From: Rich Felker <dalias@libc.org> To: Jann Horn <jannh@google.com> Cc: Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, <sean.j.christopherson@intel.com>, <jethro@fortanix.com>, <jarkko.sakkinen@linux.intel.com>, Florian Weimer <fweimer@redhat.com>, Linux API <linux-api@vger.kernel.org>, Linus Torvalds <torvalds@linux-foundation.org>, the arch/x86 maintainers <x86@kernel.org>, linux-arch <linux-arch@vger.kernel.org>, kernel list <linux-kernel@vger.kernel.org>, Peter Zijlstra <peterz@infradead.org>, <nhorman@redhat.com>, <npmccallum@redhat.com>, <serge.ayoun@intel.com>, <shay.katz-zamir@intel.com>, <linux-sgx@vger.kernel.org>, <andriy.shevchenko@linux.intel.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, <carlos@redhat.com>, <adhemerval.zanella@linaro.org> Subject: Re: RFC: userspace exception fixups Date: Thu, 1 Nov 2018 14:52:25 -0400 [thread overview] Message-ID: <20181101185225.GC5150@brightrain.aerifal.cx> (raw) In-Reply-To: <CAG48ez0vBqL0tyfWwmuc_cq+OAUoEi88=r+t6h64a-Fw8z59zA@mail.gmail.com> On Thu, Nov 01, 2018 at 07:33:33PM +0100, Jann Horn wrote: > > but I'm > > wondering if a more general mechanism would be helpful. > > > > The basic idea would be to allow libc, or maybe even any library, to > > register a handler that gets a chance to act on an exception caused by > > a user instruction before a signal is delivered. As a straw-man > > example for how this could work, there could be a new syscall: > > > > long register_exception_handler(void (*handler)(int, siginfo_t *, void *)); > > > > If a handler is registered, then, if a synchronous exception happens > > (page fault, etc), the kernel would set up an exception frame as usual > > but, rather than checking for signal handlers, it would just call the > > registered handler. > > > That handler is expected to either handle the > > exception entirely on its own or to call one of two new syscalls to > > ask for normal signal delivery > > If you do it this way, these exception handlers would have to chain, There's no need to chain if the handler is specific to the context where the fault happens. You just replace the handler with the one relevant to the code you're about to run before you run it. > > or to ask to retry the faulting instruction. > > Why would that have to be a syscall? For signal handlers registered > with SA_NODEFER, you can basically leave the signal handler with a > longjmp, right? longjmp needs a jmp_buf; it can't return to the faulting instruction. Normally (though this is not defined) signal handlers return to the faulting instruction if they return, but if returning from the exception handler meant passing through to the signal disposition, a different mechanism would be needed to signal that you want to retry the faulting instruction. Rich
WARNING: multiple messages have this Message-ID (diff)
