Re: [Fastboot] Re: [PATCH & RFC] kdump and stack overflows

• Previous message: Grzegorz Nosek: "Re: [PATCH] race condition in procfs"
• In reply to: Eric W. Biederman: "Re: [PATCH & RFC] kdump and stack overflows"
• Next in thread: Eric W. Biederman: "Re: [Fastboot] Re: [PATCH & RFC] kdump and stack overflows"
• Reply: Eric W. Biederman: "Re: [Fastboot] Re: [PATCH & RFC] kdump and stack overflows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date:	Tue, 29 Nov 2005 18:57:30 +0530
To: "Eric W. Biederman" <ebiederm@xmission.com>

On Mon, Nov 28, 2005 at 11:29:29AM -0700, Eric W. Biederman wrote:
> Fernando Luis Vazquez Cao <fernando@intellilink.co.jp> writes:
>
> > On Mon, 2005-11-28 at 06:39 -0700, Eric W. Biederman wrote:
> >> Fernando Luis Vazquez Cao <fernando@intellilink.co.jp> writes:
>
> > Regarding the stack overflow audit of the nmi path, we have the problem
> > that both nmi_enter and nmi_exit in do_nmi (see code below) make heavy
> > use of "current" indirectly (specially through the kernel preemption
> > code).
>
> Ok. I wonder if it would be saner to simply replace the nmi trap
> handler on the crash dump path?
>

Sounds interesting.

> >> I believe we have a separate interrupt stack that
> >> should help but..
> > Yes, when using 4K stacks we have a separate interrupt stack that should
> > help, but I am afraid that crash dumping is about being paranoid.
>
> Oh I agree. If we had a private 4K stack for the nmi handler we
> would not need to worry about overflow in that case.

Having private 4K stack makes sense as crash_nmi_callback() itself
requires quite some space on stack. If one has enabled CONFIG_4KSTACKS,
then we use separate interrupt stack and we are probably safe from stack
overflows but otherwise we need it.

> (baring
> nmi happening during nmis) Hmm. Is there anything to keep
> us doing something bad in that case?
>
> I guess as long as we don't clear the high bit of port 0x70 we
> should be reasonably safe from the nmi firing multiple times.

Are you referring to port 0x23 for IMCR register.

Thanks
Vivek
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Previous message: Grzegorz Nosek: "Re: [PATCH] race condition in procfs"
• In reply to: Eric W. Biederman: "Re: [PATCH & RFC] kdump and stack overflows"
• Next in thread: Eric W. Biederman: "Re: [Fastboot] Re: [PATCH & RFC] kdump and stack overflows"
• Reply: Eric W. Biederman: "Re: [Fastboot] Re: [PATCH & RFC] kdump and stack overflows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: ESP corruption bug - what CPUs are affected? ... >> I am allocating it on a ring0 stack. ... And do not forget that NMI can occur at any ... NMI handler, and 0x400 was just a random value. ... (Linux-Kernel) [PATCH 0/5] stack overflow safe kdump (2.6.15-i386) ... nmi trap handler is substituted with a stack overflow safe replacement. ... This is important because after replacing the nmi handler the NMI ... that we do not have to worry about stack overflows. ... (Linux-Kernel) Re: ESP corruption bug - what CPUs are affected? ... The new patch is attached. ... >> I am allocating it on a ring0 stack. ... What if NMI handler uses more than 1KB? ... if only we disable the interrupts. ... (Linux-Kernel) Re: ESP corruption bug - what CPUs are affected? ... And do not forget that NMI can occur at any ... > some sensible data below the stack that I may overwrite ... Try lss followed by iret. ... LSS is exempted from rule that interrupts cannot occur after ... (Linux-Kernel) Re: Unchecked Buffer ... >where Windows allows a VIRUS can inject itself in the stack stack and the ... Additionally not all buffer overruns are quite this simple to spot. ... If UNICODE is defined then this is an overflow because sizeofwill ... (microsoft.public.security)