* [PATCH 00/20] exit cleanups
@ 2021-10-20 17:32 Eric W. Biederman
2021-10-20 17:43 ` [PATCH 07/20] signal/powerpc: On swapcontext failure force SIGSEGV Eric W. Biederman
2021-10-20 21:51 ` [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) Eric W. Biederman
0 siblings, 2 replies; 7+ messages in thread
From: Eric W. Biederman @ 2021-10-20 17:32 UTC (permalink / raw)
To: linux-kernel
Cc: Rich Felker, linux-xtensa, linux-mips, Max Filippov,
Paul Mackerras, H Peter Anvin, sparclinux, Vincent Chen,
Thomas Gleixner, linux-arch, linux-s390, Yoshinori Sato,
linux-sh, Christian Borntraeger, Ingo Molnar, Jonas Bonn,
Kees Cook, Vasily Gorbik, Heiko Carstens, Stefan Kristiansson,
openrisc, Borislav Petkov, Al Viro, Andy Lutomirski,
Stafford Horne, Chris Zankel, Thomas Bogendoerfer, Nick Hu,
linuxppc-dev, Oleg Nesterov, Greg Kroah-Hartman, Maciej Rozycki,
Linus Torvalds, David Miller, Greentime Hu
While looking at some issues related to the exit path in the kernel I
found several instances where the code is not using the existing
abstractions properly.
This set of changes introduces force_fatal_sig a way of sending
a signal and not allowing it to be caught, and corrects the
misuse of the existing abstractions that I found.
A lot of the misuse of the existing abstractions are silly things such
as doing something after calling a no return function, rolling BUG by
hand, doing more work than necessary to terminate a kernel thread, or
calling do_exit(SIGKILL) instead of calling force_sig(SIGKILL).
It is my plan after sending all of these changes out for review to place
them in a topic branch for sending Linus. Especially for the changes
that depend upon the new helper force_fatal_sig this is important.
Eric W. Biederman (20):
exit/doublefault: Remove apparently bogus comment about rewind_stack_do_exit
exit: Remove calls of do_exit after noreturn versions of die
reboot: Remove the unreachable panic after do_exit in reboot(2)
signal/sparc32: Remove unreachable do_exit in do_sparc_fault
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL)
signal/powerpc: On swapcontext failure force SIGSEGV
signal/sparc: In setup_tsb_params convert open coded BUG into BUG
signal/vm86_32: Replace open coded BUG_ON with an actual BUG_ON
signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved.
signal/s390: Use force_sigsegv in default_trap_handler
exit/kthread: Have kernel threads return instead of calling do_exit
signal: Implement force_fatal_sig
exit/syscall_user_dispatch: Send ordinary signals on failure
signal/sparc32: Exit with a fatal signal when try_to_clear_window_buffer fails
signal/sparc32: In setup_rt_frame and setup_fram use force_fatal_sig
signal/x86: In emulate_vsyscall force a signal instead of calling do_exit
exit/rtl8723bs: Replace the macro thread_exit with a simple return 0
exit/rtl8712: Replace the macro thread_exit with a simple return 0
exit/r8188eu: Replace the macro thread_exit with a simple return 0
arch/mips/kernel/r2300_fpu.S | 4 ++--
arch/mips/kernel/syscall.c | 9 --------
arch/nds32/kernel/traps.c | 2 +-
arch/nds32/mm/fault.c | 6 +----
arch/openrisc/kernel/traps.c | 2 +-
arch/openrisc/mm/fault.c | 4 +---
arch/powerpc/kernel/signal_32.c | 6 +++--
arch/powerpc/kernel/signal_64.c | 9 +++++---
arch/s390/include/asm/kdebug.h | 2 +-
arch/s390/kernel/dumpstack.c | 2 +-
arch/s390/kernel/traps.c | 2 +-
arch/s390/mm/fault.c | 2 --
arch/sh/kernel/cpu/fpu.c | 10 +++++----