From: Rich Felker <dalias@libc.org> To: Jann Horn <jannh@google.com> Cc: Andy Lutomirski <luto@kernel.org>, Dave Hansen <dave.hansen@linux.intel.com>, sean.j.christopherson@intel.com, jethro@fortanix.com, jarkko.sakkinen@linux.intel.com, Florian Weimer <fweimer@redhat.com>, Linux API <linux-api@vger.kernel.org>, Linus Torvalds <torvalds@linux-foundation.org>, the arch/x86 maintainers <x86@kernel.org>, linux-arch <linux-arch@vger.kernel.org>, kernel list <linux-kernel@vger.kernel.org>, Peter Zijlstra <peterz@infradead.org>, nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, andriy.shevchenko@linux.intel.com, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, carlos@redhat.com, adhemerval.zanella@linaro.org Subject: Re: RFC: userspace exception fixups Date: Thu, 1 Nov 2018 14:52:25 -0400 [thread overview] Message-ID: <20181101185225.GC5150@brightrain.aerifal.cx> (raw) Message-ID: <20181101185225.Itzn8E5MCeSxkI8-OE3lZq_ym1Ke4jA-07JbR1nLSMM@z> (raw) In-Reply-To: <CAG48ez0vBqL0tyfWwmuc_cq+OAUoEi88=r+t6h64a-Fw8z59zA@mail.gmail.com> On Thu, Nov 01, 2018 at 07:33:33PM +0100, Jann Horn wrote: > > but I'm > > wondering if a more general mechanism would be helpful. > > > > The basic idea would be to allow libc, or maybe even any library, to > > register a handler that gets a chance to act on an exception caused by > > a user instruction before a signal is delivered. As a straw-man > > example for how this could work, there could be a new syscall: > > > > long register_exception_handler(void (*handler)(int, siginfo_t *, void *)); > > > > If a handler is registered, then, if a synchronous exception happens > > (page fault, etc), the kernel would set up an exception frame as usual > > but, rather than checking for signal handlers, it would just call the > > registered handler. > > > That handler is expected to either handle the > > exception entirely on its own or to call one of two new syscalls to > > ask for normal signal delivery > > If you do it this way, these exception handlers would have to chain, There's no need to chain if the handler is specific to the context where the fault happens. You just replace the handler with the one relevant to the code you're about to run before you run it. > > or to ask to retry the faulting instruction. > > Why would that have to be a syscall? For signal handlers registered > with SA_NODEFER, you can basically leave the signal handler with a > longjmp, right? longjmp needs a jmp_buf; it can't return to the faulting instruction. Normally (though this is not defined) signal handlers return to the faulting instruction if they return, but if returning from the exception handler meant passing through to the signal disposition, a different mechanism would be needed to signal that you want to retry the faulting instruction. Rich
next prev parent reply other threads:[~2018-11-01 18:52 UTC|newest] Thread overview: 163+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-11-01 17:53 RFC: userspace exception fixups Andy Lutomirski 2018-11-01 17:53 ` Andy Lutomirski 2018-11-01 18:09 ` Florian Weimer 2018-11-01 18:09 ` Florian Weimer 2018-11-01 18:30 ` Rich Felker 2018-11-01 18:30 ` Rich Felker 2018-11-01 19:00 ` Jarkko Sakkinen 2018-11-01 19:00 ` Jarkko Sakkinen 2018-11-01 18:27 ` Rich Felker 2018-11-01 18:27 ` Rich Felker 2018-11-01 18:33 ` Jann Horn 2018-11-01 18:33 ` Jann Horn 2018-11-01 18:52 ` Rich Felker [this message] 2018-11-01 18:52 ` Rich Felker 2018-11-01 19:10 ` Linus Torvalds 2018-11-01 19:10 ` Linus Torvalds 2018-11-01 19:31 ` Rich Felker 2018-11-01 19:31 ` Rich Felker 2018-11-01 21:24 ` Linus Torvalds 2018-11-01 21:24 ` Linus Torvalds 2018-11-01 23:22 ` Andy Lutomirski 2018-11-01 23:22 ` Andy Lutomirski 2018-11-02 16:30 ` Sean Christopherson 2018-11-02 16:30 ` Sean Christopherson 2018-11-02 16:37 ` Jethro Beekman 2018-11-02 16:37 ` Jethro Beekman 2018-11-02 16:52 ` Sean Christopherson 2018-11-02 16:52 ` Sean Christopherson 2018-11-02 16:56 ` Jethro Beekman 2018-11-02 16:56 ` Jethro Beekman 2018-11-02 17:01 ` Andy Lutomirski 2018-11-02 17:01 ` Andy Lutomirski 2018-11-02 17:05 ` Jethro Beekman 2018-11-02 17:05 ` Jethro Beekman 2018-11-02 17:16 ` Andy Lutomirski 2018-11-02 17:16 ` Andy Lutomirski 2018-11-02 17:32 ` Rich Felker 2018-11-02 17:32 ` Rich Felker 2018-11-02 17:12 ` Sean Christopherson 2018-11-02 17:12 ` Sean Christopherson 2018-11-02 22:42 ` Jarkko Sakkinen 2018-11-02 22:42 ` Jarkko Sakkinen 2018-11-02 16:56 ` Dave Hansen 2018-11-02 16:56 ` Dave Hansen 2018-11-02 17:06 ` Sean Christopherson 2018-11-02 17:06 ` Sean Christopherson 2018-11-02 17:13 ` Dave Hansen 2018-11-02 17:13 ` Dave Hansen 2018-11-02 17:33 ` Sean Christopherson 2018-11-02 17:33 ` Sean Christopherson 2018-11-02 17:48 ` Andy Lutomirski 2018-11-02 17:48 ` Andy Lutomirski 2018-11-02 18:27 ` Sean Christopherson 2018-11-02 18:27 ` Sean Christopherson 2018-11-02 19:02 ` Jann Horn 2018-11-02 19:02 ` Jann Horn 2018-11-02 22:04 ` Sean Christopherson 2018-11-02 22:04 ` Sean Christopherson 2018-11-02 23:27 ` Jann Horn 2018-11-02 23:27 ` Jann Horn 2018-11-02 23:32 ` Andy Lutomirski 2018-11-02 23:32 ` Andy Lutomirski 2018-11-02 23:36 ` Jann Horn 2018-11-02 23:36 ` Jann Horn 2018-11-06 15:37 ` Sean Christopherson 2018-11-06 15:37 ` Sean Christopherson 2018-11-06 16:57 ` Andy Lutomirski 2018-11-06 16:57 ` Andy Lutomirski 2018-11-06 17:03 ` Dave Hansen 2018-11-06 17:03 ` Dave Hansen 2018-11-06 17:19 ` Sean Christopherson 2018-11-06 17:19 ` Sean Christopherson 2018-11-06 18:20 ` Andy Lutomirski 2018-11-06 18:20 ` Andy Lutomirski 2018-11-06 18:41 ` Dave Hansen 2018-11-06 18:41 ` Dave Hansen 2018-11-06 19:02 ` Andy Lutomirski 2018-11-06 19:02 ` Andy Lutomirski 2018-11-06 19:22 ` Dave Hansen 2018-11-06 19:22 ` Dave Hansen 2018-11-06 20:12 ` Andy Lutomirski 2018-11-06 20:12 ` Andy Lutomirski 2018-11-06 21:00 ` Dave Hansen 2018-11-06 21:00 ` Dave Hansen 2018-11-06 21:07 ` Andy Lutomirski 2018-11-06 21:07 ` Andy Lutomirski 2018-11-06 21:41 ` Andy Lutomirski 2018-11-06 21:41 ` Andy Lutomirski 2018-11-06 21:59 ` Sean Christopherson 2018-11-06 21:59 ` Sean Christopherson 2018-11-06 23:00 ` Andy Lutomirski 2018-11-06 23:00 ` Andy Lutomirski 2018-11-06 23:35 ` Sean Christopherson 2018-11-06 23:35 ` Sean Christopherson 2018-11-06 23:39 ` Andy Lutomirski 2018-11-06 23:39 ` Andy Lutomirski 2018-11-07 0:02 ` Sean Christopherson 2018-11-07 0:02 ` Sean Christopherson 2018-11-07 1:17 ` Andy Lutomirski 2018-11-07 1:17 ` Andy