Skip to content

GitLab

Commit 5d733b80 authored by Jithu Joseph's avatar Jithu Joseph Committed by Vikram Narayanan
Browse files

Add mapping for the stack protector page so that %fs based guard checks wont crash.

parent 127a863f
Hide whitespace changes
Inline Side-by-side
arch/x86/lcd/guest/utility.c
View file @ 5d733b80
......@@ -76,27 +76,24 @@ static int abc_putc(int fd, const char c)
return ret;
}
// %rax not getting saved automatically
static void
lcd_putc(char c)
{
asm volatile("push %rax");
asm volatile("movzx %0,%%rax" : : "r" (c));
asm volatile("vmcall");
// printk(KERN_ERR "%c", c);
asm volatile("pop %rax");
// printk(KERN_ERR "%c", c);
}
#if 0
// Need to see if there is any issue with
// loading ... This code is faulting
// lcd: page fault VA 0000000000000028
// RIP 0xffffffffa02e2017 ... The culprit
// has to be access to digits[] = "0123456789ABCDEF"
// A slightly different logic below the ifdef .works
// The same works in a regular kernel module
#if 1
static void
printint(int xx, int base, int sgn)
{
char digits[] = "0123456789ABCDEF";
static char digits[] = "0123456789ABCDEF";
char buf[16];
int i, neg;
uint x;
......@@ -112,6 +109,7 @@ printint(int xx, int base, int sgn)
i = 0;
do{
buf[i++] = digits[x % base];
// lcd_putc('*');
}while((x /= base) != 0);
if(neg)
buf[i++] = '-';
......@@ -121,7 +119,7 @@ printint(int xx, int base, int sgn)
}
#endif
#if 1
#if 0
static void
printint(int xx, int base, int sgn)
{
......@@ -234,7 +232,7 @@ my_printf(char *fmt, ...)
}
}
#if 1
void temp_fn(int var) {
int check = 107;
int hex = 0xdeadbeef;
......@@ -260,7 +258,6 @@ static int hello_2_init(void)
}
// guest
shared_var = 2;
my_printf("ozzie\n");
temp_fn(69);
......@@ -276,4 +273,27 @@ static void __exit hello_2_exit(void)
module_init(hello_2_init);
module_exit(hello_2_exit);
#endif
#if 0
static int __init hello_print_init(void)
{
int check = 107;
u64 pp = 45;
printk(KERN_ERR "Hello, world 2\n");
my_printf("Hellow %d World %d done\n", check, pp);
// temp_fn();
return 0;
}
static void __exit hello_print_exit(void)
{
printk(KERN_INFO "Goodbye, world 2\n");
}
module_init(hello_print_init);
module_exit(hello_print_exit);
#endif
arch/x86/lcd/lcd_main.c
View file @ 5d733b80
......@@ -1908,6 +1908,33 @@ static int __move_host_mapping(lcd_struct *lcd, void* hva,
return 0;
}
static int map_host_page_at_guest_va(lcd_struct *lcd, void* hva,
void *gva, int vmallocd ) {
void *pa;
void *va = (void*)round_down(((unsigned long)hva), PAGE_SIZE);
int ret = 0;
ret = lcd_va_to_pa(va, &pa, vmallocd);
if (ret != 0) {
return ret;
}
ret = lcd_map_gpa_to_hpa(lcd, (u64)pa, (u64)pa, 0);
if (ret != 0) {
printk(KERN_ERR "lcd: move PA mapping conflicts canary\n");
return ret;
}
ret = lcd_map_gva_to_gpa(lcd, (u64)gva, (u64)pa, 1, 0);
if (ret != 0) {
printk(KERN_ERR "lcd: move PT mapping conflicts canary\n");
return ret;
}
return 0;
}
static char *my_shared;
static int lcd_setup_stack(lcd_struct *lcd) {
char *sp = NULL;
......@@ -1935,6 +1962,29 @@ static int lcd_setup_stack(lcd_struct *lcd) {
//setup the stack
vmcs_writel(GUEST_RSP, stack_top);
//setup the stack canary page referenced by %gs:28
sp = __get_free_pages(GFP_KERNEL | __GFP_ZERO, 0);
if (!sp) {
return -ENOMEM;
}
// Map a valid page into first guest virtual page
// The aim is to not fault due to stack canary added
// against buffer overflow stack protection.
// The gcc generated code expects %fs:0x28 to be
// valid. Since we have zero base for all segment
// registers - mapping the some page into virtual
// address 0 should suffice.
// refer to linux/arch/x86/include/asm/stackprotector.h for
// details.[http://stackoverflow.com/a/22476070/2950979]
map_host_page_at_guest_va(lcd, (void *)sp , 0, 0);
if (ret != 0) {
printk(KERN_ERR "lcd: Unable to map the canary\n");
return ret;
}
return 0;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment