linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: James Morse <james.morse@arm.com>
To: Yury Norov <ynorov@caviumnetworks.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
	linux-arm-kernel@lists.infradead.org,
	linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
	Arnd Bergmann <arnd@arndb.de>,
	Andrew Pinski <Andrew.Pinski@caviumnetworks.com>,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	Chris Metcalf <cmetcalf@ezchip.com>,
	philipp.tomsich@theobroma-systems.com,
	Joseph Myers <joseph@codesourcery.com>,
	zhouchengming1@huawei.com,
	Steve Ellcey <sellcey@caviumnetworks.com>,
	Prasun.Kapoor@caviumnetworks.com, Andreas Schwab <schwab@suse.de>,
	agraf@suse.de, szabolcs.nagy@arm.com, geert@linux-m68k.org,
	Adam Borowski <kilobyte@angband.pl>,
	manuel.montezelo@gmail.com, Chris Metcalf <cmetcalf@mellanox.com>,
	Andrew Pinski <pinskia@gmail.com>,
	linyongting@huawei.com, klimov.linux@gmail.com,
	broonie@kernel.org,
	Bamvor Zhangjian <bamvor.zhangjian@huawei.com>,
	Maxim Kuvyrkov <maxim.kuvyrkov@linaro.org>,
	Florian Weimer <fweimer@redhat.com>,
	Nathan_Lynch@mentor.com,
	Ramana Radhakrishnan <ramana.gcc@googlemail.com>,
	schwidefsky@de.ibm.com, davem@davemloft.net,
	christoph.muellner@theobroma-systems.com
Subject: Re: [PATCH 16/20] arm64: signal32: move ilp32 and aarch32 common code to separated file
Date: Mon, 19 Jun 2017 17:16:42 +0100	[thread overview]
Message-ID: <5947F8EA.9000209@arm.com> (raw)
In-Reply-To: <20170604120009.342-17-ynorov@caviumnetworks.com>

Hi Yury,

On 04/06/17 13:00, Yury Norov wrote:
> Signed-off-by: Yury Norov <ynorov@caviumnetworks.com>

Can I offer a body for the commit message:
ILP32 needs to mix 32bit struct siginfo and 64bit sigframe for its signal
handlers. Move the existing compat code for copying siginfo to user space and
manipulating signal masks into signal32_common.c so it can be used to deliver
aarch32 and ilp32 signals.


> diff --git a/arch/arm64/include/asm/signal32.h b/arch/arm64/include/asm/signal32.h
> index e68fcce538e1..1c4ede717bd2 100644
> --- a/arch/arm64/include/asm/signal32.h
> +++ b/arch/arm64/include/asm/signal32.h
> @@ -13,6 +13,9 @@
>   * You should have received a copy of the GNU General Public License
>   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
>   */
> +
> +#include <asm/signal32_common.h>
> +
>  #ifndef __ASM_SIGNAL32_H
>  #define __ASM_SIGNAL32_H

Nit: This should go inside the guard.


> diff --git a/arch/arm64/kernel/signal32_common.c b/arch/arm64/kernel/signal32_common.c
> new file mode 100644
> index 000000000000..5bddc25dca12
> --- /dev/null
> +++ b/arch/arm64/kernel/signal32_common.c
> @@ -0,0 +1,135 @@
[...]
> +#include <linux/compat.h>
> +#include <linux/signal.h>
> +#include <linux/ratelimit.h>

What do you need ratelimit.h for?


> +#include <linux/uaccess.h>
> +
> +#include <asm/esr.h>

I can't see anything using these ESR_ macros in here...


> +#include <asm/fpsimd.h>

This was for the VFP save/restore code, which you didn't move...


> +#include <asm/signal32_common.h>
> +#include <asm/unistd.h>

[...]


> +int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
[...]
> +	case __SI_FAULT:
> +		err |= __put_user((compat_uptr_t)(unsigned long)from->si_addr,
> +				  &to->si_addr);

This looks tricky. si_addr comes from FAR_EL1 when user-space touches something
it shouldn't. This could be a 64bit value as ilp32 processes can still branch to
64bit addresses in registers and generate loads that cross the invisible 4GB
boundary. Here you truncate the 64bit address.
Obviously this can't happen at all with aarch32, and for C programs its into
undefined-behaviour territory, but it doesn't feel right to pass an address to
user-space that we know is wrong... but we don't have an alternative.

This looks like a class of problem particular to ilp32/x32: 'accessed an address
you can't encode with a signal'. After a quick dig in x86's x32 code, it looks
like they only pass the first 32bits of si_addr too.

One option is to mint a new si_code to go with SIGBUS meaning something like
'address overflowed si_addr'. Alternatively we could just kill tasks that do this.


