Anvin

The overflow checking of kernel stack checks if the stack pointer
points to the available kernel stack range, which is derived from
the original overflow checking.

It is clear that curbase address is always less than low boundary of
available kernel stack. So, this patch removes the first condition
that checks if the pointer is higher than curbase.

Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
---

 arch/x86/kernel/irq_64.c |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 5448bf6..c8c9a78 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -46,10 +46,9 @@ static inline void stack_overflow_check(struct pt_regs *regs)
 	if (user_mode_vm(regs))
 		return;
 
-	if (regs->sp >= curbase &&
-	    regs->sp <= curbase + THREAD_SIZE &&
-	    regs->sp >= curbase + sizeof(struct thread_info) +
-				  sizeof(struct pt_regs) + 128)
+	if (regs->sp >= curbase + sizeof(struct thread_info) +
+				  sizeof(struct pt_regs) + 128 &&
+	    regs->sp <= curbase + THREAD_SIZE)
 		return;
 
 	irq_stack_top = (u64)__get_cpu_var(irq_stack_union.irq_stack);


^ permalink raw reply	[flat|nested] 10+ messages in thread

* [tip:x86/debug] x86: Add user_mode_vm check in stack_overflow_check
  2011-11-29  6:08 ` [PATCH -v2 1/4] [BUGFIX] x86: add user_mode_vm check in stack_overflow_check Mitsuo Hayasaka
@ 2011-12-05 13:17   ` tip-bot for Mitsuo Hayasaka
  0 siblings, 0 replies; 10+ messages in thread
From: tip-bot for Mitsuo Hayasaka @ 2011-12-05 13:17 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: linux-kernel, hpa, mingo, rdunlap, tglx, mingo, mitsuo.hayasaka.hu

Commit-ID:  69682b625a043b567873e6cda397969b502f0054
Gitweb:     http://git.kernel.org/tip/69682b625a043b567873e6cda397969b502f0054
Author:     Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
AuthorDate: Tue, 29 Nov 2011 15:08:21 +0900
Committer:  Ingo Molnar <mingo@elte.hu>
CommitDate: Mon, 5 Dec 2011 11:28:25 +0100

x86: Add user_mode_vm check in stack_overflow_check

The kernel stack overflow is checked in stack_overflow_check(),
which may wrongly detect the overflow if the stack pointer in
user space points to the kernel stack intentionally or
accidentally. So, the actual overflow is never detected after
this misdetection because WARN_ONCE() is used on the detection
of it.

This patch adds user-mode-vm checking before it to avoid this
problem and bails out early if the user stack is used.

Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: yrl.pp-manager.tt@hitachi.com
Cc: Randy Dunlap <rdunlap@xenotime.net>
Link: http://lkml.kernel.org/r/20111129060821.11076.55315.stgit@ltc219.sdl.hitachi.co.jp
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>
---
 arch/x86/kernel/irq_64.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index acf8fbf..69bca46 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -38,6 +38,9 @@ static inline void stack_overflow_check(struct pt_regs *regs)
 #ifdef CONFIG_DEBUG_STACKOVERFLOW
 	u64 curbase = (u64)task_stack_page(current);
 
+	if (user_mode_vm(regs))
+		return;
+
 	WARN_ONCE(regs->sp >= curbase &&
 		  regs->sp <= curbase + THREAD_SIZE &&
 		  regs->sp <  curbase + sizeof(struct thread_info) +

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [tip:x86/debug] x86: Check stack overflow in detail
  2011-11-29  6:08 ` [PATCH -v2 2/4] x86: check stack overflow in detail Mitsuo Hayasaka
@ 2011-12-05 13:18   ` tip-bot for Mitsuo Hayasaka
  0 siblings, 0 replies; 10+ messages in thread
From: tip-bot for Mitsuo Hayasaka @ 2011-12-05 13:18 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: linux-kernel, hpa, mingo, rdunlap, tglx, mingo, mitsuo.hayasaka.hu

