From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Subject: [PATCH v2 18/25] powerpc/signal32: Switch handle_rt_signal32() to user_access_begin() logic
Date: Tue, 18 Aug 2020 17:19:30 +0000 (UTC) [thread overview]
Message-ID: <2974314226256f958e2984912b48883ef1754185.1597770847.git.christophe.leroy@csgroup.eu> (raw)
In-Reply-To: <cover.1597770847.git.christophe.leroy@csgroup.eu>
On the same way as handle_signal32(), replace all user
accesses with equivalent unsafe_ versions, and move the
trampoline code icache flush outside the user access block.
Functions that have no unsafe_ equivalent also remains outside
the access block.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/kernel/signal_32.c | 55 ++++++++++++++++++++-------------
1 file changed, 34 insertions(+), 21 deletions(-)
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index fc8ba4b29edf..93c2d6304831 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -58,8 +58,6 @@
#define mcontext mcontext32
#define ucontext ucontext32
-#define __save_altstack __compat_save_altstack
-
/*
* Userspace code may pass a ucontext which doesn't include VSX added
* at the end. We need to check for this case.
@@ -745,16 +743,28 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset,
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
tm_mctx = &frame->uc_transact.uc_mcontext;
#endif
- if (!access_ok(frame, sizeof(*frame)))
+ if (!user_write_access_begin(frame, sizeof(*frame)))
goto badframe;
/* Put the siginfo & fill in most of the ucontext */
- if (copy_siginfo_to_user(&frame->info, &ksig->info) ||
- __put_user(0, &frame->uc.uc_flags) ||
- __save_altstack(&frame->uc.uc_stack, regs->gpr[1]) ||
- __put_user(to_user_ptr(&frame->uc.uc_mcontext), &frame->uc.uc_regs) ||
- put_sigset_t(&frame->uc.uc_sigmask, oldset))
- goto badframe;
+ unsafe_put_user(0, &frame->uc.uc_flags, failed);
+#ifdef CONFIG_PPC64
+ unsafe_compat_save_altstack(&frame->uc.uc_stack, regs->gpr[1], failed);
+#else
+ unsafe_save_altstack(&frame->uc.uc_stack, regs->gpr[1], failed);
+#endif
+ unsafe_put_user(to_user_ptr(&frame->uc.uc_mcontext), &frame->uc.uc_regs, failed);
+
+ if (MSR_TM_ACTIVE(msr)) {
+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
+ unsafe_put_user((unsigned long)&frame->uc_transact,
+ &frame->uc.uc_link, failed);
+ unsafe_put_user((unsigned long)tm_mctx,
+ &frame->uc_transact.uc_regs, failed);
+#endif
+ } else {
+ unsafe_put_user(0, &frame->uc.uc_link, failed);
+ }
/* Save user registers on the stack */
if (vdso32_rt_sigtramp && tsk->mm->context.vdso_base) {
@@ -762,28 +772,28 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset,
} else {
tramp = (unsigned long)mctx->mc_pad;
/* Set up the sigreturn trampoline: li r0,sigret; sc */
- if (__put_user(PPC_INST_ADDI + __NR_sigreturn, &mctx->mc_pad[0]))
- goto badframe;
- if (__put_user(PPC_INST_SC, &mctx->mc_pad[1]))
- goto badframe;
- flush_icache_range(tramp, tramp + 2 * sizeof(unsigned long));
+ unsafe_put_user(PPC_INST_ADDI + __NR_rt_sigreturn, &mctx->mc_pad[0],
+ failed);
+ unsafe_put_user(PPC_INST_SC, &mctx->mc_pad[1], failed);
}
+ user_write_access_end();
+
+ if (put_sigset_t(&frame->uc.uc_sigmask, oldset))
+ goto badframe;
+ if (copy_siginfo_to_user(&frame->info, &ksig->info))
+ goto badframe;
+
+ if (tramp == (unsigned long)mctx->mc_pad)
+ flush_icache_range(tramp, tramp + 2 * sizeof(unsigned long));
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
if (MSR_TM_ACTIVE(msr)) {
- if (__put_user((unsigned long)&frame->uc_transact,
- &frame->uc.uc_link) ||
- __put_user((unsigned long)tm_mctx,
- &frame->uc_transact.uc_regs))
- goto badframe;
if (save_tm_user_regs(regs, mctx, tm_mctx, msr))
goto badframe;
}
else
#endif
{
- if (__put_user(0, &frame->uc.uc_link))
- goto badframe;
if (save_user_regs(regs, mctx, tm_mctx, 1))
goto badframe;
}
@@ -810,6 +820,9 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset,
regs->msr |= (MSR_KERNEL & MSR_LE);
return 0;
+failed:
+ user_write_access_end();
+
badframe:
signal_fault(tsk, regs, "handle_rt_signal32", frame);
--
2.25.0
WARNING: multiple messages have this Message-ID (diff)
From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2 18/25] powerpc/signal32: Switch handle_rt_signal32() to user_access_begin() logic
Date: Tue, 18 Aug 2020 17:19:30 +0000 (UTC) [thread overview]
Message-ID: <2974314226256f958e2984912b48883ef1754185.1597770847.git.christophe.leroy@csgroup.eu> (raw)
In-Reply-To: <cover.1597770847.git.christophe.leroy@csgroup.eu>
On the same way as handle_signal32(), replace all user
accesses with equivalent unsafe_ versions, and move the
trampoline code icache flush outside the user access block.
