From: Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Stas Sergeev <stsp-cmBhpYW9OiY@public.gmane.org>
Cc: Linux kernel
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Ingo Molnar <mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Peter Zijlstra <peterz-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Amanieu d'Antras
<amanieu-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
"Kirill A. Shutemov"
<kirill.shutemov-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>,
Jason Low <jason.low2-VXdhtT5mjnY@public.gmane.org>,
Heinrich Schuchardt <xypron.glpk-Mmb7MZpHnFY@public.gmane.org>,
Andrea Arcangeli
<aarcange-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Konstantin Khlebnikov
<khlebnikov-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org>,
Josh Triplett <josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org>,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Aleksa Sarai <cyphar-gVpy/LI/lHzQT0dZR+AlfA@public.gmane.org>,
Paul Moore <pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Palmer Dabbelt <palmer-96lFi9zoCfxBDgjK7y7TUQ@public.gmane.org>,
Vladimir Davydov
<vdavydov-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>
Subject: Re: [PATCH 4/4] sigaltstack: allow disabling and re-enabling sas within sighandler
Date: Mon, 1 Feb 2016 17:06:25 +0100 [thread overview]
Message-ID: <20160201160625.GA18276@redhat.com> (raw)
In-Reply-To: <56AE3626.7080706-cmBhpYW9OiY@public.gmane.org>
Honestly, I am not sure I understand what this patch does and why, and it is
white space damaged, please fix.
On 01/31, Stas Sergeev wrote:
>
> linux implements the sigaltstack() in a way that makes it impossible to
> use with swapcontext(). Per the man page, sigaltstack is allowed to return
> EPERM if the process is altering its sigaltstack while running on
> sigaltstack.
> This is likely needed to consistently return oss->ss_flags, that indicates
> whether the process is being on sigaltstack or not.
> Unfortunately, linux takes that permission to return EPERM too literally:
> it returns EPERM even if you don't want to change to another sigaltstack,
> but only want to temporarily disable sigaltstack with SS_DISABLE.
> You can't use swapcontext() without disabling sigaltstack first, or the
> stack will be re-used and overwritten by a subsequent signal.
So iiuc you want to switch the stack from the signal handler running on the
alt stack, and you need to ensure that another SA_ONSTACK signal won't corrupt
the alt stack in between, right?
Perhaps you can update the changelog to explain why do we want this change.
> @@ -2550,8 +2551,11 @@ static inline int sas_ss_flags(unsigned long sp)
> {
> if (!current->sas_ss_size)
> return SS_DISABLE;
> -
> - return on_sig_stack(sp) ? SS_ONSTACK : 0;
> + if (on_sig_stack(sp))
> + return SS_ONSTACK;
> + if (current->sas_ss_flags == SS_DISABLE)
> + return SS_DISABLE;
> + return 0;
So this always return SS_ONSTACK if on_sig_stack(), see below.
> + onsigstack = on_sig_stack(sp);
> + if (ss_size == 0) {
> + switch (ss_flags) {
> + case 0:
> + error = -EPERM;
> + if (onsigstack)
> + goto out;
> + current->sas_ss_sp = 0;
> + current->sas_ss_size = 0;
> + current->sas_ss_flags = SS_DISABLE;
> + break;
> + case SS_ONSTACK:
> + /* re-enable previously disabled sas */
> + error = -EINVAL;
> + if (current->sas_ss_size == 0)
> + goto out;
> + break;
> + default:
> + break;
> + }
and iiuc the "default" case allows you to write SS_DISABLE into ->sas_ss_flags
even if on_sig_stack().
So the sequence is
// running on alt stack
sigaltstack(SS_DISABLE);
temporary_run_on_another_stack();
sigaltstack(SS_ONSTACK);
and SS_DISABLE saves us from another SA_ONSTACK signal, right?
But afaics it can only help after we change the stack. Suppose that SA_ONSTACK signal
comess before temporary_run_on_another_stack(). get_sigframe() should be fine after
your changes (afaics), it won't pick the alt stack after SS_DISABLE.
However, unless I missed something save_altstack_ex() will record SS_ONSTACK in
uc_stack->ss_flags, and after return from signal handler restore_altstack() will
enable alt stack again?
Oleg.