arch/sh/kernel/traps.c | 2 +-
arch/sh/mm/fault.c | 2 --
arch/sparc/kernel/signal_32.c | 4 ++--
arch/sparc/kernel/windows.c | 6 +++--
arch/sparc/mm/fault_32.c | 1 -
arch/sparc/mm/tsb.c | 2 +-
arch/x86/entry/vsyscall/vsyscall_64.c | 3 ++-
arch/x86/kernel/doublefault_32.c | 3 ---
arch/x86/kernel/signal.c | 6 ++++-
arch/x86/kernel/vm86_32.c | 8 +++----
arch/xtensa/kernel/traps.c | 2 +-
arch/xtensa/mm/fault.c | 3 +--
drivers/firmware/stratix10-svc.c | 4 ++--
drivers/soc/ti/wkup_m3_ipc.c | 2 +-
drivers/staging/r8188eu/core/rtw_cmd.c | 2 +-
drivers/staging/r8188eu/core/rtw_mp.c | 2 +-
drivers/staging/r8188eu/include/osdep_service.h | 2 --
drivers/staging/rtl8712/osdep_service.h | 1 -
drivers/staging/rtl8712/rtl8712_cmd.c | 2 +-
drivers/staging/rtl8723bs/core/rtw_cmd.c | 2 +-
drivers/staging/rtl8723bs/core/rtw_xmit.c | 2 +-
drivers/staging/rtl8723bs/hal/rtl8723bs_xmit.c | 2 +-
.../rtl8723bs/include/osdep_service_linux.h | 2 --
fs/ocfs2/journal.c | 5 +----
include/linux/sched/signal.h | 1 +
kernel/entry/syscall_user_dispatch.c | 12 ++++++----
kernel/kthread.c | 2 +-
kernel/reboot.c | 1 -
kernel/signal.c | 26 ++++++++++++++--------
net/batman-adv/tp_meter.c | 2 +-
43 files changed, 83 insertions(+), 91 deletions(-)
Eric
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 07/20] signal/powerpc: On swapcontext failure force SIGSEGV
2021-10-20 17:32 [PATCH 00/20] exit cleanups Eric W. Biederman
@ 2021-10-20 17:43 ` Eric W. Biederman
2021-10-21 16:09 ` Kees Cook
2021-10-20 21:51 ` [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) Eric W. Biederman
1 sibling, 1 reply; 7+ messages in thread
From: Eric W. Biederman @ 2021-10-20 17:43 UTC (permalink / raw)
To: linux-kernel
Cc: linux-arch, Kees Cook, linuxppc-dev, Oleg Nesterov,
Paul Mackerras, Eric W. Biederman, Linus Torvalds, Al Viro
If the register state may be partial and corrupted instead of calling
do_exit, call force_sigsegv(SIGSEGV). Which properly kills the
process with SIGSEGV and does not let any more userspace code execute,
instead of just killing one thread of the process and potentially
confusing everything.
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: linuxppc-dev@lists.ozlabs.org
History-tree: git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
Fixes: 756f1ae8a44e ("PPC32: Rework signal code and add a swapcontext system call.")
Fixes: 04879b04bf50 ("[PATCH] ppc64: VMX (Altivec) support & signal32 rework, from Ben Herrenschmidt")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
arch/powerpc/kernel/signal_32.c | 6 ++++--
arch/powerpc/kernel/signal_64.c | 9 ++++++---
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index 0608581967f0..666f3da41232 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -1062,8 +1062,10 @@ SYSCALL_DEFINE3(swapcontext, struct ucontext __user *, old_ctx,
* or if another thread unmaps the region containing the context.
* We kill the task with a SIGSEGV in this situation.
*/
- if (do_setcontext(new_ctx, regs, 0))
- do_exit(SIGSEGV);
+ if (do_setcontext(new_ctx, regs, 0)) {
+ force_sigsegv(SIGSEGV);
+ return -EFAULT;
+ }
set_thread_flag(TIF_RESTOREALL);
return 0;
diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
index 1831bba0582e..d8de622c9e4a 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
@@ -703,15 +703,18 @@ SYSCALL_DEFINE3(swapcontext, struct ucontext __user *, old_ctx,
* We kill the task with a SIGSEGV in this situation.
