From: Kees Cook <keescook@chromium.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, H Peter Anvin <hpa@zytor.com>
Subject: Re: [PATCH 10/20] signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved.
Date: Thu, 21 Oct 2021 09:16:02 -0700 [thread overview]
Message-ID: <202110210915.BF17C14980@keescook> (raw)
In-Reply-To: <20211020174406.17889-10-ebiederm@xmission.com>
On Wed, Oct 20, 2021 at 12:43:56PM -0500, Eric W. Biederman wrote:
> Instead of pretending to send SIGSEGV by calling do_exit(SIGSEGV)
> call force_sigsegv(SIGSEGV) to force the process to take a SIGSEGV
> and terminate.
>
> Update handle_signal to return immediately when save_v86_state fails
> and kills the process. Returning immediately without doing anything
> except killing the process with SIGSEGV is also what signal_setup_done
> does when setup_rt_frame fails. Plus it is always ok to return
> immediately without delivering a signal to a userspace handler when a
> fatal signal has killed the current process.
Do the tools/testing/selftests/x86 tests all pass after these changes? I
know Andy has a bunch of weird corner cases in there.
Reviewed-by: Kees Cook <keescook@chromium.org>
>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Borislav Petkov <bp@alien8.de>
> Cc: x86@kernel.org
> Cc: H Peter Anvin <hpa@zytor.com>
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> ---
> arch/x86/kernel/signal.c | 6 +++++-
> arch/x86/kernel/vm86_32.c | 2 +-
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
> index f4d21e470083..25a230f705c1 100644
> --- a/arch/x86/kernel/signal.c
> +++ b/arch/x86/kernel/signal.c
> @@ -785,8 +785,12 @@ handle_signal(struct ksignal *ksig, struct pt_regs *regs)
> bool stepping, failed;
> struct fpu *fpu = ¤t->thread.fpu;
>
> - if (v8086_mode(regs))
> + if (v8086_mode(regs)) {
> save_v86_state((struct kernel_vm86_regs *) regs, VM86_SIGNAL);
> + /* Has save_v86_state failed and killed the process? */
> + if (fatal_signal_pending(current))
> + return;
> + }
>
> /* Are we from a system call? */
> if (syscall_get_nr(current, regs) != -1) {
> diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
> index 63486da77272..040fd01be8b3 100644
> --- a/arch/x86/kernel/vm86_32.c
> +++ b/arch/x86/kernel/vm86_32.c
> @@ -159,7 +159,7 @@ void save_v86_state(struct kernel_vm86_regs *regs, int retval)
> user_access_end();
> Efault:
> pr_alert("could not access userspace vm86 info\n");
> - do_exit(SIGSEGV);
> + force_sigsegv(SIGSEGV);
> }
>
> static int do_vm86_irq_handling(int subfunction, int irqnumber);
> --
> 2.20.1
>
--
Kees Cook
next prev parent reply other threads:[~2021-10-21 16:16 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-20 17:32 [PATCH 00/20] exit cleanups Eric W. Biederman
2021-10-20 17:32 ` [OpenRISC] " Eric W. Biederman
2021-10-20 17:32 ` Eric W. Biederman
2021-10-20 17:43 ` [PATCH 01/20] exit/doublefault: Remove apparently bogus comment about rewind_stack_do_exit Eric W. Biederman
2021-10-21 16:02 ` Kees Cook
2021-10-20 17:43 ` [PATCH 02/20] exit: Remove calls of do_exit after noreturn versions of die Eric W. Biederman
2021-10-20 17:43 ` [OpenRISC] " Eric W. Biederman
2021-10-21 16:02 ` Kees Cook
2021-10-21 16:02 ` [OpenRISC] " Kees Cook
2021-10-21 16:25 ` Eric W. Biederman
2021-10-21 16:25 ` [OpenRISC] " Eric W. Biederman
2021-10-20 17:43 ` [PATCH 03/20] reboot: Remove the unreachable panic after do_exit in reboot(2) Eric W. Biederman
2021-10-21 16:05 ` Kees Cook
2021-10-20 17:43 ` [PATCH 04/20] signal/sparc32: Remove unreachable do_exit in do_sparc_fault Eric W. Biederman
2021-10-21 16:05 ` Kees Cook
2021-10-20 17:43 ` [PATCH 05/20] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT Eric W. Biederman
2021-10-21 16:06 ` Kees Cook
2021-10-24 4:24 ` Maciej W. Rozycki
2021-10-25 20:55 ` Eric W. Biederman
2021-10-24 15:27 ` Thomas Bogendoerfer
2021-10-20 17:43 ` [PATCH 06/20] signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) Eric W. Biederman
2021-10-20 19:57 ` Linus Torvalds
2021-10-27 14:24 ` Rich Felker
2021-10-21 16:08 ` Kees Cook
2021-10-20 17:43 ` [PATCH 07/20] signal/powerpc: On swapcontext failure force SIGSEGV Eric W. Biederman
2021-10-20 17:43 ` Eric W. Biederman
2021-10-21 16:09 ` Kees Cook
2021-10-21 16:09 ` Kees Cook
2021-10-20 17:43 ` [PATCH 08/20] signal/sparc: In setup_tsb_params convert open coded BUG into BUG Eric W. Biederman
