From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by sourceware.org (Postfix) with ESMTPS id 410853890437 for ; Mon, 8 Feb 2021 20:29:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 410853890437 IronPort-SDR: WJZr3Y1WxL30j3LLC6RKBBfR/u/hRCCchqOIE2AKMAQInikBq0py3vqgzfuusiOXaySNRspwtV 5X1+idl3MpUg== X-IronPort-AV: E=McAfee;i="6000,8403,9889"; a="243274714" X-IronPort-AV: E=Sophos;i="5.81,163,1610438400"; d="scan'208";a="243274714" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 08 Feb 2021 12:29:54 -0800 IronPort-SDR: xI3AtQtotIwi0/0FtdfX4vDXZQimvtD4pivPRKOCtKqDWUx2nANuCh35IK4RhE9gb/AaBe4VgU iabOwTuuoldQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,163,1610438400"; d="scan'208";a="398530243" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga007.jf.intel.com with ESMTP; 08 Feb 2021 12:29:53 -0800 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 8 Feb 2021 12:29:53 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Mon, 8 Feb 2021 12:29:53 -0800 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.101) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Mon, 8 Feb 2021 12:29:52 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iNsZuOSGvrg9sg8P/rOdG9oi2rF4mfaAgMmhgYbSulfRlxxQVj+CtJClp3b9NOilbfqvuyYPsWXLBgIkNtAXG9YUhIftLpfChkVWSenG+/sJQ0M1QTju2fTFnWV8+vGc8RKiwjcIbKYtvhMDP+B5Eh4cBc8JR5a6OIhxs7MhRIUd1Q74R0/2qbR/RglPei6nZJdeKC/2lkeGByo7m3NMAoxUv8z0/oJgDSIWmYDnSl9uwQpnH8F/ILB6Qv7KAc8+vkZwkwwbJp01m739mWViy0ZVpLoS56dq3N8D4juYpMaPrn3QtVNrAUgp/bibezwMR1zubc8vi8Sd427AVTwevg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xT8tN+LgwnZ7BQyT5E0gIoj78HvjjWI9d9cRIzwQoEM=; b=LnYEP9wl33nfvG2MT2jvxZDpL1epg72zongjGZ7dKAWOytNLkouD/jwU9CD2yyWYY2MOhTO+vao1qt8KATxZDkKF6mgwolHsKh8pB7miMPnJnGfCxdAqGKcAw6RMDKfDYNgIj5rdo1kU02wOkBiFZj09TtNUOspmc8U+x5geE0mQbrt2A9TuDxW3NYEovVQKVCNbUzdIViefeme8OV/Maaci5PSR0MmpXrJWa6BlzB+ABKezekSF6F0UdmwkCD5laAxXN0gohg46iVszSi2h5HIyTJ/ILNEQSbilS/koPrLemKwPQhpUJ4fdKjgoP3xti11DKxU12IaIM7jBDeFxRA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from PH0PR11MB4855.namprd11.prod.outlook.com (2603:10b6:510:41::12) by PH0PR11MB4967.namprd11.prod.outlook.com (2603:10b6:510:41::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.23; Mon, 8 Feb 2021 20:29:51 +0000 Received: from PH0PR11MB4855.namprd11.prod.outlook.com ([fe80::78e6:b455:ce90:fcb0]) by PH0PR11MB4855.namprd11.prod.outlook.com ([fe80::78e6:b455:ce90:fcb0%6]) with mapi id 15.20.3825.030; Mon, 8 Feb 2021 20:29:51 +0000 From: "Bae, Chang Seok" To: Jann Horn CC: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Andy Lutomirski , "the arch/x86 maintainers" , "Brown, Len" , "Hansen, Dave" , "H.J. Lu" , "Dave Martin" , Michael Ellerman , "Luck, Tony" , "Shankar, Ravi V" , "libc-alpha@sourceware.org" , linux-arch , Linux API , "kernel list" , Hiroshi Shimamoto , Roland McGrath , "Sang, Oliver" Subject: Re: [PATCH v2 3/4] x86/signal: Prevent an alternate stack overflow before a signal delivery Thread-Topic: [PATCH v2 3/4] x86/signal: Prevent an alternate stack overflow before a signal delivery Thread-Index: AQHWvqcjVskyJoXuH0ORuPNb6HHBoanRpbwAgAX6YYCAAAWAAIB3j2EA Date: Mon, 8 Feb 2021 20:29:50 +0000 Message-ID: <81DF502F-9327-4365-AD17-21CFAE94ED0B@intel.com> References: <20201119190237.626-1-chang.seok.bae@intel.com> <20201119190237.626-4-chang.seok.bae@intel.