WARNING: multiple messages have this Message-ID (diff)
From: Oleg Nesterov <oleg@redhat.com>
To: Stas Sergeev <stsp@list.ru>
Cc: Linux kernel <linux-kernel@vger.kernel.org>,
linux-api@vger.kernel.org, Andy Lutomirski <luto@amacapital.net>,
Ingo Molnar <mingo@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Andrew Morton <akpm@linux-foundation.org>,
"Amanieu d'Antras" <amanieu@gmail.com>,
Richard Weinberger <richard@nod.at>, Tejun Heo <tj@kernel.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Jason Low <jason.low2@hp.com>,
Heinrich Schuchardt <xypron.glpk@gmx.de>,
Andrea Arcangeli <aarcange@redhat.com>,
Konstantin Khlebnikov <khlebnikov@yandex-team.ru>,
Josh Triplett <josh@joshtriplett.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Aleksa Sarai <cyphar@cyphar.com>, Paul Moore <pmoore@redhat.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Vladimir Davydov <vdavydov@parallels.com>
Subject: Re: [PATCH 4/4] sigaltstack: allow disabling and re-enabling sas within sighandler
Date: Mon, 1 Feb 2016 17:06:25 +0100 [thread overview]
Message-ID: <20160201160625.GA18276@redhat.com> (raw)
In-Reply-To: <56AE3626.7080706@list.ru>
Honestly, I am not sure I understand what this patch does and why, and it is
white space damaged, please fix.
On 01/31, Stas Sergeev wrote:
>
> linux implements the sigaltstack() in a way that makes it impossible to
> use with swapcontext(). Per the man page, sigaltstack is allowed to return
> EPERM if the process is altering its sigaltstack while running on
> sigaltstack.
> This is likely needed to consistently return oss->ss_flags, that indicates
> whether the process is being on sigaltstack or not.
> Unfortunately, linux takes that permission to return EPERM too literally:
> it returns EPERM even if you don't want to change to another sigaltstack,
> but only want to temporarily disable sigaltstack with SS_DISABLE.
> You can't use swapcontext() without disabling sigaltstack first, or the
> stack will be re-used and overwritten by a subsequent signal.
So iiuc you want to switch the stack from the signal handler running on the
alt stack, and you need to ensure that another SA_ONSTACK signal won't corrupt
the alt stack in between, right?
Perhaps you can update the changelog to explain why do we want this change.
> @@ -2550,8 +2551,11 @@ static inline int sas_ss_flags(unsigned long sp)
> {
> if (!current->sas_ss_size)
> return SS_DISABLE;
> -
> - return on_sig_stack(sp) ? SS_ONSTACK : 0;
> + if (on_sig_stack(sp))
> + return SS_ONSTACK;
> + if (current->sas_ss_flags == SS_DISABLE)
> + return SS_DISABLE;
> + return 0;
So this always return SS_ONSTACK if on_sig_stack(), see below.
> + onsigstack = on_sig_stack(sp);
> + if (ss_size == 0) {
> + switch (ss_flags) {
> + case 0:
> + error = -EPERM;
> + if (onsigstack)
> + goto out;
> + current->sas_ss_sp = 0;
> + current->sas_ss_size = 0;
> + current->sas_ss_flags = SS_DISABLE;
> + break;
> + case SS_ONSTACK:
> + /* re-enable previously disabled sas */
> + error = -EINVAL;
> + if (current->sas_ss_size == 0)
> + goto out;
> + break;
> + default:
> + break;
> + }
and iiuc the "default" case allows you to write SS_DISABLE into ->sas_ss_flags
even if on_sig_stack().
So the sequence is
// running on alt stack
sigaltstack(SS_DISABLE);
temporary_run_on_another_stack();
sigaltstack(SS_ONSTACK);
and SS_DISABLE saves us from another SA_ONSTACK signal, right?
But afaics it can only help after we change the stack. Suppose that SA_ONSTACK signal
comess before temporary_run_on_another_stack(). get_sigframe() should be fine after
your changes (afaics), it won't pick the alt stack after SS_DISABLE.
However, unless I missed something save_altstack_ex() will record SS_ONSTACK in
uc_stack->ss_flags, and after return from signal handler restore_altstack() will
enable alt stack again?
Oleg.
