From: Borislav Petkov <bp@alien8.de>
To: Ingo Molnar <mingo@kernel.org>
Cc: linux-kernel@vger.kernel.org,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@amacapital.net>,
Thomas Gleixner <tglx@linutronix.de>,
"H . Peter Anvin" <hpa@zytor.com>,
Peter Zijlstra <peterz@infradead.org>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 01/21] x86/unwinder/orc: Don't bail on stack overflow
Date: Mon, 27 Nov 2017 15:47:12 +0100 [thread overview]
Message-ID: <20171127144712.cc2ihvkj3ck5xvq6@pd.tnic> (raw)
In-Reply-To: <20171127104529.12435-2-mingo@kernel.org>
On Mon, Nov 27, 2017 at 11:45:09AM +0100, Ingo Molnar wrote:
> From: Andy Lutomirski <luto@kernel.org>
>
> If we overflow the stack into a guard page and then try to unwind it
> with ORC, it should work well: by construction, there can't be any
> meaningful data in the guard page because no writes to the guard page
> will have succeeded.
>
> This patch fixes a bug that unwinding from working correctly: if the
^
prevents
> starting register state has RSP pointing into a stack guard page, the
> ORC unwinder bails out immediately. This patch fixes that: the ORC
I believe here we can kill the second "This patch" :)
> unwinder will start the unwind.
>
> I tested this by intentionally overflowing the task stack. The
> result is an accurate call trace instead of a trace consisting
> purely of '?' entries.
>
> There are a few other bugs that are triggered if the unwinder
> encounters a stack overflow after the first step, and Josh has WIP
> patches to fix those as well.
I guess we don't need that paragraph.
> Signed-off-by: Andy Lutomirski <luto@kernel.org>
> Cc: Borislav Petkov <bpetkov@suse.de>
> Cc: Brian Gerst <brgerst@gmail.com>
> Cc: Dave Hansen <dave.hansen@intel.com>
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> Cc: Linus Torvalds <torvalds@linux-foundation.org>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Link: http://lkml.kernel.org/r/927042950d7f1a7007dd0f58538966a593508f8b.1511715954.git.luto@kernel.org
> Signed-off-by: Ingo Molnar <mingo@kernel.org>
> ---
> arch/x86/kernel/unwind_orc.c | 14 ++++++++++++--
> 1 file changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c
> index a3f973b2c97a..7f6e3935666b 100644
> --- a/arch/x86/kernel/unwind_orc.c
> +++ b/arch/x86/kernel/unwind_orc.c
> @@ -553,8 +553,18 @@ void __unwind_start(struct unwind_state *state, struct task_struct *task,
> }
>
> if (get_stack_info((unsigned long *)state->sp, state->task,
> - &state->stack_info, &state->stack_mask))
> - return;
> + &state->stack_info, &state->stack_mask)) {
> + /*
> + * We weren't on a valid stack. It's possible that
> + * we overflowed a valid stack into a guard page.
> + * See if the next page up is valid so that we can
> + * generate some kind of backtrace if this happens.
> + */
Right, should we issue a marker or somesuch here to denote that we somehow
walked into the guard page?
It might be helpful when debugging issues, to see the big picture...
> + void *next_page = (void *)PAGE_ALIGN((unsigned long)regs->sp);
> + if (get_stack_info(next_page, state->task, &state->stack_info,
> + &state->stack_mask))
> + return;
> + }
>
> /*
> * The caller can provide the address of the first frame directly
> --
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
next prev parent reply other threads:[~2017-11-27 14:47 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-27 10:45 [PATCH 00/21] Preparatory patches for x86 KAISER support Ingo Molnar
2017-11-27 10:45 ` [PATCH 01/21] x86/unwinder/orc: Don't bail on stack overflow Ingo Molnar
2017-11-27 14:47 ` Borislav Petkov [this message]
2017-11-27 10:45 ` [PATCH 02/21] x86/unwinder: Handle stack overflows more gracefully Ingo Molnar
2017-11-27 17:36 ` Borislav Petkov
2017-11-28 4:55 ` Josh Poimboeuf
2017-11-27 10:45 ` [PATCH 03/21] x86/irq: Remove an old outdated comment about context tracking races Ingo Molnar
2017-11-27 10:45 ` [PATCH 04/21] x86/irq/64: Print the offending IP in the stack overflow warning Ingo Molnar
2017-11-27 10:45 ` [PATCH 05/21] x86/entry/64: Allocate and enable the SYSENTER stack Ingo Molnar
2017-11-27 10:45 ` [PATCH 06/21] x86/dumpstack: Add get_stack_info() support for " Ingo Molnar
2017-11-27 10:45 ` [PATCH 07/21] x86/entry/gdt: Put per-CPU GDT remaps in ascending order Ingo Molnar
2017-11-27 10:45 ` [PATCH 08/21] x86/mm/fixmap: Generalize the GDT fixmap mechanism, introduce 'struct cpu_entry_area' Ingo Molnar
2017-11-27 10:45 ` [PATCH 09/21] x86/kasan/64: Teach KASAN about the cpu_entry_area Ingo Molnar
2017-11-27 10:45 ` [PATCH 10/21] x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss Ingo Molnar
2017-11-27 10:45 ` [PATCH 11/21] x86/dumpstack: Handle stack overflow on all stacks Ingo Molnar
2017-11-27 19:26 ` Linus Torvalds
2017-11-28 4:29 ` Josh Poimboeuf
2017-11-28 5:29 ` Andy Lutomirski
2017-11-28 18:15 ` Josh Poimboeuf
2017-11-27 10:45 ` [PATCH 12/21] x86/entry: Move SYSENTER_stack to the beginning of struct tss_struct Ingo Molnar
2017-11-27 10:45 ` [PATCH 13/21] x86/entry: Remap the TSS into the CPU entry area Ingo Molnar
2017-11-27 10:45 ` [PATCH 14/21] x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0 Ingo Molnar
2017-11-27 10:45 ` [PATCH 15/21] x86/espfix/64: Stop assuming that pt_regs is on the entry stack Ingo Molnar
2017-11-27 10:45 ` [PATCH 16/21] x86/entry/64: Use a per-CPU trampoline stack for IDT entries Ingo Molnar
2017-12-01 17:06 ` Dave Hansen
2017-12-01 17:44 ` Andy Lutomirski
2017-12-01 21:21 ` Dave Hansen
2017-12-01 21:59 ` Andy Lutomirski
2017-12-02 6:41 ` Kevin Easton
2017-11-27 10:45 ` [PATCH 17/21] x86/entry/64: Return to userspace from the trampoline stack Ingo Molnar
2017-11-27 10:45 ` [PATCH 18/21] x86/entry/64: Create a per-CPU SYSCALL entry trampoline Ingo Molnar
2017-11-27 10:45 ` [PATCH 19/21] x86/entry/64: Move the IST stacks into 'struct cpu_entry_area' Ingo Molnar
2017-11-27 10:45 ` [PATCH 20/21] x86/entry/64: Remove the SYSENTER stack canary Ingo Molnar
2017-11-27 10:45 ` [PATCH 21/21] x86/entry: Clean up the SYSENTER_stack code Ingo Molnar
2017-12-01 17:59 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171127144712.cc2ihvkj3ck5xvq6@pd.tnic \
--to=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).