Functions that have no unsafe_ equivalent also remains outside
the access block.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/kernel/signal_32.c | 55 ++++++++++++++++++++-------------
1 file changed, 34 insertions(+), 21 deletions(-)
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
index fc8ba4b29edf..93c2d6304831 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
@@ -58,8 +58,6 @@
#define mcontext mcontext32
#define ucontext ucontext32
-#define __save_altstack __compat_save_altstack
-
/*
* Userspace code may pass a ucontext which doesn't include VSX added
* at the end. We need to check for this case.
@@ -745,16 +743,28 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset,
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
tm_mctx = &frame->uc_transact.uc_mcontext;
#endif
- if (!access_ok(frame, sizeof(*frame)))
+ if (!user_write_access_begin(frame, sizeof(*frame)))
goto badframe;
/* Put the siginfo & fill in most of the ucontext */
- if (copy_siginfo_to_user(&frame->info, &ksig->info) ||
- __put_user(0, &frame->uc.uc_flags) ||
- __save_altstack(&frame->uc.uc_stack, regs->gpr[1]) ||
- __put_user(to_user_ptr(&frame->uc.uc_mcontext), &frame->uc.uc_regs) ||
- put_sigset_t(&frame->uc.uc_sigmask, oldset))
- goto badframe;
+ unsafe_put_user(0, &frame->uc.uc_flags, failed);
+#ifdef CONFIG_PPC64
+ unsafe_compat_save_altstack(&frame->uc.uc_stack, regs->gpr[1], failed);
+#else
+ unsafe_save_altstack(&frame->uc.uc_stack, regs->gpr[1], failed);
+#endif
+ unsafe_put_user(to_user_ptr(&frame->uc.uc_mcontext), &frame->uc.uc_regs, failed);
+
+ if (MSR_TM_ACTIVE(msr)) {
+#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
+ unsafe_put_user((unsigned long)&frame->uc_transact,
+ &frame->uc.uc_link, failed);
+ unsafe_put_user((unsigned long)tm_mctx,
+ &frame->uc_transact.uc_regs, failed);
+#endif
+ } else {
+ unsafe_put_user(0, &frame->uc.uc_link, failed);
+ }
/* Save user registers on the stack */
if (vdso32_rt_sigtramp && tsk->mm->context.vdso_base) {
@@ -762,28 +772,28 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset,
} else {
tramp = (unsigned long)mctx->mc_pad;
/* Set up the sigreturn trampoline: li r0,sigret; sc */
- if (__put_user(PPC_INST_ADDI + __NR_sigreturn, &mctx->mc_pad[0]))
- goto badframe;
- if (__put_user(PPC_INST_SC, &mctx->mc_pad[1]))
- goto badframe;
- flush_icache_range(tramp, tramp + 2 * sizeof(unsigned long));
+ unsafe_put_user(PPC_INST_ADDI + __NR_rt_sigreturn, &mctx->mc_pad[0],
+ failed);
+ unsafe_put_user(PPC_INST_SC, &mctx->mc_pad[1], failed);
}
+ user_write_access_end();
+
+ if (put_sigset_t(&frame->uc.uc_sigmask, oldset))
+ goto badframe;
+ if (copy_siginfo_to_user(&frame->info, &ksig->info))
+ goto badframe;
+
+ if (tramp == (unsigned long)mctx->mc_pad)
+ flush_icache_range(tramp, tramp + 2 * sizeof(unsigned long));
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
if (MSR_TM_ACTIVE(msr)) {
- if (__put_user((unsigned long)&frame->uc_transact,
- &frame->uc.uc_link) ||
- __put_user((unsigned long)tm_mctx,
- &frame->uc_transact.uc_regs))
- goto badframe;
if (save_tm_user_regs(regs, mctx, tm_mctx, msr))
goto badframe;
}
else
#endif
{
- if (__put_user(0, &frame->uc.uc_link))
- goto badframe;
if (save_user_regs(regs, mctx, tm_mctx, 1))
goto badframe;
}
@@ -810,6 +820,9 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset,
regs->msr |= (MSR_KERNEL & MSR_LE);
return 0;
+failed:
+ user_write_access_end();
+
badframe:
signal_fault(tsk, regs, "handle_rt_signal32", frame);
--
2.25.0
