From: ebiederm@xmission.com (Eric W. Biederman)
To: <linux-kernel@vger.kernel.org>
Cc: Kyle Huey <me@kylehuey.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrea Righi <andrea.righi@canonical.com>,
Shuah Khan <shuah@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Andy Lutomirski <luto@amacapital.net>,
Will Drewry <wad@chromium.org>,
"open list\:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
linux-hardening@vger.kernel.org,
Robert O'Callahan <rocallahan@gmail.com>,
Kees Cook <keescook@chromium.org>,
Oliver Sang <oliver.sang@intel.com>,
lkp@lists.01.org, lkp@intel.com
Subject: [PATCH 0/2] SA_IMMUTABLE fixes
Date: Thu, 18 Nov 2021 15:58:02 -0600 [thread overview]
Message-ID: <87h7c9qg7p.fsf_-_@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <202111171728.D85A4E2571@keescook> (Kees Cook's message of "Wed, 17 Nov 2021 17:32:20 -0800")
SA_IMMUTABLE fixed issues with force_sig_seccomp and the introduction
for force_sig_fatal where the exit previously could not be interrupted
but now it can. Unfortunately it added that behavior to all force_sig
functions under the right conditions which debuggers usage of SIG_TRAP
and debuggers handling of SIGSEGV.
Solve that by limiting SA_IMMUTABLE to just the cases that historically
debuggers have not been able to intercept.
The first patch changes force_sig_info_to_task to take a flag
that requests which behavior is desired.
The second patch adds force_exit_sig which replaces force_fatal_sig
in the cases where historically userspace would only find out about
the ``signal'' after the process has exited.
The first one with the hunk changing force_fatal_sig removed should be
suitable for backporting to v5.15. v5.15 does not implement
force_fatal_sig.
This should be enough to fix the regressions.
Kyle if you can double check me that I have properly fixed these issues
that would be appreciated.
Any other review or suggestions to improve the names would be
appreciated. I think I have named things reasonably well but I am very
close to the code so it is easy for me to miss things.
Eric W. Biederman (2):
signal: Don't always set SA_IMMUTABLE for forced signals
signal: Replace force_fatal_sig with force_exit_sig when in doubt
arch/m68k/kernel/traps.c | 2 +-
arch/powerpc/kernel/signal_32.c | 2 +-
arch/powerpc/kernel/signal_64.c | 4 ++--
arch/s390/kernel/traps.c | 2 +-
arch/sparc/kernel/signal_32.c | 4 ++--
arch/sparc/kernel/windows.c | 2 +-
arch/x86/entry/vsyscall/vsyscall_64.c | 2 +-
arch/x86/kernel/vm86_32.c | 2 +-
include/linux/sched/signal.h | 1 +
kernel/entry/syscall_user_dispatch.c | 4 ++--
kernel/signal.c | 36 ++++++++++++++++++++++++++++-------
11 files changed, 42 insertions(+), 19 deletions(-)
Eric
WARNING: multiple messages have this Message-ID (diff)
From: Eric W. Biederman <ebiederm@xmission.com>
To: lkp@lists.01.org
Subject: [PATCH 0/2] SA_IMMUTABLE fixes
Date: Thu, 18 Nov 2021 15:58:02 -0600 [thread overview]
Message-ID: <87h7c9qg7p.fsf_-_@email.froward.int.ebiederm.org> (raw)
In-Reply-To: <202111171728.D85A4E2571@keescook>
[-- Attachment #1: Type: text/plain, Size: 2027 bytes --]
SA_IMMUTABLE fixed issues with force_sig_seccomp and the introduction
for force_sig_fatal where the exit previously could not be interrupted
but now it can. Unfortunately it added that behavior to all force_sig
functions under the right conditions which debuggers usage of SIG_TRAP
and debuggers handling of SIGSEGV.
Solve that by limiting SA_IMMUTABLE to just the cases that historically
debuggers have not been able to intercept.
The first patch changes force_sig_info_to_task to take a flag
that requests which behavior is desired.
The second patch adds force_exit_sig which replaces force_fatal_sig
in the cases where historically userspace would only find out about
the ``signal'' after the process has exited.
The first one with the hunk changing force_fatal_sig removed should be
suitable for backporting to v5.15. v5.15 does not implement
force_fatal_sig.
This should be enough to fix the regressions.
Kyle if you can double check me that I have properly fixed these issues
that would be appreciated.
