From: Stefan Hajnoczi <stefanha@gmail.com>
To: Daniele Buono <dbuono@linux.vnet.ibm.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Tobin Feldman-Fitzthum <tobin@ibm.com>,
qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>
Subject: Re: [PATCH 1/4] coroutine: support SafeStack in ucontext backend
Date: Wed, 27 May 2020 11:34:46 +0100 [thread overview]
Message-ID: <20200527103446.GB29137@stefanha-x1.localdomain> (raw)
In-Reply-To: <c4411a43-ea2b-7d8a-60db-6f98239089d7@linux.vnet.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 2481 bytes --]
On Fri, May 22, 2020 at 11:18:20AM -0400, Daniele Buono wrote:
> On 5/21/2020 5:44 AM, Stefan Hajnoczi wrote:
> > On Wed, Apr 29, 2020 at 03:44:17PM -0400, Daniele Buono wrote:
> > > @@ -160,6 +169,19 @@ Coroutine *qemu_coroutine_new(void)
> > > /* swapcontext() in, siglongjmp() back out */
> > > if (!sigsetjmp(old_env, 0)) {
> > > start_switch_fiber(&fake_stack_save, co->stack, co->stack_size);
> > > +#ifdef CONFIG_SAFESTACK
> > > + /*
> > > + * Before we swap the context, set the new unsafe stack
> > > + * The unsafe stack grows just like the normal stack, so start from
> > > + * the last usable location of the memory area.
> > > + * NOTE: we don't have to re-set it afterwards because sigsetjmp was
> > > + * called with the original usp. Since we are not coming back with a
> > > + * swapcontext, but with a siglongjmp, when we are back here we
> > > + * already have usp restored to the valid one for this function
> >
> > I don't understand this comment. __safestack_unsafe_stack_ptr is a
> > thread-local variable, not a CPU register. How will siglongjmp()
> > automatically restore it?
> >
> Correct, setjmp/longjmp have no visibility of the unsafe stack. What I
> meant is that it is not automatically restored by the longjmp itself,
> but by code the compiler adds around the sigsetjmp.
>
> Specifically, every sigsetjmp/sigjmp is intercepted by the compiler, the
> current value of __safestack_unsafe_stack_ptr is saved on the normal
> (safe) stack.
> Right after the sigsetjmp call it is then restored.
>
> I will change the comment to make it clearer.
>
> In practice, this is what happens:
>
> Original clang implementation in qemu_coroutine_new:
> ----
> 40130c: callq 4008d0 <__sigsetjmp@plt>
> 401311: cmp $0x0,%eax
> 401314: jne 40132d <qemu_coroutine_new+0x12d>
> ----
> Clang Implementation with safestack:
> ----
> 4027a7: mov %rdx,-0x38(%rbp) <- Save unsafe ptr onto the safe stack
> [...]
> 40289c: callq 401410 <__sigsetjmp@plt>
> 4028a1: mov 0x201738(%rip),%rdi # 603fe0
> <__safestack_unsafe_stack_ptr@@Base+0x603fe0>
> 4028a8: mov -0x38(%rbp),%rbx
> 4028ac: mov %rbx,%fs:(%rdi) <- Restore the unsafe ptr
> 4028b0: cmp $0x0,%eax
> 4028b3: jne 4028d9 <qemu_coroutine_new+0x179>
Oh, that's interesting. Thanks for explaining and updating the comment.
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2020-05-27 10:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-29 19:44 [PATCH 0/4] Add support for SafeStack Daniele Buono
2020-04-29 19:44 ` [PATCH 1/4] coroutine: support SafeStack in ucontext backend Daniele Buono
2020-05-21 9:44 ` Stefan Hajnoczi
2020-05-22 15:18 ` Daniele Buono
2020-05-27 10:34 ` Stefan Hajnoczi [this message]
2020-04-29 19:44 ` [PATCH 2/4] coroutine: Add check for SafeStack in sigalstack Daniele Buono
2020-05-04 14:56 ` Philippe Mathieu-Daudé
2020-05-21 9:49 ` Stefan Hajnoczi
2020-05-27 17:56 ` Daniele Buono
2020-04-29 19:44 ` [PATCH 3/4] configure: add flag to enable SafeStack Daniele Buono
2020-05-21 9:52 ` Stefan Hajnoczi
2020-05-22 15:24 ` Daniele Buono
2020-05-27 11:12 ` Stefan Hajnoczi
2020-05-27 13:48 ` Daniele Buono
2020-04-29 19:44 ` [PATCH 4/4] check-block: Enable iotests with SafeStack Daniele Buono
2020-05-21 9:59 ` Stefan Hajnoczi
2020-05-22 15:35 ` Daniele Buono
2020-05-27 11:13 ` Stefan Hajnoczi
2020-05-04 14:55 ` [PATCH 0/4] Add support for SafeStack Philippe Mathieu-Daudé
2020-05-05 13:15 ` Philippe Mathieu-Daudé
2020-05-05 13:31 ` Daniel P. Berrangé
2020-05-05 13:56 ` Philippe Mathieu-Daudé
2020-05-13 14:48 ` Daniele Buono
2020-05-21 10:00 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200527103446.GB29137@stefanha-x1.localdomain \
--to=stefanha@gmail.com \
--cc=dbuono@linux.vnet.ibm.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=tobin@ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).