*/
- if (__get_user_sigset(&set, &new_ctx->uc_sigmask))
- do_exit(SIGSEGV);
+ if (__get_user_sigset(&set, &new_ctx->uc_sigmask)) {
+ force_sigsegv(SIGSEGV);
+ return -EFAULT;
+ }
set_current_blocked(&set);
if (!user_read_access_begin(new_ctx, ctx_size))
return -EFAULT;
if (__unsafe_restore_sigcontext(current, NULL, 0, &new_ctx->uc_mcontext)) {
user_read_access_end();
- do_exit(SIGSEGV);
+ force_sigsegv(SIGSEGV);
+ return -EFAULT;
}
user_read_access_end();
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
2021-10-20 17:32 [PATCH 00/20] exit cleanups Eric W. Biederman
2021-10-20 17:43 ` [PATCH 07/20] signal/powerpc: On swapcontext failure force SIGSEGV Eric W. Biederman
@ 2021-10-20 21:51 ` Eric W. Biederman
2021-10-21 8:09 ` Geert Uytterhoeven
2021-10-21 8:32 ` Philippe Mathieu-Daudé
1 sibling, 2 replies; 7+ messages in thread
From: Eric W. Biederman @ 2021-10-20 21:51 UTC (permalink / raw)
To: linux-kernel
Cc: Rich Felker, linux-xtensa, linux-mips, Max Filippov,
Paul Mackerras, H Peter Anvin, sparclinux, Vincent Chen,
Thomas Gleixner, linux-arch, linux-s390, Yoshinori Sato,
linux-sh, Christian Borntraeger, Ingo Molnar, Jonas Bonn,
Kees Cook, Vasily Gorbik, Heiko Carstens, Stefan Kristiansson,
openrisc, Borislav Petkov, Al Viro, Andy Lutomirski,
Stafford Horne, Chris Zankel, Thomas Bogendoerfer, Nick Hu,
linuxppc-dev, Oleg Nesterov, Greg Kroah-Hartman, Maciej Rozycki,
Linus Torvalds, David Miller, Greentime Hu
Now that force_fatal_sig exists it is unnecessary and a bit confusing
to use force_sigsegv in cases where the simpler force_fatal_sig is
wanted. So change every instance we can to make the code clearer.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
arch/arc/kernel/process.c | 2 +-
arch/m68k/kernel/traps.c | 2 +-
arch/powerpc/kernel/signal_32.c | 2 +-
arch/powerpc/kernel/signal_64.c | 4 ++--
arch/s390/kernel/traps.c | 2 +-
arch/um/kernel/trap.c | 2 +-
arch/x86/kernel/vm86_32.c | 2 +-
fs/exec.c | 2 +-
8 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/arch/arc/kernel/process.c b/arch/arc/kernel/process.c
index 3793876f42d9..8e90052f6f05 100644
--- a/arch/arc/kernel/process.c
+++ b/arch/arc/kernel/process.c
@@ -294,7 +294,7 @@ int elf_check_arch(const struct elf32_hdr *x)
eflags = x->e_flags;
if ((eflags & EF_ARC_OSABI_MSK) != EF_ARC_OSABI_CURRENT) {
pr_err("ABI mismatch - you need newer toolchain\n");
- force_sigsegv(SIGSEGV);
+ force_fatal_sig(SIGSEGV);
return 0;
}
diff --git a/arch/m68k/kernel/traps.c b/arch/m68k/kernel/traps.c
index 5b19fcdcd69e..74045d164ddb 100644
--- a/arch/m68k/kernel/traps.c
+++ b/arch/m68k/kernel/traps.c
@@ -1150,7 +1150,7 @@ asmlinkage void set_esp0(unsigned long ssp)
*/
asmlinkage void fpsp040_die(void)
{
- force_sigsegv(SIGSEGV);
+ force_fatal_sig(SIGSEGV);
}
#ifdef CONFIG_M68KFPU_EMU
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index 666f3da41232..933ab95805a6 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -1063,7 +1063,7 @@ SYSCALL_DEFINE3(swapcontext, struct ucontext __user *, old_ctx,
* We kill the task with a SIGSEGV in this situation.
*/
if (do_setcontext(new_ctx, regs, 0)) {
- force_sigsegv(SIGSEGV);
+ force_fatal_sig(SIGSEGV);
return -EFAULT;
}
diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
index d8de622c9e4a..8ead9b3f47c6 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
@@ -704,7 +704,7 @@ SYSCALL_DEFINE3(swapcontext, struct ucontext __user *, old_ctx,
*/
if (__get_user_sigset(&set, &new_ctx->uc_sigmask)) {
- force_sigsegv(SIGSEGV);
+ force_fatal_sig(SIGSEGV);
return -EFAULT;
}
set_current_blocked(&set);
@@ -713,7 +713,7 @@ SYSCALL_DEFINE3(swapcontext, struct ucontext __user *, old_ctx,
return -EFAULT;
if (__unsafe_restore_sigcontext(current, NULL, 0, &new_ctx->uc_mcontext)) {
user_read_access_end();
- force_sigsegv(SIGSEGV);
+ force_fatal_sig(SIGSEGV);
return -EFAULT;
}
user_read_access_end();
diff --git a/arch/s390/kernel/traps.c b/arch/s390/kernel/traps.c
index 51729ea2cf8e..01a7c68dcfb6 100644
--- a/arch/s390/kernel/traps.c
+++ b/arch/s390/kernel/traps.c
@@ -84,7 +84,7 @@ static void default_trap_handler(struct pt_regs *regs)
{
if (user_mode(regs)) {
report_user_fault(regs, SIGSEGV, 0);
- force_sigsegv(SIGSEGV);
+ force_fatal_sig(SIGSEGV);
} else
die(regs, "Unknown program exception");
}
diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c
index 3198c4767387..c32efb09db21 100644
--- a/arch/um/kernel/trap.c
+++ b/arch/um/kernel/trap.c
@@ -158,7 +158,7 @@ static void bad_segv(struct faultinfo fi, unsigned long ip)
void fatal_sigsegv(void)
{
- force_sigsegv(SIGSEGV);
+ force_fatal_sig(SIGSEGV);
do_signal(¤t->thread.regs);
/*
* This is to tell gcc that we're not returning - do_signal
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
index 040fd01be8b3..7ff0f622abd4 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -159,7 +159,7 @@ void save_v86_state(struct kernel_vm86_regs *regs, int retval)
user_access_end();
Efault:
pr_alert("could not access userspace vm86 info\n");
- force_sigsegv(SIGSEGV);
+ force_fatal_sig(SIGSEGV);
}
static int do_vm86_irq_handling(int subfunction, int irqnumber);
diff --git a/fs/exec.c b/fs/exec.c
index a098c133d8d7..ac7b51b51f38 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1852,7 +1852,7 @@ static int bprm_execve(struct linux_binprm *bprm,
* SIGSEGV.
