[PATCH] powerpc/signal: Properly handle return value from uprobe_deny_signal()

[PATCH] powerpc/signal: Properly handle return value from uprobe_deny_signal()

[Naveen N. Rao]

When a uprobe is installed on an instruction that we currently do not
emulate, we copy the instruction into a xol buffer and single step
that instruction. If that instruction generates a fault, we abort the
single stepping before invoking the signal handler. Once the signal
handler is done, the uprobe trap is hit again since the instruction is
retried and the process repeats.

We use uprobe_deny_signal() to detect if the xol instruction triggered
a signal. If so, we clear TIF_SIGPENDING and set TIF_UPROBE so that the
signal is not handled until after the single stepping is aborted. In
this case, uprobe_deny_signal() returns true and get_signal() ends up
returning 0. However, in do_signal(), we are not looking at the return
value, but depending on ksig.sig for further action, all with an
uninitialized ksig that is not touched in this scenario. Fix the same
by initializing ksig.sig to 0.

Fixes: 129b69df9c907 ("powerpc: Use get_signal() signal_setup_done()")

Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
---
 arch/powerpc/kernel/signal.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/kernel/signal.c b/arch/powerpc/kernel/signal.c
index e9436c5e1e09..3d7539b90010 100644
--- a/arch/powerpc/kernel/signal.c
+++ b/arch/powerpc/kernel/signal.c
@@ -103,7 +103,7 @@ static void check_syscall_restart(struct pt_regs *regs, struct k_sigaction *ka,
 static void do_signal(struct task_struct *tsk)
 {
 	sigset_t *oldset = sigmask_to_save();
-	struct ksignal ksig;
+	struct ksignal ksig = { .sig = 0 };
 	int ret;
 	int is32 = is_32bit_task();
 
-- 
2.14.1

Re: powerpc/signal: Properly handle return value from uprobe_deny_signal()

[Michael Ellerman]

On Thu, 2017-08-31 at 16:25:57 UTC, "Naveen N. Rao" wrote:
> When a uprobe is installed on an instruction that we currently do not
> emulate, we copy the instruction into a xol buffer and single step
> that instruction. If that instruction generates a fault, we abort the
> single stepping before invoking the signal handler. Once the signal
> handler is done, the uprobe trap is hit again since the instruction is
> retried and the process repeats.
> 
> We use uprobe_deny_signal() to detect if the xol instruction triggered
> a signal. If so, we clear TIF_SIGPENDING and set TIF_UPROBE so that the
> signal is not handled until after the single stepping is aborted. In
> this case, uprobe_deny_signal() returns true and get_signal() ends up
> returning 0. However, in do_signal(), we are not looking at the return
> value, but depending on ksig.sig for further action, all with an
> uninitialized ksig that is not touched in this scenario. Fix the same
> by initializing ksig.sig to 0.
> 
> Fixes: 129b69df9c907 ("powerpc: Use get_signal() signal_setup_done()")
> 
> Reported-by: Anton Blanchard <anton@samba.org>
> Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/46725b17f1c6c815a41429259b3f07

cheers