diff options
| author | Keir Fraser <keir@xen.org> | 2011-11-24 15:48:10 +0000 |
|---|---|---|
| committer | Keir Fraser <keir@xen.org> | 2011-11-24 15:48:10 +0000 |
| commit | 7d798b7c997fe7631431275371d134ae3e926be7 (patch) | |
| tree | e86c03ecd7f2d8dd0dcd58a50ff9bb8eea370235 /xen/common/wait.c | |
| parent | b4c64fb4437dfcea6e5d8421d9e55ae1ddb29da2 (diff) | |
| download | xen-7d798b7c997fe7631431275371d134ae3e926be7.tar.gz xen-7d798b7c997fe7631431275371d134ae3e926be7.tar.bz2 xen-7d798b7c997fe7631431275371d134ae3e926be7.zip | |
waitqueue: Detect saved-stack overflow and crash the guest.
Signed-off-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/common/wait.c')
| -rw-r--r-- | xen/common/wait.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/xen/common/wait.c b/xen/common/wait.c index b5b27a7ae0..cf515b1aee 100644 --- a/xen/common/wait.c +++ b/xen/common/wait.c @@ -106,13 +106,16 @@ void wake_up(struct waitqueue_head *wq) static void __prepare_to_wait(struct waitqueue_vcpu *wqv) { char *cpu_info = (char *)get_cpu_info(); + asm volatile ( #ifdef CONFIG_X86_64 "push %%rax; push %%rbx; push %%rcx; push %%rdx; push %%rdi; " "push %%rbp; push %%r8; push %%r9; push %%r10; push %%r11; " "push %%r12; push %%r13; push %%r14; push %%r15; call 1f; " "1: mov 80(%%rsp),%%rdi; mov 96(%%rsp),%%rcx; mov %%rsp,%%rsi; " - "sub %%rsi,%%rcx; rep movsb; mov %%rsp,%%rsi; pop %%rax; " + "sub %%rsi,%%rcx; cmp %3,%%rcx; jbe 2f; " + "xor %%esi,%%esi; jmp 3f; " + "2: rep movsb; mov %%rsp,%%rsi; 3: pop %%rax; " "pop %%r15; pop %%r14; pop %%r13; pop %%r12; " "pop %%r11; pop %%r10; pop %%r9; pop %%r8; " "pop %%rbp; pop %%rdi; pop %%rdx; pop %%rcx; pop %%rbx; pop %%rax" @@ -120,13 +123,20 @@ static void __prepare_to_wait(struct waitqueue_vcpu *wqv) "push %%eax; push %%ebx; push %%ecx; push %%edx; push %%edi; " "push %%ebp; call 1f; " "1: mov 8(%%esp),%%edi; mov 16(%%esp),%%ecx; mov %%esp,%%esi; " - "sub %%esi,%%ecx; rep movsb; mov %%esp,%%esi; pop %%eax; " + "sub %%esi,%%ecx; cmp %3,%%ecx; jbe 2f; " + "xor %%esi,%%esi; jmp 3f; " + "2: rep movsb; mov %%esp,%%esi; 3: pop %%eax; " "pop %%ebp; pop %%edi; pop %%edx; pop %%ecx; pop %%ebx; pop %%eax" #endif : "=S" (wqv->esp) - : "c" (cpu_info), "D" (wqv->stack) + : "c" (cpu_info), "D" (wqv->stack), "i" (PAGE_SIZE) : "memory" ); - BUG_ON((cpu_info - (char *)wqv->esp) > PAGE_SIZE); + + if ( unlikely(wqv->esp == 0) ) + { + gdprintk(XENLOG_ERR, "Stack too large in %s\n", __FUNCTION__); + domain_crash_synchronous(); + } } static void __finish_wait(struct waitqueue_vcpu *wqv) @@ -162,6 +172,7 @@ void prepare_to_wait(struct waitqueue_head *wq) struct vcpu *curr = current; struct waitqueue_vcpu *wqv = curr->waitqueue_vcpu; + ASSERT(!in_atomic()); ASSERT(list_empty(&wqv->list)); spin_lock(&wq->lock); |