[PATCH] D150033: fix stack probe lowering for x86_intrcc

Tom Dohrmann via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Sun May 7 02:01:07 PDT 2023 

Freax13 added a comment.

In D150033#4324769 <https://reviews.llvm.org/D150033#4324769>, @pengfei wrote:

>> IIUC in the context of `x86_intrcc` the 8 byte stack pointer change should never cause any stack probing to be emitted because it's smaller than the stack probe size (4096 bytes)
>
> I have the same conclusion but for a different reason. It is not because 8 bytes < 4096. We still have chance to enter a guard page if the current `RSP` is near the end a a page, e.g., 4095. The reason is no matter what the size we want for stack realignment, the rest space we used to align is always in the same page unless the alignment requirement > 4096 bytes, which I don't think existing in reality.
> Given that, I think should prevent to build the first `STACKALLOC_W_PROBING` rather than patch it later.

So it turns out that we currently emit `push rax` for the stack update. This instruction obviously writes to the page and would trigger faults if it landed on a guard page. We can probably get away with just hard-coding the stack update to `push rax` and avoid any bad interactions with stack probing that way.

>> `x86_intrcc` is used for exception/interrupt handlers on x86... The probing is done by writing to the memory to see if it will trigger a fault.
>
> IIUC, the exception/interrupt handlers are under ring 0 mode, do we really have a chance to trigger fault? Maybe we shouldn't do `probe-stack` with `x86_intrcc`?

Exceptions handlers typically run in ring 0, but this is not a constraint by the architecture, it's also possible to have exception handlers in rings 1, 2 and 3. In general, faults happen like normal in ring 0 (with  few exceptions). One relevant exception to this is that the write-bit is ignored in ring 0 if the WriteProtect bit is not set in CR0, meaning that ring 0 can write to read-only pages (but not unmapped pages). Kernels that want to disable write-protection in ring 0 and also want to use stack probing should use unmapped pages as guard pages. In practice the WriteProtect bit is often enabled e.g. by some (all?) UEFI implementations and the Linux kernel, so stack probing should work just fine.

In D150033#4324774 <https://reviews.llvm.org/D150033#4324774>, @pengfei wrote:

> What's more, faulty during exception/interrupt seems UB because we may have disabled interrupt before entering the handlers.

Exceptions/faults can't be disabled.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D150033/new/

https://reviews.llvm.org/D150033

More information about the llvm-commits mailing list