Lutomirski 2018-11-07 6:47 ` Jethro Beekman 2018-11-07 6:47 ` Jethro Beekman 2018-11-07 15:34 ` Sean Christopherson 2018-11-07 15:34 ` Sean Christopherson 2018-11-07 19:01 ` Sean Christopherson 2018-11-07 19:01 ` Sean Christopherson 2018-11-07 20:56 ` Dave Hansen 2018-11-07 20:56 ` Dave Hansen 2018-11-08 15:04 ` Jarkko Sakkinen 2018-11-08 15:04 ` Jarkko Sakkinen 2018-11-08 19:54 ` Sean Christopherson 2018-11-08 19:54 ` Sean Christopherson 2018-11-08 20:05 ` Andy Lutomirski 2018-11-08 20:05 ` Andy Lutomirski 2018-11-08 20:10 ` Dave Hansen 2018-11-08 20:10 ` Dave Hansen 2018-11-08 21:16 ` Sean Christopherson 2018-11-08 21:16 ` Sean Christopherson 2018-11-08 21:50 ` Dave Hansen 2018-11-08 21:50 ` Dave Hansen 2018-11-08 22:04 ` Sean Christopherson 2018-11-08 22:04 ` Sean Christopherson 2018-11-09 7:12 ` Christoph Hellwig 2018-11-09 7:12 ` Christoph Hellwig 2018-11-06 23:17 ` Rich Felker 2018-11-06 23:17 ` Rich Felker 2018-11-06 23:26 ` Sean Christopherson 2018-11-06 23:26 ` Sean Christopherson 2018-11-07 21:27 ` Rich Felker 2018-11-07 21:27 ` Rich Felker 2018-11-07 21:33 ` Andy Lutomirski 2018-11-07 21:33 ` Andy Lutomirski 2018-11-07 21:40 ` Sean Christopherson 2018-11-07 21:40 ` Sean Christopherson 2018-11-08 15:11 ` Jarkko Sakkinen 2018-11-08 15:11 ` Jarkko Sakkinen 2018-11-06 17:00 ` Dave Hansen 2018-11-06 17:00 ` Dave Hansen 2018-11-02 22:37 ` Jarkko Sakkinen 2018-11-02 22:37 ` Jarkko Sakkinen 2018-11-01 19:06 ` Linus Torvalds 2018-11-01 19:06 ` Linus Torvalds 2018-11-02 22:07 ` Jarkko Sakkinen 2018-11-02 22:07 ` Jarkko Sakkinen 2018-11-18 7:15 ` Jarkko Sakkinen 2018-11-18 7:18 ` Jarkko Sakkinen 2018-11-18 13:02 ` Jarkko Sakkinen 2018-11-19 5:17 ` Jethro Beekman 2018-11-19 14:05 ` Jarkko Sakkinen 2018-11-19 14:59 ` Jarkko Sakkinen 2018-11-19 15:29 ` Andy Lutomirski 2018-11-19 16:02 ` Jarkko Sakkinen 2018-11-19 17:00 ` Andy Lutomirski 2018-11-20 10:11 ` Jarkko Sakkinen 2018-11-20 15:19 ` Andy Lutomirski 2018-11-20 22:55 ` Jarkko Sakkinen 2018-11-21 5:17 ` Jethro Beekman 2018-11-21 15:17 ` Jarkko Sakkinen 2018-11-24 17:07 ` Jarkko Sakkinen 2018-11-26 14:35 ` Sean Christopherson 2018-11-26 22:06 ` Jarkko Sakkinen 2018-11-20 18:09 ` Sean Christopherson 2018-11-20 22:46 ` Jarkko Sakkinen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20181101185225.GC5150@brightrain.aerifal.cx \ --to=dalias@libc.org \ --cc=adhemerval.zanella@linaro.org \ --cc=andriy.shevchenko@linux.intel.com \ --cc=bp@alien8.de \ --cc=carlos@redhat.com \ --cc=dave.hansen@linux.intel.com \ --cc=fweimer@redhat.com \ --cc=jannh@google.com \ --cc=jarkko.sakkinen@linux.intel.com \ --cc=jethro@fortanix.com \ --cc=linux-api@vger.kernel.org \ --cc=linux-arch@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-sgx@vger.kernel.org \ --cc=luto@kernel.org \ --cc=mingo@redhat.com \ --cc=nhorman@redhat.com \ --cc=npmccallum@redhat.com \ --cc=peterz@infradead.org \ --cc=sean.j.christopherson@intel.com \ --cc=serge.ayoun@intel.com \ --cc=shay.katz-zamir@intel.com \ --cc=tglx@linutronix.de \ --cc=torvalds@linux-foundation.org \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).