On 3/23/21 11:48 AM, Mark Rutland wrote: > On Tue, Mar 23, 2021 at 10:26:50AM -0500, Madhavan T. Venkataraman wrote: >> On 3/23/21 9:57 AM, Mark Rutland wrote: >> Thanks for explaining the nesting. It is now clear to me. > > No problem! > >> So, my next question is - can we define a practical limit for the >> nesting so that any nesting beyond that is fatal? The reason I ask is >> - if there is a max, then we can allocate an array of stack frames out >> of band for the special frames so they are not part of the stack and >> will not likely get corrupted. > > I suspect we can't define such a fatal limit without introducing a local > DoS vector on some otherwise legitimate workload, and I fear this will > further complicate the entry/exit logic, so I'd prefer to avoid > introducing a new limit. > I suspected as much. But I thought I will ask anyway. > What exactly do you mean by a "special frame", and why do those need > additional protection over regular frame records? > Special frame just means pt_regs->stackframe that is used for exceptions. No additional protection is needed. I just meant that since they are out of band, we can reliably tell that there are exceptions without examining the stack. That is all. >> Also, we don't have to do any special detection. If the number of out >> of band frames used is one or more then we have exceptions and the >> stack trace is unreliable. > > What is expected to protect against? > It is not a protection thing. I just wanted a reliable way to tell that there is an exception without having to unwind the stack up to the exception frame. That is all. Thanks. Madhavan