Commit-ID:  37fe6a42b3433b79a159ceb06a94cd1ef00e279d
Gitweb:     http://git.kernel.org/tip/37fe6a42b3433b79a159ceb06a94cd1ef00e279d
Author:     Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
AuthorDate: Tue, 29 Nov 2011 15:08:29 +0900
Committer:  Ingo Molnar <mingo@elte.hu>
CommitDate: Mon, 5 Dec 2011 11:37:45 +0100

x86: Check stack overflow in detail

Currently, only kernel stack is checked for the overflow, which
is not sufficient for systems that need a high reliability. To
enhance it, it is required to check the IRQ and exception
stacks, as well.

This patch checks all the stack types and will cause messages of
stacks in detail when free stack space drops below a certain
limit except user stack.

Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: yrl.pp-manager.tt@hitachi.com
Cc: Randy Dunlap <rdunlap@xenotime.net>
Link: http://lkml.kernel.org/r/20111129060829.11076.51733.stgit@ltc219.sdl.hitachi.co.jp
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>
---
 arch/x86/Kconfig.debug   |    7 +++++--
 arch/x86/kernel/irq_64.c |   29 +++++++++++++++++++++++------
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index bf56e17..4caec12 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -63,8 +63,11 @@ config DEBUG_STACKOVERFLOW
 	bool "Check for stack overflows"
 	depends on DEBUG_KERNEL
 	---help---
-	  This option will cause messages to be printed if free stack space
-	  drops below a certain limit.
+	  Say Y here if you want to check the overflows of kernel, IRQ
+	  and exception stacks. This option will cause messages of the
+	  stacks in detail when free stack space drops below a certain
+	  limit.
+	  If in doubt, say "N".
 
 config X86_PTDUMP
 	bool "Export kernel pagetable layout to userspace via debugfs"
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 69bca46..928a7e9 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -36,18 +36,35 @@ EXPORT_PER_CPU_SYMBOL(irq_regs);
 static inline void stack_overflow_check(struct pt_regs *regs)
 {
 #ifdef CONFIG_DEBUG_STACKOVERFLOW
+	struct orig_ist *oist;
+	u64 irq_stack_top, irq_stack_bottom;
+	u64 estack_top, estack_bottom;
 	u64 curbase = (u64)task_stack_page(current);
 
 	if (user_mode_vm(regs))
 		return;
 
-	WARN_ONCE(regs->sp >= curbase &&
-		  regs->sp <= curbase + THREAD_SIZE &&
-		  regs->sp <  curbase + sizeof(struct thread_info) +
-					sizeof(struct pt_regs) + 128,
+	if (regs->sp >= curbase &&
+	    regs->sp <= curbase + THREAD_SIZE &&
+	    regs->sp >= curbase + sizeof(struct thread_info) +
+				  sizeof(struct pt_regs) + 128)
+		return;
+
+	irq_stack_top = (u64)__get_cpu_var(irq_stack_union.irq_stack);
+	irq_stack_bottom = (u64)__get_cpu_var(irq_stack_ptr);
+	if (regs->sp >= irq_stack_top && regs->sp <= irq_stack_bottom)
+		return;
+
+	oist = &__get_cpu_var(orig_ist);
+	estack_top = (u64)oist->ist[0] - EXCEPTION_STKSZ;
+	estack_bottom = (u64)oist->ist[N_EXCEPTION_STACKS - 1];
+	if (regs->sp >= estack_top && regs->sp <= estack_bottom)
+		return;
 
-		  "do_IRQ: %s near stack overflow (cur:%Lx,sp:%lx)\n",
-			current->comm, curbase, regs->sp);
+	WARN_ONCE(1, "do_IRQ(): %s has overflown the kernel stack (cur:%Lx,sp:%lx,irq stk top-bottom:%Lx-%Lx,exception stk top-bottom:%Lx-%Lx)\n",
+		current->comm, curbase, regs->sp,
+		irq_stack_top, irq_stack_bottom,
+		estack_top, estack_bottom);
 #endif
 }
 

