Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp243351ybi;
        Wed, 29 May 2019 20:30:37 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwQXvbB+X082DWoDBR886jgNOW1awxqzPchYnY8U6nI59Ipo1HYXMdtYTOwNxLh3YTabOV+
X-Received: by 2002:a63:fd52:: with SMTP id m18mr1665336pgj.267.1559187037684;
        Wed, 29 May 2019 20:30:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559187037; cv=none;
        d=google.com; s=arc-20160816;
        b=nEDF3cJznfBU98wUtaOAoE1X+q5NioHQ1Vx16BGUNiyHh9ZLZyIPunGOpggTFLKjWk
         Q5M8VQ9MLQzFdalnIzksxe44CCliL/l+tgEiQoE4SEdbdYCOxAtVBoLzc5HZrEszbI6x
         iZfiXSWOfBa13HcULotDn0UgO0eElMxAo2V3K5eYPYE1ZaGzIUBLOGZRYmzc1FmXauuz
         2xzBWK77PxdSIY+XziFWDYAEs9/HQRF7Nmz+9yH+zIWEctmT8sYnqXGLfq6IeCYDiwi3
         5C+3hOntzrgzDkznw3tcIqWL5Z/hUv07nNla79UbZfFWl2fxbg/ipPhBTW/FANBhWrLb
         jNyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=aab88zcdB7yigxtLtNZPcMtyCPjS/zvjUkWZGgHGPZQ=;
        b=TgKRVUOOe0LmFQLkCYBIFEDpyCbC+63NgscHzcYBvEqf+F+ZkP+4XM93tMFSd6/8Q+
         vc8pF6DnvGKr/aU8xQIvzn07sPSlCDA2rmTQb1EDJwbJroKGWlMci5yH8dJ0Jn6ZUY2C
         C0VUggnQrq5iyZBdc0qjBQD4k3jGl0dKilj0X18Wh8J+5LG3YtPGKgI5tgVAilhwMPv5
         X8eIknsFeMIqwq+HgkZxbGwMHc3heLJewWYGnO0V6+7Jw/n3zReRRbQakuc9N3dgvcuV
         gNR6Fg6VE2xh5HqG+vMBJBdD28nWtVc+UWAmA6LqXivAPqpE7uoBYHmY2dYEJjYImGVE
         fmmA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=UCtIS8QH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 186si1865179pfc.247.2019.05.29.20.30.20;
        Wed, 29 May 2019 20:30:37 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=UCtIS8QH;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731855AbfE3D1Q (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Wed, 29 May 2019 23:27:16 -0400
Received: from mail.kernel.org ([198.145.29.99]:54702 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1731864AbfE3DTV (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 29 May 2019 23:19:21 -0400
Received: from localhost (ip67-88-213-2.z213-88-67.customer.algx.net [67.88.213.2])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id D1BE824871;
        Thu, 30 May 2019 03:19:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1559186359;
        bh=OxCAIHPoH18e4bJyXWJl8c54vD7RQRBMGt1OQmZG0A4=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=UCtIS8QHlwpjBNxR2kh9vJ1KLM1pBCth8+/zx+4z5YVmR8qwGXUni/Aaqr74dGxsh
         KUKMUJimUDDbDOIBqKwrzCEieyT3Pn4/W0KVKyMEH//Z8I5BDSs65Y342KxN5Gkec+
         bVeKpgDgEB4fKOIseV7+sf1H7Pd5OhoFQV6m6A74=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
        Borislav Petkov <bp@suse.de>,
        Andy Lutomirski <luto@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        Josh Poimboeuf <jpoimboe@redhat.com>,
        Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>,
        Nicolai Stange <nstange@suse.de>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        x86-ml <x86@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14 105/193] x86/irq/64: Limit IST stack overflow check to #DB stack
Date:   Wed, 29 May 2019 20:05:59 -0700
Message-Id: <20190530030503.464322165@linuxfoundation.org>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190530030446.953835040@linuxfoundation.org>
References: <20190530030446.953835040@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

[ Upstream commit 7dbcf2b0b770eeb803a416ee8dcbef78e6389d40 ]

Commit

  37fe6a42b343 ("x86: Check stack overflow in detail")

added a broad check for the full exception stack area, i.e. it considers
the full exception stack area as valid.

That's wrong in two aspects:

 1) It does not check the individual areas one by one

 2) #DF, NMI and #MCE are not enabling interrupts which means that a
    regular device interrupt cannot happen in their context. In fact if a
    device interrupt hits one of those IST stacks that's a bug because some
    code path enabled interrupts while handling the exception.

Limit the check to the #DB stack and consider all other IST stacks as
'overflow' or invalid.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Mitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com>
Cc: Nicolai Stange <nstange@suse.de>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190414160143.682135110@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/kernel/irq_64.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c
index 0469cd078db15..b50ac9c7397bb 100644
--- a/arch/x86/kernel/irq_64.c
+++ b/arch/x86/kernel/irq_64.c
@@ -26,9 +26,18 @@ int sysctl_panic_on_stackoverflow;
 /*
  * Probabilistic stack overflow check:
  *
- * Only check the stack in process context, because everything else
- * runs on the big interrupt stacks. Checking reliably is too expensive,
- * so we just check from interrupts.
+ * Regular device interrupts can enter on the following stacks:
+ *
+ * - User stack
+ *
+ * - Kernel task stack
+ *
+ * - Interrupt stack if a device driver reenables interrupts
+ *   which should only happen in really old drivers.
+ *
+ * - Debug IST stack
+ *
+ * All other contexts are invalid.
  */
 static inline void stack_overflow_check(struct pt_regs *regs)
 {
@@ -53,8 +62,8 @@ static inline void stack_overflow_check(struct pt_regs *regs)
 		return;
 
 	oist = this_cpu_ptr(&orig_ist);
-	estack_top = (u64)oist->ist[0] - EXCEPTION_STKSZ + STACK_TOP_MARGIN;
-	estack_bottom = (u64)oist->ist[N_EXCEPTION_STACKS - 1];
+	estack_bottom = (u64)oist->ist[DEBUG_STACK];
+	estack_top = estack_bottom - DEBUG_STKSZ + STACK_TOP_MARGIN;
 	if (regs->sp >= estack_top && regs->sp <= estack_bottom)
 		return;
 
-- 
2.20.1