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-mailer: Apple Mail (2.3608.120.23.2.4) x-originating-ip: [73.189.248.82] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f5f4a5bd-0bd0-41cd-f81c-08d8cc70493d x-ms-traffictypediagnostic: PH0PR11MB4967: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:1388; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: wnbaaPXnE8N00PwIYLLrSKLbDMLJQPD0WRLftadbI9aGvRjN6lPPkadL0lCu+FCnp21d2b1AVBSFugab2rr1aj2BlU3PWJtLW6neYvUiSQCSYEx4jhtnZpQWCTist+p6ok8BUrF/DcjJskyqayk9OSbOqlqi2udf7Q9jpR8jVdGKGJul5bVLbuqLZe0vsreVN2CyW76lSeRPQbCjSM8oJ6TKDgx2wsNGZaT+kFjZ+sZCnG4dKD0yGWIW9FWXgZFghA2wDNSLQpn5qe9xCm19Xt17UZDt19WiLP3q9gk5E2D6+rO0om9jcvdSCJCj+4jEJhra3U68WMxeqe4JC/23pZRd4bLePMY/F0X1XOU6uAfyjbqwHU6hxqbCwlk9RTu2WPAYuyK2S6ed8skkLiDZp3aevS1IMacdfc0zl+xHbufrVrYwslh5+zXgKtdVEgap4yebzhIpAkjlujKzvvLUvQeynGkBk98LFMYNTczNAV8CEzyCNzhy/kTlAt2lhVzbIg9WMS2D1i7xKN8DIcrRWQL2pUqvCq8a6eIyeyN1BGVGJoqGPVAHg5hJ5bs/cqyS+iBzJh7936Ecv7Q78fxLpw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4855.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(39860400002)(376002)(136003)(346002)(366004)(66556008)(2616005)(64756008)(66476007)(66946007)(36756003)(8936002)(6506007)(76116006)(66446008)(186003)(26005)(53546011)(33656002)(5660300002)(91956017)(316002)(478600001)(83380400001)(54906003)(71200400001)(6486002)(4326008)(6512007)(8676002)(7416002)(6916009)(2906002)(86362001)(107886003)(45980500001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?XQvfWYrtbyvdX8/o1vu7Up/XJLTgoYNeB3guXtS6sy66o8rsoopfEuK/SH2W?= =?us-ascii?Q?r4Pgp+Bup+FK61x6fQQGwA7tnEBRHnFyUUAgMb6kMC+mNgtAibEEdlLKKtau?= =?us-ascii?Q?ciOjjhwzacpfgBQocwo7MjfVH8ya4PzZjUqxISJFuseIfOmF7aLlGt4OViOc?= =?us-ascii?Q?KNg/WsGaXc8FNANYYmzlW7GKMYBAbsVpS8lrBMFov/YTyrxSPmF6wX/iJneC?= =?us-ascii?Q?SrFOrhHWpQ1bABuqrE/iInE0xlkqN7nDlfnKgTFTzolOa842mjKcd6rUgsx6?= =?us-ascii?Q?USlV7AkGxKRfqAd+GlcCjPdzSkvfBwshWA1WLqmfPRqVB6NjZaL0cSDFX6qR?= =?us-ascii?Q?i6CzF9ij4LDNQMmbn6M2nPK/YxzwI8Mq7zlc6WM0OCEqn4tBlCRTH9S5ov/R?= =?us-ascii?Q?yaweqNZpgPh1ypGUPD3xb4Yt1qEUpAZy2BdXl0AHy3rHzsdy1ByKUlJt5+3t?= =?us-ascii?Q?yuJ2UX0dUtGJz6OsXvc7r93pU/B1fYfJafpIKisAyRTjzlCS20WilAvAqclf?= =?us-ascii?Q?UBsYIpTHEFl5oU4xxptAdTpLNgosPRnjoWMfhAanqdJl9DgF6Iy8zsGqwSmQ?= =?us-ascii?Q?Kz+F08o9HD5AEPvymaSw/PP05NwwE2emNe2AgCVP+w+havpczu4zq2lH3Nmb?= =?us-ascii?Q?PAd6YupdRG9j23Xq53GpANgVNZu2YnUI7VIo27GN9g6bDqDzaFpZ3uQaRjwQ?= =?us-ascii?Q?2Y6ENy2Xm/Zfz1QaHE6vD8bR7SxnKO7g1NdvlHFJyFMP+WyrftUASSeRDktr?= =?us-ascii?Q?NbDlFHRC36gmRBlIeLdQiqHMrpQdjt4tYpNfFm8Rdw+k1/bV+ah+nKc5HTdu?= =?us-ascii?Q?ayulKoqxji8AEV3iHQqLLdX2uQuG7Sc6QX/FNKpS+SETgusUW7vK02hTLUEn?= =?us-ascii?Q?RfcvHe/6GRjFttbIFlvhJ9DyULDKdc/pBJ7Dj2PRZJw05vNc0j1d5JdQyZNG?= =?us-ascii?Q?G8yWnSQ0AEz2HLTeEAcET+ojCHSme+sOzf4rvmvmpYUL+4WeQxh6We4nfV0s?= =?us-ascii?Q?1C/000kyJnhbQq1yNvnE9jIyoCxINTEUI4c2twIPRVf781N97w3I6ZY34juq?= =?us-ascii?Q?z7+nIPFuPb7H73pBL/mrUXm3EbCZ2R1/1QgMlVp0gxTCuHZa6gO9jF962BWe?= =?us-ascii?Q?nUEowFxFwPk+C3h56HEf9hyrQFdVOxpvth4sIQevw5pcQ6wJFBCHmaYiEw2J?= =?us-ascii?Q?2oqIrFjjBYgLj6umdj3hiHM2XACS/fsMrzqmb2PUaDiRa8YAc5g3AKgDYe0p?= =?us-ascii?Q?5v2K1flVNCnonT/bpFF7qyujKkCiVvk2KlKLlv7imlohAm/OlZJLvc6GVJrT?= =?us-ascii?Q?tOkzjsDIpWh36gz9MdnrxhfN?= Content-Type: text/plain; charset="us-ascii" Content-ID: <393536D3FB7EA04EAF6ADF503A496856@namprd11.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4855.