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [tip:x86/debug] x86: Panic on detection of stack overflow
  2011-11-29  6:08 ` [PATCH -v2 3/4] x86: panic on detection of stack overflow Mitsuo Hayasaka
@ 2011-12-05 13:19   ` tip-bot for Mitsuo Hayasaka
  2011-12-05 13:26   ` [tip:x86/debug] x86: Fix the 32-bit stackoverflow-debug build tip-bot for Ingo Molnar
  1 sibling, 0 replies; 10+ messages in thread
From: tip-bot for Mitsuo Hayasaka @ 2011-12-05 13:19 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: linux-kernel, hpa, mingo, rdunlap, tglx, mingo, mitsuo.hayasaka.hu

Commit-ID:  55af77969fbd7a841838220ea2287432e0da8ae5
Gitweb:     http://git.kernel.org/tip/55af77969fbd7a841838220ea2287432e0da8ae5
Author:     Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
AuthorDate: Tue, 29 Nov 2011 15:08:36 +0900
Committer:  Ingo Molnar <mingo@elte.hu>
CommitDate: Mon, 5 Dec 2011 11:37:47 +0100

x86: Panic on detection of stack overflow

Currently, messages are just output on the detection of stack
overflow, which is not sufficient for systems that need a
high reliability. This is because in general the overflow may
corrupt data, and the additional corruption may occur due to
reading them unless systems stop.

This patch adds the sysctl parameter
kernel.panic_on_stackoverflow and causes a panic when detecting
the overflows of kernel, IRQ and exception stacks except user
stack according to the parameter. It is disabled by default.

Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: yrl.pp-manager.tt@hitachi.com
Cc: Randy Dunlap <rdunlap@xenotime.net>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: http://lkml.kernel.org/r/20111129060836.11076.12323.stgit@ltc219.sdl.hitachi.co.jp
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
 Documentation/sysctl/kernel.txt |   14 ++++++++++++++
 arch/x86/kernel/irq_32.c        |    2 ++
 arch/x86/kernel/irq_64.c        |    5 +++++
 include/linux/kernel.h          |    1 +
 kernel/sysctl.c                 |    9 +++++++++
 5 files changed, 31 insertions(+), 0 deletions(-)

diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
index 1f24636..6d8cd8b 100644
--- a/Documentation/sysctl/kernel.txt
+++ b/Documentation/sysctl/kernel.txt
@@ -49,6 +49,7 @@ show up in /proc/sys/kernel:
 - panic
 - panic_on_oops
 - panic_on_unrecovered_nmi
+- panic_on_stackoverflow
 - pid_max
 - powersave-nap               [ PPC only ]
 - printk
@@ -393,6 +394,19 @@ Controls the kernel's behaviour when an oops or BUG is encountered.
 
 ==============================================================
 
+panic_on_stackoverflow:
+
+Controls the kernel's behavior when detecting the overflows of
+kernel, IRQ and exception stacks except a user stack.
+This file shows up if CONFIG_DEBUG_STACKOVERFLOW is enabled.
+
+0: try to continue operation.
+
+1: panic immediately.
+
+==============================================================
+
+
 pid_max:
 
 PID allocation wrap value.  When the kernel's next PID value
diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
index 7209070..e16e99eb 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -43,6 +43,8 @@ static void print_stack_overflow(void)
 {
 	printk(KERN_WARNING "low stack detected by irq handler\n");
 	dump_stack();
+	if (sysctl_panic_on_stackoverflow)
+		panic("low stack detected by irq handler - check messages\n");
 }
 
 #else
diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 928a7e9..42552b0 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -26,6 +26,8 @@ EXPORT_PER_CPU_SYMBOL(irq_stat);
 DEFINE_PER_CPU(struct pt_regs *, irq_regs);
 EXPORT_PER_CPU_SYMBOL(irq_regs);
 