*/
if (bprm->point_of_no_return && !fatal_signal_pending(current))
- force_sigsegv(SIGSEGV);
+ force_fatal_sig(SIGSEGV);
out_unmark:
current->fs->in_exec = 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
2021-10-20 21:51 ` [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) Eric W. Biederman
@ 2021-10-21 8:09 ` Geert Uytterhoeven
2021-10-21 13:33 ` Eric W. Biederman
2021-10-21 8:32 ` Philippe Mathieu-Daudé
1 sibling, 1 reply; 7+ messages in thread
From: Geert Uytterhoeven @ 2021-10-21 8:09 UTC (permalink / raw)
To: Eric W. Biederman
Cc: Rich Felker, Linux-sh list, Linux Kernel Mailing List,
Max Filippov, Paul Mackerras, Greentime Hu, H Peter Anvin,
sparclinux, Vincent Chen, Linux-Arch, linux-s390, Yoshinori Sato,
Christian Borntraeger, Ingo Molnar,
open list:TENSILICA XTENSA PORT (xtensa),
Kees Cook, Vasily Gorbik, Heiko Carstens, Openrisc,
Borislav Petkov, Al Viro, Andy Lutomirski, Oleg Nesterov,
Thomas Gleixner, Chris Zankel, Jonas Bonn, Nick Hu,
Greg Kroah-Hartman, Linus Torvalds,
open list:BROADCOM NVRAM DRIVER, Thomas Bogendoerfer,
linuxppc-dev, David Miller, Maciej Rozycki
Hi Eric,
Patch 21/20?
On Wed, Oct 20, 2021 at 11:52 PM Eric W. Biederman
<ebiederm@xmission.com> wrote:
> Now that force_fatal_sig exists it is unnecessary and a bit confusing
> to use force_sigsegv in cases where the simpler force_fatal_sig is
> wanted. So change every instance we can to make the code clearer.
>
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> arch/m68k/kernel/traps.c | 2 +-
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
2021-10-20 21:51 ` [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) Eric W. Biederman
2021-10-21 8:09 ` Geert Uytterhoeven
@ 2021-10-21 8:32 ` Philippe Mathieu-Daudé
1 sibling, 0 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-10-21 8:32 UTC (permalink / raw)
To: Eric W. Biederman
Cc: Rich Felker, linux-xtensa, Oleg Nesterov, Max Filippov,
Paul Mackerras, H Peter Anvin, sparclinux, Vincent Chen,
Thomas Gleixner, linux-arch, linux-s390, Yoshinori Sato,
linux-sh, Christian Borntraeger, Ingo Molnar,
open list:BROADCOM NVRAM DRIVER, Jonas Bonn, Kees Cook,
Vasily Gorbik, Heiko Carstens, Stefan Kristiansson, openrisc,
Borislav Petkov, Al Viro, Andy Lutomirski, Stafford Horne,
Chris Zankel, Thomas Bogendoerfer, Nick Hu, linuxppc-dev,
open list, Greg Kroah-Hartman, Maciej Rozycki, Linus Torvalds,
David Miller, Greentime Hu
On Wed, Oct 20, 2021 at 11:52 PM Eric W. Biederman
<ebiederm@xmission.com> wrote:
>
>
> Now that force_fatal_sig exists it is unnecessary and a bit confusing
> to use force_sigsegv in cases where the simpler force_fatal_sig is
> wanted. So change every instance we can to make the code clearer.