Any other review or suggestions to improve the names would be
appreciated. I think I have named things reasonably well but I am very
close to the code so it is easy for me to miss things.
Eric W. Biederman (2):
signal: Don't always set SA_IMMUTABLE for forced signals
signal: Replace force_fatal_sig with force_exit_sig when in doubt
arch/m68k/kernel/traps.c | 2 +-
arch/powerpc/kernel/signal_32.c | 2 +-
arch/powerpc/kernel/signal_64.c | 4 ++--
arch/s390/kernel/traps.c | 2 +-
arch/sparc/kernel/signal_32.c | 4 ++--
arch/sparc/kernel/windows.c | 2 +-
arch/x86/entry/vsyscall/vsyscall_64.c | 2 +-
arch/x86/kernel/vm86_32.c | 2 +-
include/linux/sched/signal.h | 1 +
kernel/entry/syscall_user_dispatch.c | 4 ++--
kernel/signal.c | 36 ++++++++++++++++++++++++++++-------
11 files changed, 42 insertions(+), 19 deletions(-)
Eric
next prev parent reply other threads:[~2021-11-18 21:58 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-17 18:47 [REGRESSION] 5.16rc1: SA_IMMUTABLE breaks debuggers Kyle Huey
2021-11-17 18:51 ` Kees Cook
2021-11-17 19:05 ` Kyle Huey
2021-11-17 19:09 ` Kyle Huey
2021-11-17 21:04 ` Eric W. Biederman
2021-11-17 21:54 ` Kees Cook
2021-11-17 23:24 ` Linus Torvalds
2021-11-18 0:05 ` Kees Cook
2021-11-18 0:15 ` Linus Torvalds
2021-11-18 0:37 ` Kyle Huey
2021-11-18 1:11 ` Linus Torvalds
2021-11-18 1:20 ` Kyle Huey
2021-11-18 1:32 ` Kees Cook
2021-11-18 16:10 ` Eric W. Biederman
2021-11-19 16:07 ` Kyle Huey
2021-11-19 16:35 ` Kees Cook
2021-11-19 16:58 ` Kyle Huey
2021-11-18 21:58 ` Eric W. Biederman [this message]
2021-11-18 21:58 ` [PATCH 0/2] SA_IMMUTABLE fixes Eric W. Biederman
2021-11-18 22:04 ` [PATCH 1/2] signal: Don't always set SA_IMMUTABLE for forced signals Eric W. Biederman
2021-11-18 22:04 ` Eric W. Biederman
2021-11-18 23:52 ` Kees Cook
2021-11-18 23:52 ` Kees Cook
2021-11-18 23:54 ` Kees Cook
2021-11-18 23:54 ` Kees Cook
2021-11-19 15:08 ` Eric W. Biederman
2021-11-19 15:08 ` Eric W. Biederman
2021-11-19 1:13 ` Kyle Huey
2021-11-19 1:13 ` Kyle Huey
2021-11-19 15:03 ` Eric W. Biederman
2021-11-19 15:03 ` Eric W. Biederman
2021-11-18 22:05 ` [PATCH 2/2] signal: Replace force_fatal_sig with force_exit_sig when in doubt Eric W. Biederman
2021-11-18 22:05 ` Eric W. Biederman
2021-11-18 23:53 ` Kees Cook
2021-11-18 23:53 ` Kees Cook
2021-11-19 1:12 ` [PATCH 0/2] SA_IMMUTABLE fixes Kyle Huey
2021-11-19 1:12 ` Kyle Huey
2021-11-19 15:41 ` [GIT PULL] SA_IMMUTABLE fixes for v5.16-rc2 Eric W. Biederman
2021-11-19 15:41 ` Eric W. Biederman
2021-11-19 19:46 ` pr-tracker-bot
2021-11-19 19:46 ` pr-tracker-bot
2021-11-17 22:29 ` [REGRESSION] 5.16rc1: SA_IMMUTABLE breaks debuggers Kyle Huey
2021-11-18 5:43 ` Thorsten Leemhuis
2021-11-20 6:13 ` Thorsten Leemhuis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h7c9qg7p.fsf_-_@email.froward.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=andrea.righi@canonical.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=lkp@intel.com \
--cc=lkp@lists.01.org \
--cc=luto@amacapital.net \
--cc=me@kylehuey.com \
--cc=oliver.sang@intel.com \
--cc=rocallahan@gmail.com \
--cc=shuah@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.