next prev parent reply other threads:[~2020-08-18 17:20 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-18 17:19 [PATCH v2 00/25] powerpc: Switch signal 32 to using unsafe_put_user() and friends Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 01/25] powerpc/signal: Move inline functions in signal.h Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 02/25] powerpc/ptrace: Move declaration of ptrace_get_reg() and ptrace_set_reg() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 03/25] powerpc/ptrace: Consolidate reg index calculation Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 04/25] powerpc/ptrace: Create ptrace_get_fpr() and ptrace_put_fpr() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 05/25] powerpc/signal: Don't manage floating point regs when no FPU Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 06/25] powerpc/32s: Allow deselecting CONFIG_PPC_FPU on mpc832x Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 07/25] powerpc/signal: Remove BUG_ON() in handler_signal functions Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 08/25] powerpc/signal: Move access_ok() out of get_sigframe() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 09/25] powerpc/signal: Remove get_clean_sp() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 10/25] powerpc/signal: Call get_tm_stackpointer() from get_sigframe() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 11/25] powerpc/signal: Refactor bad frame logging Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-19 1:19 ` Joe Perches
2020-08-19 1:19 ` Joe Perches
2020-08-18 17:19 ` [PATCH v2 12/25] powerpc/signal32: Simplify logging in handle_rt_signal32() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 13/25] powerpc/signal32: Move handle_signal32() close to handle_rt_signal32() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 14/25] powerpc/signal32: Rename local pointers in handle_rt_signal32() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 15/25] powerpc/signal32: Misc changes to make handle_[rt_]_signal32() more similar Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 16/25] powerpc/signal32: Move signal trampoline setup to handle_[rt_]signal32 Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 17/25] powerpc/signal32: Switch handle_signal32() to user_access_begin() logic Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy [this message]
2020-08-18 17:19 ` [PATCH v2 18/25] powerpc/signal32: Switch handle_rt_signal32() " Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 19/25] powerpc/signal32: Remove ifdefery in middle of if/else Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 20/25] signal: Add unsafe_put_compat_sigset() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 21/25] powerpc/signal32: Add and use unsafe_put_sigset_t() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 22/25] powerpc/signal32: Switch swap_context() to user_access_begin() logic Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 23/25] powerpc/signal: Create 'unsafe' versions of copy_[ck][fpr/vsx]_to_user() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-09-29 2:04 ` Christopher M. Riedl
2020-09-29 2:04 ` Christopher M. Riedl
2020-09-29 5:22 ` Christophe Leroy
2020-09-29 5:33 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 24/25] powerpc/signal32: Isolate non-copy actions in save_user_regs() and save_tm_user_regs() Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-18 17:19 ` [PATCH v2 25/25] powerpc/signal32: Transform save_user_regs() and save_tm_user_regs() in 'unsafe' version Christophe Leroy
2020-08-18 17:19 ` Christophe Leroy
2020-08-27 9:07 ` kernel test robot
2020-08-27 15:59 ` Christophe Leroy
2020-09-29 2:55 ` Christopher M. Riedl
2020-09-29 2:55 ` Christopher M. Riedl
2020-09-29 5:21 ` Christophe Leroy
2020-12-10 11:29 ` [PATCH v2 00/25] powerpc: Switch signal 32 to using unsafe_put_user() and friends Michael Ellerman
2020-12-10 11:29 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2974314226256f958e2984912b48883ef1754185.1597770847.git.christophe.leroy@csgroup.eu \
--to=christophe.leroy@csgroup.eu \
--cc=benh@kernel.crashing.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.