On Sun, Mar 31, 2019 at 11:40:21PM +0200, Thomas Gleixner wrote:
> 37fe6a42b343 ("x86: Check stack overflow in detail") added a broad check
> for the full exception stack area, i.e. it considers the full exception
> stack are as valid.
>
> That's wrong in two aspects:
>
> 1) It does not check the individual areas one by one
>
> 2) #DF, NMI and #MCE are not enabling interrupts which means that a
> regular device interrupt cannot happen in their context. In fact if a
> device interrupt hits one of those IST stacks that's a bug because some
> code path enabled interrupts while handling the exception.
>
> Limit the check to the #DB stack and consider all other IST stacks as
> 'overflow' or invalid.
>
> Signed-off-by: Thomas Gleixner <t...@linutronix.de>
> Cc: Mitsuo Hayasaka <mitsuo.hayasaka...@hitachi.com>
> ---
> arch/x86/kernel/irq_64.c | 19 ++++++++++++++-----
> 1 file changed, 14 insertions(+), 5 deletions(-)
>
> --- a/arch/x86/kernel/irq_64.c
> +++ b/arch/x86/kernel/irq_64.c
> @@ -26,9 +26,18 @@ int sysctl_panic_on_stackoverflow;
> /*
> * Probabilistic stack overflow check:
> *
> - * Only check the stack in process context, because everything else
> - * runs on the big interrupt stacks. Checking reliably is too expensive,
> - * so we just check from interrupts.
> + * Regular device interrupts can enter on the following stacks:
> + *
> + * - User stack
> + *
> + * - Kernel task stack
> + *
> + * - Interrupt stack if a device driver reenables interrupt
"interrupts"
> + * which should only happen in really old drivers.
> + *
> + * - Debug IST stack
> + *
> + * All other contexts are invalid.
<---
I could use the above blurb here too, explaining why we're checking the
#DB stack only.
Otherwise:
Reviewed-by: Borislav Petkov <b...@suse.de>
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
