All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] x86/signals: Fix save/restore signal stack to correctly support sigset_t
@ 2020-11-19 22:11 Walt Drummond
  2020-11-28  5:23 ` Al Viro
  0 siblings, 1 reply; 5+ messages in thread
From: Walt Drummond @ 2020-11-19 22:11 UTC (permalink / raw)
  To: tglx, mingo, bp, x86, hpa, viro, brgerst, linux, walt,
	gustavoars, linux-kernel

The macro unsafe_put_sigmask() only handles the first 64 bits of the
sigmask_t, which works today.  However, if the definition of the
sigset_t structure ever changed, this would fail to setup/restore the
signal stack properly and likely corrupt the sigset. This patch
updates unsafe_put_sigmask() to correctly save all the fields in the
sigmask_t struct, and adds unsafe_put_compat_sigmask() to handle the
compat_sigset_t cases.

Signed-off-by: Walt Drummond <walt@drummond.us>
---
 arch/x86/kernel/signal.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index be0d7d4152ec..4d5134b4bb5f 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -203,11 +203,18 @@ do {									\
 		goto label;						\
 } while(0);
 
-#define unsafe_put_sigmask(set, frame, label) \
+#define unsafe_put_compat_sigmask(set, frame, label) \
 	unsafe_put_user(*(__u64 *)(set), \
 			(__u64 __user *)&(frame)->uc.uc_sigmask, \
 			label)
 
+#define unsafe_put_sigmask(set, frame, label)           \
+do {                                                    \
+	int i;								\
+	for (i = 0; i < _NSIG_WORDS; i++)				\
+		unsafe_put_user((set)->sig[i], &(frame)->uc.uc_sigmask.sig[i], label); \
+} while(0);
+
 /*
  * Set up a signal frame.
  */
@@ -566,7 +573,7 @@ static int x32_setup_rt_frame(struct ksignal *ksig,
 	restorer = ksig->ka.sa.sa_restorer;
 	unsafe_put_user(restorer, (unsigned long __user *)&frame->pretcode, Efault);
 	unsafe_put_sigcontext(&frame->uc.uc_mcontext, fp, regs, set, Efault);
-	unsafe_put_sigmask(set, frame, Efault);
+	unsafe_put_compat_sigmask(set, frame, Efault);
 	user_access_end();
 
 	if (ksig->ka.sa.sa_flags & SA_SIGINFO) {
@@ -643,7 +650,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
 	frame = (struct rt_sigframe __user *)(regs->sp - sizeof(long));
 	if (!access_ok(frame, sizeof(*frame)))
 		goto badframe;
-	if (__get_user(*(__u64 *)&set, (__u64 __user *)&frame->uc.uc_sigmask))
+	if (copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(sigset_t)))
 		goto badframe;
 	if (__get_user(uc_flags, &frame->uc.uc_flags))
 		goto badframe;
-- 
2.27.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] x86/signals: Fix save/restore signal stack to correctly support sigset_t
  2020-11-19 22:11 [PATCH] x86/signals: Fix save/restore signal stack to correctly support sigset_t Walt Drummond
@ 2020-11-28  5:23 ` Al Viro
       [not found]   ` <CADCN6nyGW0=QS=J+704n-mtAqTxgVrKZC=P8d01NZ_pjssptew@mail.gmail.com>
  0 siblings, 1 reply; 5+ messages in thread
From: Al Viro @ 2020-11-28  5:23 UTC (permalink / raw)
  To: Walt Drummond
  Cc: tglx, mingo, bp, x86, hpa, brgerst, linux, gustavoars, linux-kernel

On Thu, Nov 19, 2020 at 02:11:33PM -0800, Walt Drummond wrote:
> The macro unsafe_put_sigmask() only handles the first 64 bits of the
> sigmask_t, which works today.  However, if the definition of the
> sigset_t structure ever changed,

... existing userland would get fucked over, since sigset_t is
present in user-visible data structures.  Including the ones
we are using that thing for - struct rt_sigframe, for starters.

Layout of those suckers is very much cast in stone.  We *can't*
change it, no matter what we do kernel-side.

NAKed-by: Al Viro <viro@zeniv.linux.org.uk>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] x86/signals: Fix save/restore signal stack to correctly support sigset_t
       [not found]   ` <CADCN6nyGW0=QS=J+704n-mtAqTxgVrKZC=P8d01NZ_pjssptew@mail.gmail.com>
@ 2020-11-29  2:52     ` Walt Drummond
  2020-11-29  3:28     ` Al Viro
  1 sibling, 0 replies; 5+ messages in thread
From: Walt Drummond @ 2020-11-29  2:52 UTC (permalink / raw)
  To: Al Viro
  Cc: tglx, mingo, bp, x86, hpa, brgerst, linux, gustavoars, linux-kernel

(Sorry, resending as Gmail decided to ignore "Plaintext mode")

Thanks Al.  I want to understand the nuance, so please bear with me as
I reason this out.   The cast in stone nature of this is due to both
the need to keep userspace and kernel space in sync (ie, you'd have to
coordinate libc and kernel changes super tightly to pull this off),
and any change in the size of struct rt_sigframe would break backwards
compatibility with older binaries, is that correct?