+int sysctl_panic_on_stackoverflow;
+
 /*
  * Probabilistic stack overflow check:
  *
@@ -65,6 +67,9 @@ static inline void stack_overflow_check(struct pt_regs *regs)
 		current->comm, curbase, regs->sp,
 		irq_stack_top, irq_stack_bottom,
 		estack_top, estack_bottom);
+
+	if (sysctl_panic_on_stackoverflow)
+		panic("low stack detected by irq handler - check messages\n");
 #endif
 }
 
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index e8b1597..ff83683 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -341,6 +341,7 @@ extern int panic_timeout;
 extern int panic_on_oops;
 extern int panic_on_unrecovered_nmi;
 extern int panic_on_io_nmi;
+extern int sysctl_panic_on_stackoverflow;
 extern const char *print_tainted(void);
 extern void add_taint(unsigned flag);
 extern int test_taint(unsigned flag);
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index ae27196..f487f25 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -803,6 +803,15 @@ static struct ctl_table kern_table[] = {
 		.mode		= 0644,
 		.proc_handler	= proc_dointvec,
 	},
+#ifdef CONFIG_DEBUG_STACKOVERFLOW
+	{
+		.procname	= "panic_on_stackoverflow",
+		.data		= &sysctl_panic_on_stackoverflow,
+		.maxlen		= sizeof(int),
+		.mode		= 0644,
+		.proc_handler	= proc_dointvec,
+	},
+#endif
 	{
 		.procname	= "bootloader_type",
 		.data		= &bootloader_type,

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [tip:x86/debug] x86: Clean up the range of stack overflow checking
  2011-11-29  6:08 ` [PATCH -v2 4/4] x86: cleanup the range of stack overflow checking Mitsuo Hayasaka
@ 2011-12-05 13:19   ` tip-bot for Mitsuo Hayasaka
  0 siblings, 0 replies; 10+ messages in thread
From: tip-bot for Mitsuo Hayasaka @ 2011-12-05 13:19 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: linux-kernel, hpa, mingo, rdunlap, tglx, mingo, mitsuo.hayasaka.hu

Commit-ID:  467e6b7a7c0eb792ebaf322ddb7363742b4ead40
Gitweb:     http://git.kernel.org/tip/467e6b7a7c0eb792ebaf322ddb7363742b4ead40
Author:     Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
AuthorDate: Tue, 29 Nov 2011 15:08:45 +0900
Committer:  Ingo Molnar <mingo@elte.hu>
CommitDate: Mon, 5 Dec 2011 11:37:48 +0100

x86: Clean up the range of stack overflow checking

The overflow checking of kernel stack checks if the stack
pointer points to the available kernel stack range, which is
derived from the original overflow checking.

It is clear that curbase address is always less than low
boundary of available kernel stack. So, this patch removes the
first condition that checks if the pointer is higher than
curbase.

Signed-off-by: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: yrl.pp-manager.tt@hitachi.com
Cc: Randy Dunlap <rdunlap@xenotime.net>
Link: http://lkml.kernel.org/r/20111129060845.11076.40916.stgit@ltc219.sdl.hitachi.co.jp
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: "H. Peter Anvin" <hpa@zytor.com>
---
 arch/x86/kernel/irq_64.c |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 42552b0..54e2b2b 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -46,10 +46,9 @@ static inline void stack_overflow_check(struct pt_regs *regs)
 	if (user_mode_vm(regs))
 		return;
 
-	if (regs->sp >= curbase &&
-	    regs->sp <= curbase + THREAD_SIZE &&
-	    regs->sp >= curbase + sizeof(struct thread_info) +
-				  sizeof(struct pt_regs) + 128)
+	if (regs->sp >= curbase + sizeof(struct thread_info) +
+				  sizeof(struct pt_regs) + 128 &&
+	    regs->sp <= curbase + THREAD_SIZE)
 		return;
 
 	irq_stack_top = (u64)__get_cpu_var(irq_stack_union.irq_stack);

