linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Maciej W. Rozycki" <macro@imgtec.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: <linux-kernel@vger.kernel.org>, Andy Lutomirski <luto@kernel.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Oleg Nesterov <oleg@redhat.com>,
	Andrei Vagin <avagin@virtuozzo.com>,
	Thomas Gleixner <tglx@linutronix.de>, Greg KH <greg@kroah.com>,
	Andrey Vagin <avagin@openvz.org>, Serge Hallyn <serge@hallyn.com>,
	Pavel Emelyanov <xemul@virtuozzo.com>,
	Cyrill Gorcunov <gorcunov@openvz.org>,
	Peter Zijlstra <peterz@infradead.org>, Willy Tarreau <w@1wt.eu>,
	<linux-arch@vger.kernel.org>, <linux-api@vger.kernel.org>,
	Linux Containers <containers@lists.linux-foundation.org>,
	Michael Kerrisk <mtk.manpages@gmail.com>,
	Ralf Baechle <ralf@linux-mips.org>
Subject: Re: [PATCH 4/7] signal/mips: Document a conflict with SI_USER with SIGFPE
Date: Wed, 9 Aug 2017 00:19:12 +0100	[thread overview]
Message-ID: <alpine.DEB.2.00.1708082212400.17596@tp.orcam.me.uk> (raw)
In-Reply-To: <87mv7agjsh.fsf@xmission.com>

On Tue, 8 Aug 2017, Eric W. Biederman wrote:

> >  This is an "impossible" state to reach unless your hardware is on fire.  
> > One or more of the FCSR Cause bits will have been set (in `fcr31') or the 
> > FPE exception would not have happened.
> >
> >  Of course there could be a simulator bug, or we could have breakage 
> > somewhere causing `process_fpemu_return' to be called with SIGFPE and 
> > inconsistent `fcr31'.  So we need to handle it somehow.
> >
> >  So what would be the right value of `si_code' to use here for such an 
> > unexpected exception condition?  I think `BUG()' would be too big a 
> > hammer here.  Or wouldn't it?
> 
> The possible solutions I can think of are:
> 
> WARN_ON_ONCE with a comment.
> 
> Add a new si_code to uapi/asm-generic/siginfo.h perhaps FPE_IMPOSSIBLE.
> Like syscall numbers si_codes are cheap.

 I think we ought to do both.

 First, we have our own FP emulation code, which is changed from time to 
time, that uses the same exit path that the hardware exception does.  It 
could happen that we miss something and return SIGFPE from the emulation 
code without setting the cause bits appropriately.  This would be our own 
bug which might trigger exceedingly rarely and could then be caught by 
WARN_ON_ONCE or otherwise stay there forever in the absence of that check.

 Second, changing `si_code' from __SI_FAULT to 0 aka __SI_KILL will likely 
interfere with `copy_siginfo_to_user32' in arch/mips/kernel/signal32.c, 
making the userland lose the address of the faulting instruction in 32-bit 
software run on 64-bit hardware only, making our API inconsistent.  Using 
a distinct `si_code' value such as FPE_IMPOSSIBLE (though we might choose 
say FPE_FLTUNK for "FLoaTing point UNKnown" instead, for consistency; mind 
that most `si_code' macros have the same number of characters within 
groups associated with individual signals) for such odd traps is allowed 
by SUS and will prevent the inconsistency from happening, very cheaply as 
you say.

  Maciej

  reply	other threads:[~2017-08-08 23:19 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <87lgot2loq.fsf@xmission.com>
     [not found] ` <87zid90vye.fsf_-_@xmission.com>
     [not found]   ` <20170615225426.GP31671@ZenIV.linux.org.uk>
     [not found]     ` <87poe4zrs1.fsf@xmission.com>
     [not found]       ` <CA+55aFxpv+gchzs7AYgSC8feAOV=B6mjFgBVm4Kx+83J2CNE-w@mail.gmail.com>
     [not found]         ` <87poe3vsa9.fsf@xmission.com>
     [not found]           ` <CALCETrX=SquyR8JZqHDNx=_FQKQo-0u9AxfdUwJs_hujVO2A-g@mail.gmail.com>
     [not found]             ` <87h8zfua59.fsf@xmission.com>
     [not found]               ` <CALCETrWPBn31Dye=81r2ZMainNOnDy5c_QxbU2uRjnJs0ie=Zg@mail.gmail.com>
     [not found]                 ` <87r2yjsuwl.fsf@xmission.com>
     [not found]                   ` <20170616191602.GA10675@1wt.eu>
2017-06-30 12:36                     ` [PATCH 0/8] signal: Fix sending signals with siginfo Eric W. Biederman
2017-07-18 14:04                       ` [PATCH v2 0/7] " Eric W. Biederman
2017-07-18 14:06                         ` [PATCH 1/7] signal/alpha: Document a conflict with SI_USER for SIGTRAP Eric W. Biederman
2017-07-18 18:22                           ` Richard Henderson
2017-07-18 14:06                         ` [PATCH 2/7] signal/ia64: Document a conflict with SI_USER with SIGFPE Eric W. Biederman
2017-07-18 14:06                         ` [PATCH 3/7] signal/sparc: " Eric W. Biederman
2017-07-18 14:06                         ` [PATCH 4/7] signal/mips: " Eric W. Biederman
2017-08-07 16:18                           ` Maciej W. Rozycki
2017-08-07 17:41                             ` Linus Torvalds
2017-08-07 19:55                               ` Ralf Baechle
2017-08-08 15:29                             ` Eric W. Biederman
2017-08-08 23:19                               ` Maciej W. Rozycki [this message]
2017-07-18 14:06                         ` [PATCH 5/7] signal/testing: Don't look for __SI_FAULT in userspace Eric W. Biederman
2017-07-18 14:06                         ` [PATCH 6/7] fcntl: Don't use ambiguous SIG_POLL si_codes Eric W. Biederman
2017-07-20 16:16                           ` Oleg Nesterov
2017-07-21  2:33                             ` Eric W. Biederman
2017-07-18 14:06                         ` [PATCH 7/7] signal: Remove kernel interal si_code magic Eric W. Biederman
2017-07-18 16:57                           ` Linus Torvalds
2017-07-18 17:27                             ` Eric W. Biederman
2017-07-22 20:25                               ` Simplfying copy_siginfo_to_user Eric W. Biederman
2017-07-24 17:43                                 ` Linus Torvalds
2017-07-24 19:01                                   ` Eric W. Biederman
2017-07-25  1:37                                   ` Al Viro
2017-07-31 16:37                                     ` Eric W. Biederman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.00.1708082212400.17596@tp.orcam.me.uk \
    --to=macro@imgtec.com \
    --cc=avagin@openvz.org \
    --cc=avagin@virtuozzo.com \
    --cc=containers@lists.linux-foundation.org \
    --cc=ebiederm@xmission.com \
    --cc=gorcunov@openvz.org \
    --cc=greg@kroah.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-arch@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mtk.manpages@gmail.com \
    --cc=oleg@redhat.com \
    --cc=peterz@infradead.org \
    --cc=ralf@linux-mips.org \
    --cc=serge@hallyn.com \
    --cc=tglx@linutronix.de \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=w@1wt.eu \
    --cc=xemul@virtuozzo.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).