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f5f4a5bd-0bd0-41cd-f81c-08d8cc70493d X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Feb 2021 20:29:50.8981 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: dsX7rN4jy8Jq/dtvVLwym70CGYyneEYlTt7lSncXC9w3A/N6wBm58SuY/0E7Aosqsm8ICx1xLzXLI4Tmv/eQ8HkhXTpq0hUUcA2R80OTYWw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4967 X-OriginatorOrg: intel.com X-Spam-Status: No, score=-12.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Feb 2021 20:29:58 -0000 On Nov 24, 2020, at 10:41, Jann Horn wrote: > On Tue, Nov 24, 2020 at 7:22 PM Bae, Chang Seok > wrote: >>> On Nov 20, 2020, at 15:04, Jann Horn wrote: >>> On Thu, Nov 19, 2020 at 8:40 PM Chang S. Bae = wrote: >>>>=20 >>>> diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c >>>> index ee6f1ceaa7a2..cee41d684dc2 100644 >>>> --- a/arch/x86/kernel/signal.c >>>> +++ b/arch/x86/kernel/signal.c >>>> @@ -251,8 +251,13 @@ get_sigframe(struct k_sigaction *ka, struct pt_re= gs *regs, size_t frame_size, >>>>=20 >>>> /* This is the X/Open sanctioned signal stack switching. */ >>>> if (ka->sa.sa_flags & SA_ONSTACK) { >>>> - if (sas_ss_flags(sp) =3D=3D 0) >>>> + if (sas_ss_flags(sp) =3D=3D 0) { >>>> + /* If the altstack might overflow, die with SI= GSEGV: */ >>>> + if (!altstack_size_ok(current)) >>>> + return (void __user *)-1L; >>>> + >>>> sp =3D current->sas_ss_sp + current->sas_ss_size= ; >>>> + } >>>=20 >>> A couple lines further down, we have this (since commit 14fc9fbc700d): >>>=20 >>> /* >>> * If we are on the alternate signal stack and would overflow it,= don't. >>> * Return an always-bogus address instead so we will die with SIG= SEGV. >>> */ >>> if (onsigstack && !likely(on_sig_stack(sp))) >>> return (void __user *)-1L; >>>=20 >>> Is that not working? >>=20 >> onsigstack is set at the beginning here. If a signal hits under normal s= tack, >> this flag is not set. Then it will miss the overflow. >>=20 >> The added check allows to detect the sigaltstack overflow (always). >=20 > Ah, I think I understand what you're trying to do. But wouldn't the > better approach be to ensure that the existing on_sig_stack() check is > also used if we just switched to the signal stack? Something like: >=20 > diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c > index be0d7d4152ec..2f57842fb4d6 100644 > --- a/arch/x86/kernel/signal.c > +++ b/arch/x86/kernel/signal.c > @@ -237,7 +237,7 @@ get_sigframe(struct k_sigaction *ka, struct > pt_regs *regs, size_t frame_size, > unsigned long math_size =3D 0; > unsigned long sp =3D regs->sp; > unsigned long buf_fx =3D 0; > - int onsigstack =3D on_sig_stack(sp); > + bool onsigstack =3D on_sig_stack(sp); > int ret; >=20 > /* redzone */ > @@ -246,8 +246,10 @@ get_sigframe(struct k_sigaction *ka, struct > pt_regs *regs, size_t frame_size, >=20 > /* This is the X/Open sanctioned signal stack switching. */ > if (ka->sa.sa_flags & SA_ONSTACK) { > - if (sas_ss_flags(sp) =3D=3D 0) > + if (sas_ss_flags(sp) =3D=3D 0) { > sp =3D current->sas_ss_sp + current->sas_ss_size; > + onsigstack =3D true; FWIW, here.=20 Thanks to the report by Oliver via the kernel test robot, I realized that this needs to be conditional on the SS_AUTODISARM tag like, : onsigstack =3D !(current->sas_ss_flags & SS_AUTODISARM); Thanks, Chang=