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [tip:x86/debug] x86: Fix the 32-bit stackoverflow-debug build
  2011-11-29  6:08 ` [PATCH -v2 3/4] x86: panic on detection of stack overflow Mitsuo Hayasaka
  2011-12-05 13:19   ` [tip:x86/debug] x86: Panic " tip-bot for Mitsuo Hayasaka
@ 2011-12-05 13:26   ` tip-bot for Ingo Molnar
  1 sibling, 0 replies; 10+ messages in thread
From: tip-bot for Ingo Molnar @ 2011-12-05 13:26 UTC (permalink / raw)
  To: linux-tip-commits
  Cc: linux-kernel, hpa, mingo, rdunlap, tglx, mitsuo.hayasaka.hu, mingo

Commit-ID:  53b5650273fea486ac8ac6c1d1e9a6cd17aa31ca
Gitweb:     http://git.kernel.org/tip/53b5650273fea486ac8ac6c1d1e9a6cd17aa31ca
Author:     Ingo Molnar <mingo@elte.hu>
AuthorDate: Mon, 5 Dec 2011 12:25:44 +0100
Committer:  Ingo Molnar <mingo@elte.hu>
CommitDate: Mon, 5 Dec 2011 12:25:44 +0100

x86: Fix the 32-bit stackoverflow-debug build

The panic_on_stackoverflow variable needs to be avilable
on the 32-bit side as well ...

Cc: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: Randy Dunlap <rdunlap@xenotime.net>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Link: http://lkml.kernel.org/r/20111129060836.11076.12323.stgit@ltc219.sdl.hitachi.co.jp
Signed-off-by: Ingo Molnar <mingo@elte.hu>
---
 arch/x86/kernel/irq_32.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c
index e16e99eb..40fc861 100644
--- a/arch/x86/kernel/irq_32.c
+++ b/arch/x86/kernel/irq_32.c
@@ -28,6 +28,9 @@ DEFINE_PER_CPU(struct pt_regs *, irq_regs);
 EXPORT_PER_CPU_SYMBOL(irq_regs);
 
 #ifdef CONFIG_DEBUG_STACKOVERFLOW
+
+int sysctl_panic_on_stackoverflow __read_mostly;
+
 /* Debugging check for stack overflow: is there less than 1KB free? */
 static int check_stack_overflow(void)
 {

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2011-12-05 13:26 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-11-29  6:08 [PATCH -v2 0/4] x86: check stack overflows more reliably Mitsuo Hayasaka
2011-11-29  6:08 ` [PATCH -v2 1/4] [BUGFIX] x86: add user_mode_vm check in stack_overflow_check Mitsuo Hayasaka
2011-12-05 13:17   ` [tip:x86/debug] x86: Add " tip-bot for Mitsuo Hayasaka
2011-11-29  6:08 ` [PATCH -v2 2/4] x86: check stack overflow in detail Mitsuo Hayasaka
2011-12-05 13:18   ` [tip:x86/debug] x86: Check " tip-bot for Mitsuo Hayasaka
2011-11-29  6:08 ` [PATCH -v2 3/4] x86: panic on detection of stack overflow Mitsuo Hayasaka
2011-12-05 13:19   ` [tip:x86/debug] x86: Panic " tip-bot for Mitsuo Hayasaka
2011-12-05 13:26   ` [tip:x86/debug] x86: Fix the 32-bit stackoverflow-debug build tip-bot for Ingo Molnar
2011-11-29  6:08 ` [PATCH -v2 4/4] x86: cleanup the range of stack overflow checking Mitsuo Hayasaka
2011-12-05 13:19   ` [tip:x86/debug] x86: Clean up " tip-bot for Mitsuo Hayasaka

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.