2021-10-21 16:12 ` Kees Cook
2021-10-20 17:43 ` [PATCH 09/20] signal/vm86_32: Replace open coded BUG_ON with an actual BUG_ON Eric W. Biederman
2021-10-21 16:15 ` Kees Cook
2021-11-12 15:40 ` Eric W. Biederman
2021-11-12 17:51 ` Brian Gerst
2021-11-12 19:57 ` Eric W. Biederman
2021-11-12 20:40 ` Linus Torvalds
2021-11-12 21:03 ` Eric W. Biederman
2021-11-12 21:23 ` Linus Torvalds
2021-11-12 21:24 ` Linus Torvalds
2021-11-12 21:37 ` [GIT PULL ] signal/vm86_32: Remove pointless test in BUG_ON Eric W. Biederman
2021-11-13 19:15 ` pr-tracker-bot
2021-11-12 21:43 ` [PATCH 09/20] signal/vm86_32: Replace open coded BUG_ON with an actual BUG_ON Eric W. Biederman
2021-10-20 17:43 ` [PATCH 10/20] signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved Eric W. Biederman
2021-10-21 16:16 ` Kees Cook [this message]
2021-10-21 17:02 ` Eric W. Biederman
2021-10-21 20:33 ` Kees Cook
2021-10-21 23:08 ` Andy Lutomirski
2021-10-24 16:06 ` Eric W. Biederman
[not found] ` <875ytkygfj.fsf_-_@disp2133>
2021-10-25 21:12 ` [PATCH v2 10/32] " Linus Torvalds
2021-10-25 21:28 ` Eric W. Biederman
2021-10-25 22:25 ` Andy Lutomirski
2021-10-25 23:45 ` Linus Torvalds
2021-10-26 0:21 ` Andy Lutomirski
2021-10-20 17:43 ` [PATCH 11/20] signal/s390: Use force_sigsegv in default_trap_handler Eric W. Biederman
2021-10-21 16:17 ` Kees Cook
2021-10-26 9:38 ` Christian Borntraeger
2021-10-28 15:56 ` Eric W. Biederman
2021-10-29 19:32 ` Eric W. Biederman
2021-10-20 17:43 ` [PATCH 12/20] exit/kthread: Have kernel threads return instead of calling do_exit Eric W. Biederman
2021-10-21 11:12 ` Christoph Hellwig
2021-10-21 15:11 ` Eric W. Biederman
2021-10-21 16:21 ` Kees Cook
2021-10-20 17:43 ` [PATCH 13/20] signal: Implement force_fatal_sig Eric W. Biederman
2021-10-20 20:05 ` Linus Torvalds
2021-10-20 21:25 ` Eric W. Biederman
2021-10-25 22:41 ` Andy Lutomirski
2021-10-25 23:15 ` Linus Torvalds
2021-10-26 4:45 ` Eric W. Biederman
2021-10-26 4:57 ` Eric W. Biederman
2021-10-26 16:15 ` Linus Torvalds
2021-10-28 16:33 ` Eric W. Biederman
2021-10-21 16:24 ` Kees Cook
2021-10-21 16:33 ` Eric W. Biederman
2021-10-21 16:39 ` Kees Cook
2021-10-20 17:44 ` [PATCH 14/20] exit/syscall_user_dispatch: Send ordinary signals on failure Eric W. Biederman
2021-10-21 16:25 ` Kees Cook
2021-10-21 16:37 ` Eric W. Biederman
2021-10-21 16:40 ` Kees Cook
2021-10-21 17:05 ` Eric W. Biederman
2021-10-25 22:32 ` Andy Lutomirski
2021-10-21 16:35 ` Gabriel Krisman Bertazi
2021-10-20 17:44 ` [PATCH 15/20] signal/sparc32: Exit with a fatal signal when try_to_clear_window_buffer fails Eric W. Biederman
2021-10-21 16:34 ` Kees Cook
2021-10-21 16:56 ` Eric W. Biederman
2021-10-20 17:44 ` [PATCH 16/20] signal/sparc32: In setup_rt_frame and setup_fram use force_fatal_sig Eric W. Biederman
2021-10-21 16:34 ` Kees Cook
2021-10-20 17:44 ` [PATCH 17/20] signal/x86: In emulate_vsyscall force a signal instead of calling do_exit Eric W. Biederman
2021-10-21 16:36 ` Kees Cook
2021-10-20 17:44 ` [PATCH 18/20] exit/rtl8723bs: Replace the macro thread_exit with a simple return 0 Eric W. Biederman
2021-10-21 7:06 ` Greg KH
2021-10-21 15:06 ` Eric W. Biederman
2021-10-21 16:37 ` Kees Cook
2021-10-20 17:44 ` [PATCH 19/20] exit/rtl8712: " Eric W. Biederman
2021-10-21 7:07 ` Greg KH
2021-10-21 16:37 ` Kees Cook
2021-10-20 17:44 ` [PATCH 20/20] exit/r8188eu: " Eric W. Biederman
2021-10-21 7:07 ` Greg KH
2021-10-21 16:37 ` Kees Cook
2021-10-20 21:51 ` [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) Eric W. Biederman
2021-10-20 21:51 ` [OpenRISC] " Eric W. Biederman
2021-10-20 21:51 ` Eric W. Biederman
2021-10-21 8:09 ` Geert Uytterhoeven
2021-10-21 8:09 ` [OpenRISC] " Geert Uytterhoeven
2021-10-21 8:09 ` Geert Uytterhoeven
2021-10-21 13:33 ` Eric W. Biederman
2021-10-21 13:33 ` [OpenRISC] " Eric W. Biederman
2021-10-21 13:33 ` Eric W. Biederman
2021-10-21 8:32 ` Philippe Mathieu-Daudé
2021-10-21 8:32 ` [OpenRISC] " Philippe =?unknown-8bit?q?Mathieu-Daud=C3=A9?=
2021-10-21 8:32 ` Philippe Mathieu-Daudé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202110210915.BF17C14980@keescook \
--to=keescook@chromium.org \
--cc=bp@alien8.de \
--cc=ebiederm@xmission.com \
--cc=hpa@zytor.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.