[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/7] x86/traps: Poison unused stack pointers in the TSS



On 03/05/17 09:14, Jan Beulich wrote:
>>>> On 02.05.17 at 20:05, <andrew.cooper3@xxxxxxxxxx> wrote:
>> --- a/xen/arch/x86/cpu/common.c
>> +++ b/xen/arch/x86/cpu/common.c
>> @@ -645,6 +645,14 @@ void load_system_tables(void)
>>      tss->ist[IST_DF  - 1] = stack_top + IST_DF  * PAGE_SIZE;
>>      tss->ist[IST_NMI - 1] = stack_top + IST_NMI * PAGE_SIZE;
>>  
>> +    /* Poision all other stack pointers to prevent their accidental use. */
>> +    tss->rsp1   = 0x8600111111111111ul;
>> +    tss->rsp2   = 0x8600222222222222ul;
>> +    tss->ist[3] = 0x8600444444444444ul;
>> +    tss->ist[4] = 0x8600555555555555ul;
>> +    tss->ist[5] = 0x8600666666666666ul;
>> +    tss->ist[6] = 0x8600777777777777ul;
> I think the ->ist[] part of this should be a loop from IST_MAX + 1
> to 7 instead of the above, as what you have now doesn't easily
> cope with IST indexes being added/removed.

Part of the intention of having them here is that they are adjacent to
the other tss->ist[] setup, which will necessarily change if the indexes
get altered.

As for the constants in use, I'd originally intended to make each
pointer identifiable, but testing revealed that these constants end up
nowhere useful were crash to end up happening.  Therefore, I don't have
a problem with using alternative constants, and indeed the same poison
constant for each pointer.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.