Thanks,

James

  reply	other threads:[~2017-06-19 16:17 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-04 11:59 Yury Norov
2017-06-04 11:59 ` [PATCH 01/20] compat ABI: use non-compat openat and open_by_handle_at variants Yury Norov
2017-06-04 11:59 ` [PATCH 02/20] 32-bit ABI: introduce ARCH_32BIT_OFF_T config option Yury Norov
2017-06-08 15:09   ` Catalin Marinas
2017-06-13 11:04     ` Yury Norov
2017-06-14 12:31       ` Catalin Marinas
2017-06-04 11:59 ` [PATCH 03/20] asm-generic: Drop getrlimit and setrlimit syscalls from default list Yury Norov
2017-06-05 14:44   ` James Hogan
2017-06-07 18:48     ` Yury Norov
2017-06-04 11:59 ` [PATCH 04/20] arm64: ilp32: add documentation on the ILP32 ABI for ARM64 Yury Norov
2017-06-04 11:59 ` [PATCH 05/20] arm64: rename COMPAT to AARCH32_EL0 in Kconfig Yury Norov
2017-06-08 14:09   ` Catalin Marinas
2017-06-08 22:40     ` Yury Norov
2017-06-09 10:59       ` Catalin Marinas
2017-06-19 15:58   ` James Morse
2017-06-20 23:10     ` Yury Norov
2017-06-22 11:45       ` Yury Norov
2017-06-04 11:59 ` [PATCH 06/20] arm64: ensure the kernel is compiled for LP64 Yury Norov
2017-06-04 11:59 ` [PATCH 07/20] arm64:uapi: set __BITS_PER_LONG correctly for ILP32 and LP64 Yury Norov
2017-06-04 11:59 ` [PATCH 08/20] thread: move thread bits accessors to separated file Yury Norov
2017-06-04 11:59 ` [PATCH 09/20] arm64: introduce is_a32_task and is_a32_thread (for AArch32 compat) Yury Norov
2017-06-04 11:59 ` [PATCH 10/20] arm64: ilp32: add is_ilp32_compat_{task,thread} and TIF_32BIT_AARCH64 Yury Norov
2017-06-04 12:00 ` [PATCH 11/20] arm64: introduce binfmt_elf32.c Yury Norov
2017-06-04 12:00 ` [PATCH 12/20] arm64: ilp32: introduce binfmt_ilp32.c Yury Norov
2017-06-04 12:00 ` [PATCH 13/20] arm64: ilp32: share aarch32 syscall handlers Yury Norov
2017-06-08 14:10   ` Catalin Marinas
2017-06-08 14:28     ` Arnd Bergmann
2017-06-04 12:00 ` [PATCH 14/20] arm64: ilp32: add sys_ilp32.c and a separate table (in entry.S) to use it Yury Norov
2017-06-08 15:05   ` James Morse
2017-06-09  7:06     ` Yury Norov
2017-06-04 12:00 ` [PATCH 15/20] arm64: signal: share lp64 signal routines to ilp32 Yury Norov
2017-06-04 12:00 ` [PATCH 16/20] arm64: signal32: move ilp32 and aarch32 common code to separated file Yury Norov
2017-06-19 16:16   ` James Morse [this message]
2017-06-20 14:16     ` Yury Norov
2017-06-04 12:00 ` [PATCH 17/20] arm64: ilp32: introduce ilp32-specific handlers for sigframe and ucontext Yury Norov
2017-06-04 12:00 ` [PATCH 18/20] arm64: ptrace: handle ptrace_request differently for aarch32 and ilp32 Yury Norov
2017-06-23 17:03   ` James Morse
2017-06-23 22:28     ` Yury Norov
2017-06-27 10:12       ` James Morse
2017-06-04 12:00 ` [PATCH 19/20] arm64:ilp32: add vdso-ilp32 and use for signal return Yury Norov
2017-06-08 15:24   ` Catalin Marinas
2017-06-08 23:06     ` Yury Norov
2017-06-04 12:00 ` [PATCH 20/20] arm64:ilp32: add ARM64_ILP32 to Kconfig Yury Norov
2017-06-14 20:16 ` your mail Yury Norov
  -- strict thread matches above, loose matches on Subject: below --
2017-06-19 15:49 [PATCH v8 00/20] ILP32 for ARM64 Yury Norov
2017-06-19 15:49 ` [PATCH 16/20] arm64: signal32: move ilp32 and aarch32 common code to separated file Yury Norov
2017-03-01 19:19 [PATCH v7 resend 00/20] ILP32 for ARM64 Yury Norov
2017-03-01 19:19 ` [PATCH 16/20] arm64: signal32: move ilp32 and aarch32 common code to separated file Yury Norov
2017-01-09 11:29 [PATCH v7 00/20] ILP32 for ARM64 Yury Norov
2017-01-09 11:29 ` [PATCH 16/20] arm64: signal32: move ilp32 and aarch32 common code to separated file Yury Norov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5947F8EA.9000209@arm.com \
    --to=james.morse@arm.com \
    --cc=Andrew.Pinski@caviumnetworks.com \
    --cc=Nathan_Lynch@mentor.com \
    --cc=Prasun.Kapoor@caviumnetworks.com \
    --cc=agraf@suse.de \
    --cc=arnd@arndb.de \
    --cc=bamvor.zhangjian@huawei.com \
    --cc=broonie@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=christoph.muellner@theobroma-systems.com \
    --cc=cmetcalf@ezchip.com \
    --cc=cmetcalf@mellanox.com \
    --cc=davem@davemloft.net \
    --cc=fweimer@redhat.com \
    --cc=geert@linux-m68k.org \
    --cc=heiko.carstens@de.ibm.com \
    --cc=joseph@codesourcery.com \
    --cc=kilobyte@angband.pl \
    --cc=klimov.linux@gmail.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linyongting@huawei.com \
    --cc=manuel.montezelo@gmail.com \
    --cc=maxim.kuvyrkov@linaro.org \
    --cc=philipp.tomsich@theobroma-systems.com \
    --cc=pinskia@gmail.com \
    --cc=ramana.gcc@googlemail.com \
    --cc=schwab@suse.de \
    --cc=schwidefsky@de.ibm.com \
    --cc=sellcey@caviumnetworks.com \
    --cc=szabolcs.nagy@arm.com \
    --cc=ynorov@caviumnetworks.com \
    --cc=zhouchengming1@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).