Re: [PATCH & RFC] kdump and stack overflows

[Eric W. Biederman]

Fernando Luis Vazquez Cao <fernando@xxxxxxxxxxxxxxxxx> writes:

> Hi,
>
> I have observed that kdump's reboot path to the second kernel is not
> stack overflow safe.
>
> On the event of a stack overflow critical data that usually resides at
> the bottom of the stack is likely to be stomped and, consequently, its
> use should be avoided.
>
> In particular, in the i386 and IA64 architectures the macro
> smp_processor_id ultimately makes use of the "cpu" member of struct
> thread_info which resides at the bottom of the stack (see code snips
> below). x86_64, on the other hand, is not affected by this problem
> because it benefits from the PDA infrastructure.

I agree this is something that we should handle if we can.
>
> To circumvent this problem I suggest implementing
> "safe_smp_processor_id()" (it already exists on x86_64) for i386 and
> IA64 and use it as a replacement to smp_processor_id in the reboot path
> to the dump capture kernel. A possible implementation for i386 is
> attached below.
>
> I would appreciante comments on this.

The patch looks like a good one to express the idea, but it is a
bad one to push upstream.

safe_smp_processor_id has a printk in it.

mm/fault.c has related code that really should go into a separate
patch.

For crash_nmi_callback I don't feel very comfortable about
dropping the cpu parameter.  I suspect you want to move
the call safe_smp_process_id to do_nmi (which is current
calling smp_processor_id).  Basically the whole nmi path needs a stack
overflow audit.  I believe we have a separate interrupt stack that
should help but..

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/