WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Re: [PATCH] xen: Disable stack protector for irq helper

To: Jeremy Fitzhardinge <jeremy@xxxxxxxx>
Subject: Re: [Xen-devel] Re: [PATCH] xen: Disable stack protector for irq helper
From: Bastian Blank <bastian@xxxxxxxxxxxx>
Date: Wed, 7 Oct 2009 18:35:22 +0200
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, the arch/x86 maintainers <x86@xxxxxxxxxx>, Stable Kernel <stable@xxxxxxxxxx>
Delivery-date: Wed, 07 Oct 2009 09:35:11 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4ACB93F8.5010900@xxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Mail-followup-to: Bastian Blank <bastian@xxxxxxxxxxxx>, Jeremy Fitzhardinge <jeremy@xxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, the arch/x86 maintainers <x86@xxxxxxxxxx>, Stable Kernel <stable@xxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
References: <20091004183013.GA26101@xxxxxxxxxxxxxxxxxxxxxxx> <4AC92A65.40806@xxxxxxxx> <20091005013517.GA6081@xxxxxxxxxxxxxxxxxxxxxxx> <4ACA2AFD.4080305@xxxxxxxx> <20091005224310.GA32144@xxxxxxxxxxxxxxxxxxxxxxx> <4ACA90F2.1060909@xxxxxxxx> <20091006033050.GA6332@xxxxxxxxxxxxxxxxxxxxxxx> <4ACB93F8.5010900@xxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)
On Tue, Oct 06, 2009 at 12:01:12PM -0700, Jeremy Fitzhardinge wrote:
> On 10/05/09 20:30, Bastian Blank wrote:
> > The original version saves ecx, but not edx. Both are official
> > caller-saved registers.
> Hm.  It doesn't save edx because that can be half of a 64-bit return
> value, and in general both eax and edx are marked clobbered.

Then it will be also wrong for functions returning void. They may
clobber eax but never set it to something correct.

>                                                               Except one
> place; does the patch below help?

Don't you need to remove the complete wrapper setup to get a correct
result? (And type safety.)

> > Well, my call stack say something different. It crashs during early
> > startup without a console. The modifications to the function pointers is
> > done much later.
> You're right.  But you're holding out on me; can I see your backtrace? 

Well, I'm traveling and it needs some time to recreate a broken kernel.

> And the disassembly of the troublesome code (both the Xen function and
> the calling function)?

That is easy.

| c12dc725 <_spin_lock_irqsave>:
| c12dc725:       83 ec 04                sub    $0x4,%esp
| c12dc728:       89 c2                   mov    %eax,%edx
| c12dc72a:       65 a1 14 00 00 00       mov    %gs:0x14,%eax
| c12dc730:       89 04 24                mov    %eax,(%esp)
| c12dc733:       31 c0                   xor    %eax,%eax
| c12dc735:       ff 15 bc 1a 3f c1       call   *0xc13f1abc
Call to pv_irq_ops.save_fl.
| c12dc73b:       89 c1                   mov    %eax,%ecx
| c12dc73d:       ff 15 c4 1a 3f c1       call   *0xc13f1ac4
| c12dc743:       b8 00 01 00 00          mov    $0x100,%eax
| c12dc748:       f0 66 0f c1 02          lock xadd %ax,(%edx)
| c12dc74d:       38 e0                   cmp    %ah,%al
| c12dc74f:       74 06                   je     c12dc757 
<_spin_lock_irqsave+0x32>
| c12dc751:       f3 90                   pause  
| c12dc753:       8a 02                   mov    (%edx),%al
Try to use (clobbered) edx.
| c12dc755:       eb f6                   jmp    c12dc74d 
<_spin_lock_irqsave+0x28>
| c12dc757:       8b 14 24                mov    (%esp),%edx
| c12dc75a:       65 33 15 14 00 00 00    xor    %gs:0x14,%edx
| c12dc761:       89 c8                   mov    %ecx,%eax
| c12dc763:       74 05                   je     c12dc76a 
<_spin_lock_irqsave+0x45>
| c12dc765:       e8 28 58 d6 ff          call   c1041f92 <__stack_chk_fail>
| c12dc76a:       5a                      pop    %edx
| c12dc76b:       c3                      ret    

| c1005dbc <xen_save_fl>:
| c1005dbc:       83 ec 04                sub    $0x4,%esp
| c1005dbf:       65 a1 14 00 00 00       mov    %gs:0x14,%eax
| c1005dc5:       89 04 24                mov    %eax,(%esp)
| c1005dc8:       31 c0                   xor    %eax,%eax
| c1005dca:       64 a1 0c 70 47 c1       mov    %fs:0xc147700c,%eax
| c1005dd0:       80 78 01 00             cmpb   $0x0,0x1(%eax)
| c1005dd4:       0f 94 c0                sete   %al
| c1005dd7:       0f b6 c0                movzbl %al,%eax
| c1005dda:       f7 d8                   neg    %eax
| c1005ddc:       25 00 02 00 00          and    $0x200,%eax
| c1005de1:       8b 14 24                mov    (%esp),%edx
| c1005de4:       65 33 15 14 00 00 00    xor    %gs:0x14,%edx
| c1005deb:       74 05                   je     c1005df2 <xen_save_fl+0x36>
| c1005ded:       e8 a0 c1 03 00          call   c1041f92 <__stack_chk_fail>
| c1005df2:       5a                      pop    %edx
Clobbers edx with the old eax.
| c1005df3:       c3                      ret    

| c13f1ab8 g     O .data  0000001c pv_irq_ops


-- 
I'm frequently appalled by the low regard you Earthmen have for life.
                -- Spock, "The Galileo Seven", stardate 2822.3

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>