>
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
> ---
> arch/arc/kernel/process.c | 2 +-
> arch/m68k/kernel/traps.c | 2 +-
> arch/powerpc/kernel/signal_32.c | 2 +-
> arch/powerpc/kernel/signal_64.c | 4 ++--
> arch/s390/kernel/traps.c | 2 +-
> arch/um/kernel/trap.c | 2 +-
> arch/x86/kernel/vm86_32.c | 2 +-
> fs/exec.c | 2 +-
> 8 files changed, 9 insertions(+), 9 deletions(-)
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV)
2021-10-21 8:09 ` Geert Uytterhoeven
@ 2021-10-21 13:33 ` Eric W. Biederman
0 siblings, 0 replies; 7+ messages in thread
From: Eric W. Biederman @ 2021-10-21 13:33 UTC (permalink / raw)
To: Geert Uytterhoeven
Cc: Rich Felker, Linux-sh list, Linux Kernel Mailing List,
Max Filippov, Paul Mackerras, Greentime Hu, H Peter Anvin,
sparclinux, Vincent Chen, Linux-Arch, linux-s390, Yoshinori Sato,
Christian Borntraeger, Ingo Molnar,
open list:TENSILICA XTENSA PORT (xtensa),
Kees Cook, Vasily Gorbik, Heiko Carstens, Openrisc,
Borislav Petkov, Al Viro, Andy Lutomirski, Oleg Nesterov,
Thomas Gleixner, Chris Zankel, Jonas Bonn, Nick Hu,
Greg Kroah-Hartman, Linus Torvalds,
open list:BROADCOM NVRAM DRIVER, Thomas Bogendoerfer,
linuxppc-dev, David Miller, Maciej Rozycki
Geert Uytterhoeven <geert@linux-m68k.org> writes:
> Hi Eric,
>
> Patch 21/20?
In reviewing another part of the patchset Linus asked if force_sigsegv
could go away. It can't completely but I can get this far.
Given that it is just a cleanup it makes most sense to me as an
additional patch on top of what is already here.
> On Wed, Oct 20, 2021 at 11:52 PM Eric W. Biederman
> <ebiederm@xmission.com> wrote:
>> Now that force_fatal_sig exists it is unnecessary and a bit confusing
>> to use force_sigsegv in cases where the simpler force_fatal_sig is
>> wanted. So change every instance we can to make the code clearer.
>>
>> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
>
>> arch/m68k/kernel/traps.c | 2 +-
>
> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Thank you.
Eric
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH 07/20] signal/powerpc: On swapcontext failure force SIGSEGV
2021-10-20 17:43 ` [PATCH 07/20] signal/powerpc: On swapcontext failure force SIGSEGV Eric W. Biederman
@ 2021-10-21 16:09 ` Kees Cook
0 siblings, 0 replies; 7+ messages in thread
From: Kees Cook @ 2021-10-21 16:09 UTC (permalink / raw)
To: Eric W. Biederman
Cc: linux-arch, linuxppc-dev, linux-kernel, Oleg Nesterov,
Paul Mackerras, Al Viro, Linus Torvalds
On Wed, Oct 20, 2021 at 12:43:53PM -0500, Eric W. Biederman wrote:
> If the register state may be partial and corrupted instead of calling
> do_exit, call force_sigsegv(SIGSEGV). Which properly kills the
> process with SIGSEGV and does not let any more userspace code execute,
> instead of just killing one thread of the process and potentially
> confusing everything.
>
> Cc: Michael Ellerman <mpe@ellerman.id.au>
> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
> Cc: Paul Mackerras <paulus@samba.org>
> Cc: linuxppc-dev@lists.ozlabs.org
> History-tree: git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
> Fixes: 756f1ae8a44e ("PPC32: Rework signal code and add a swapcontext system call.")
> Fixes: 04879b04bf50 ("[PATCH] ppc64: VMX (Altivec) support & signal32 rework, from Ben Herrenschmidt")
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This looks right to me.
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-10-21 16:10 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-20 17:32 [PATCH 00/20] exit cleanups Eric W. Biederman
2021-10-20 17:43 ` [PATCH 07/20] signal/powerpc: On swapcontext failure force SIGSEGV Eric W. Biederman
2021-10-21 16:09 ` Kees Cook
2021-10-20 21:51 ` [PATCH 21/20] signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) Eric W. Biederman
2021-10-21 8:09 ` Geert Uytterhoeven
2021-10-21 13:33 ` Eric W. Biederman
2021-10-21 8:32 ` Philippe Mathieu-Daudé
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).