Thanks, appreciate the help here.
--Walt


On Sat, Nov 28, 2020 at 6:19 PM Walt Drummond <walt@drummond.us> wrote:
>
> Thanks Al.  I want to understand the nuance, so please bear with me as I reason this out.   The cast in stone nature of this is due to both the need to keep userspace and kernel space in sync (ie, you'd have to coordinate libc and kernel changes super tightly to pull this off), and any change in the size of struct rt_sigframe would break backwards compatibility with older binaries, is that correct?
>
> Thanks, appreciate the help here.
> --Walt
>
>
> On Fri, Nov 27, 2020 at 9:23 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>>
>> On Thu, Nov 19, 2020 at 02:11:33PM -0800, Walt Drummond wrote:
>> > The macro unsafe_put_sigmask() only handles the first 64 bits of the
>> > sigmask_t, which works today.  However, if the definition of the
>> > sigset_t structure ever changed,
>>
>> ... existing userland would get fucked over, since sigset_t is
>> present in user-visible data structures.  Including the ones
>> we are using that thing for - struct rt_sigframe, for starters.
>>
>> Layout of those suckers is very much cast in stone.  We *can't*
>> change it, no matter what we do kernel-side.
>>
>> NAKed-by: Al Viro <viro@zeniv.linux.org.uk>

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] x86/signals: Fix save/restore signal stack to correctly support sigset_t
       [not found]   ` <CADCN6nyGW0=QS=J+704n-mtAqTxgVrKZC=P8d01NZ_pjssptew@mail.gmail.com>
  2020-11-29  2:52     ` Walt Drummond
@ 2020-11-29  3:28     ` Al Viro
  2020-11-29 16:27       ` Walt Drummond
  1 sibling, 1 reply; 5+ messages in thread
From: Al Viro @ 2020-11-29  3:28 UTC (permalink / raw)
  To: Walt Drummond
  Cc: tglx, mingo, bp, x86, hpa, brgerst, linux, gustavoars, linux-kernel

On Sat, Nov 28, 2020 at 06:19:31PM -0800, Walt Drummond wrote:
> Thanks Al.  I want to understand the nuance, so please bear with me as I
> reason this out.   The cast in stone nature of this is due to both the need
> to keep userspace and kernel space in sync (ie, you'd have to coordinate
> libc and kernel changes super tightly to pull this off), and any change in
> the size of struct rt_sigframe would break backwards compatibility with
> older binaries, is that correct?

Pretty much so.  I would expect gdb and friends to be very unhappy about
that, for starters, along with a bunch of fun stuff like JVM, etc.

Ask the userland folks (libc, gdb, etc.) how would they feel about such
changes.  I'm fairly sure that it's _not_ going to be a matter of
changing _NSIG, rebuilding the kernel and living happily ever after.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] x86/signals: Fix save/restore signal stack to correctly support sigset_t
  2020-11-29  3:28     ` Al Viro
@ 2020-11-29 16:27       ` Walt Drummond
  0 siblings, 0 replies; 5+ messages in thread
From: Walt Drummond @ 2020-11-29 16:27 UTC (permalink / raw)
  To: Al Viro
  Cc: tglx, mingo, bp, x86, hpa, brgerst, linux, gustavoars, linux-kernel

Got it.  Thanks again Al.

On Sat, Nov 28, 2020 at 7:28 PM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> On Sat, Nov 28, 2020 at 06:19:31PM -0800, Walt Drummond wrote:
> > Thanks Al.  I want to understand the nuance, so please bear with me as I
> > reason this out.   The cast in stone nature of this is due to both the need
> > to keep userspace and kernel space in sync (ie, you'd have to coordinate
> > libc and kernel changes super tightly to pull this off), and any change in
> > the size of struct rt_sigframe would break backwards compatibility with
> > older binaries, is that correct?
>
> Pretty much so.  I would expect gdb and friends to be very unhappy about
> that, for starters, along with a bunch of fun stuff like JVM, etc.
>
> Ask the userland folks (libc, gdb, etc.) how would they feel about such
> changes.  I'm fairly sure that it's _not_ going to be a matter of
> changing _NSIG, rebuilding the kernel and living happily ever after.

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-11-29 16:28 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-19 22:11 [PATCH] x86/signals: Fix save/restore signal stack to correctly support sigset_t Walt Drummond
2020-11-28  5:23 ` Al Viro
     [not found]   ` <CADCN6nyGW0=QS=J+704n-mtAqTxgVrKZC=P8d01NZ_pjssptew@mail.gmail.com>
2020-11-29  2:52     ` Walt Drummond
2020-11-29  3:28     ` Al Viro
2020-11-29 16:27       ` Walt Drummond

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.