File 5eb182a8-x86-traps-show_guest_stack-off-by-1.patch of Package xen.16822

Overview Repositories Revisions Requests Users Attributes Meta

File 5eb182a8-x86-traps-show_guest_stack-off-by-1.patch of Package xen.16822

# Commit 2e3d87cc734a895ef5b486926274a178836b67a9
# Date 2020-05-05 16:13:44 +0100
# Author Hongyan Xia <hongyxia@amazon.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/traps: fix an off-by-one error

stack++ can go into the next page and unmap_domain_page() will unmap the
wrong one, causing mapcache and memory corruption. Fix.

Signed-off-by: Hongyan Xia <hongyxia@amazon.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -228,6 +228,7 @@ static void compat_show_guest_stack(stru
                                     int debug_stack_lines)
 {
     unsigned int i, *stack, addr, mask = STACK_SIZE;
+    void *stack_page = NULL;
 
     stack = (unsigned int *)(unsigned long)regs->esp;
     printk("Guest stack trace from esp=%08lx:\n ", (unsigned long)stack);
@@ -250,7 +251,7 @@ static void compat_show_guest_stack(stru
                 break;
         if ( !vcpu )
         {
-            stack = do_page_walk(v, (unsigned long)stack);
+            stack_page = stack = do_page_walk(v, (unsigned long)stack);
             if ( (unsigned long)stack < PAGE_SIZE )
             {
                 printk("Inaccessible guest memory.\n");
@@ -277,11 +278,10 @@ static void compat_show_guest_stack(stru
         printk(" %08x", addr);
         stack++;
     }
-    if ( mask == PAGE_SIZE )
-    {
-        BUILD_BUG_ON(PAGE_SIZE == STACK_SIZE);
-        unmap_domain_page(stack);
-    }
+
+    if ( stack_page )
+        unmap_domain_page(stack_page);
+
     if ( i == 0 )
         printk("Stack empty.");
     printk("\n");
@@ -292,6 +292,7 @@ static void show_guest_stack(struct vcpu
     int i;
     unsigned long *stack, addr;
     unsigned long mask = STACK_SIZE;
+    void *stack_page = NULL;
 
     /* Avoid HVM as we don't know what the stack looks like. */
     if ( is_hvm_vcpu(v) )
@@ -320,7 +321,7 @@ static void show_guest_stack(struct vcpu
         vcpu = maddr_get_owner(read_cr3()) == v->domain ? v : NULL;
         if ( !vcpu )
         {
-            stack = do_page_walk(v, (unsigned long)stack);
+            stack_page = stack = do_page_walk(v, (unsigned long)stack);
             if ( (unsigned long)stack < PAGE_SIZE )
             {
                 printk("Inaccessible guest memory.\n");
@@ -347,11 +348,10 @@ static void show_guest_stack(struct vcpu
         printk(" %p", _p(addr));
         stack++;
     }
-    if ( mask == PAGE_SIZE )
-    {
-        BUILD_BUG_ON(PAGE_SIZE == STACK_SIZE);
-        unmap_domain_page(stack);
-    }
+
+    if ( stack_page )
+        unmap_domain_page(stack_page);
+
     if ( i == 0 )
         printk("Stack empty.");
     printk("\n");

Places

File 5eb182a8-x86-traps-show_guest_stack-off-by-1.patch of Package xen.16822

Places