next prev parent reply other threads:[~2016-02-01 16:06 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-31 16:16 [PATCH 0/4] make sigaltstack() compatible with swapcontext() Stas Sergeev
2016-01-31 16:16 ` Stas Sergeev
2016-01-31 16:21 ` [PATCH 2/4] score: signal: fix sigaltstack check Stas Sergeev
2016-02-02 19:07 ` Lennox Wu
2016-01-31 16:24 ` [PATCH 3/4] x86: signal: unify the sigaltstack check with other arches Stas Sergeev
2016-01-31 16:58 ` Andy Lutomirski
2016-01-31 18:03 ` Stas Sergeev
[not found] ` <56AE3369.2090709-cmBhpYW9OiY@public.gmane.org>
2016-01-31 16:18 ` [PATCH 1/4] selftests: Add test for sigaltstack(SS_DISABLE) inside sighandler Stas Sergeev
2016-01-31 16:18 ` Stas Sergeev
2016-02-12 16:12 ` Shuah Khan
[not found] ` <56BE046D.4080203-JPH+aEBZ4P+UEJcrhfAQsw@public.gmane.org>
2016-02-12 16:17 ` Stas Sergeev
2016-02-12 16:17 ` Stas Sergeev
2016-01-31 16:28 ` [PATCH 4/4] sigaltstack: allow disabling and re-enabling sas within sighandler Stas Sergeev
2016-01-31 16:28 ` Stas Sergeev
[not found] ` <56AE3626.7080706-cmBhpYW9OiY@public.gmane.org>
2016-01-31 17:00 ` Andy Lutomirski
2016-01-31 17:00 ` Andy Lutomirski
2016-01-31 17:33 ` Stas Sergeev
[not found] ` <56AE4567.9000403-cmBhpYW9OiY@public.gmane.org>
2016-01-31 19:03 ` Andy Lutomirski
2016-01-31 19:03 ` Andy Lutomirski
[not found] ` <CALCETrUVODhNRwvbAfC0q3RVJAFw-ZFGhsww2uQsk3UZjLynnQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-01-31 20:08 ` Stas Sergeev
2016-01-31 20:08 ` Stas Sergeev
[not found] ` <56AE69AD.6090005-cmBhpYW9OiY@public.gmane.org>
2016-01-31 20:11 ` Andy Lutomirski
2016-01-31 20:11 ` Andy Lutomirski
[not found] ` <CALCETrXPYLqunBNxjS8bpmpg+jG_MXbSyZtUVK3X3m+pGSQ1Og-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-01-31 22:36 ` Stas Sergeev
2016-01-31 22:36 ` Stas Sergeev
[not found] ` <56AE8C80.6030408-cmBhpYW9OiY@public.gmane.org>
2016-01-31 22:44 ` Andy Lutomirski
2016-01-31 22:44 ` Andy Lutomirski
[not found] ` <CALCETrU2u7h98oqtMcgvU54j21-bpTfBXUEJNQO9r1w5FHc-HQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-01-31 23:45 ` Stas Sergeev
2016-01-31 23:45 ` Stas Sergeev
2016-02-01 16:06 ` Oleg Nesterov [this message]
2016-02-01 16:06 ` Oleg Nesterov
[not found] ` <20160201160625.GA18276-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-02-01 16:57 ` Stas Sergeev
2016-02-01 16:57 ` Stas Sergeev
[not found] ` <56AF8E89.5090400-cmBhpYW9OiY@public.gmane.org>
2016-02-01 17:27 ` Oleg Nesterov
2016-02-01 17:27 ` Oleg Nesterov
2016-02-01 17:09 ` Oleg Nesterov
2016-02-01 17:09 ` Oleg Nesterov
2016-02-01 17:26 ` Stas Sergeev
2016-02-01 18:04 ` Oleg Nesterov
[not found] ` <20160201180443.GA21064-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-02-01 18:16 ` Stas Sergeev
2016-02-01 18:16 ` Stas Sergeev
[not found] ` <56AFA0E2.1030302-cmBhpYW9OiY@public.gmane.org>
2016-02-01 18:28 ` Andy Lutomirski
2016-02-01 18:28 ` Andy Lutomirski
[not found] ` <CALCETrWv87BS5hH20qKd7WGuf6EAEb4f78Myq+6fqXgSJWoiew-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-02-01 18:40 ` Stas Sergeev
2016-02-01 18:40 ` Stas Sergeev
2016-02-01 18:52 ` Oleg Nesterov
2016-02-01 18:52 ` Oleg Nesterov
[not found] ` <20160201185223.GA21136-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-02-01 19:01 ` Stas Sergeev
2016-02-01 19:01 ` Stas Sergeev
2016-02-01 19:29 ` Oleg Nesterov
[not found] ` <20160201192936.GA21214-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-02-01 19:46 ` Stas Sergeev
2016-02-01 19:46 ` Stas Sergeev
2016-02-01 20:41 ` Oleg Nesterov
[not found] ` <20160201204114.GA21638-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-02-01 23:06 ` Stas Sergeev
2016-02-01 23:06 ` Stas Sergeev
-- strict thread matches above, loose matches on Subject: below --
2016-01-31 19:10 [PATCH v2 0/4] make sigaltstack() compatible with swapcontext() Stas Sergeev
[not found] ` <56AE5C08.6010403-cmBhpYW9OiY@public.gmane.org>
2016-01-31 19:18 ` [PATCH 4/4] sigaltstack: allow disabling and re-enabling sas within sighandler Stas Sergeev
2016-01-31 19:18 ` Stas Sergeev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160201160625.GA18276@redhat.com \
--to=oleg-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=aarcange-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=amanieu-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=cyphar-gVpy/LI/lHzQT0dZR+AlfA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=jason.low2-VXdhtT5mjnY@public.gmane.org \
--cc=josh-iaAMLnmF4UmaiuxdJuQwMA@public.gmane.org \
--cc=khlebnikov-XoJtRXgx1JseBXzfvpsJ4g@public.gmane.org \
--cc=kirill.shutemov-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mingo-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=palmer-96lFi9zoCfxBDgjK7y7TUQ@public.gmane.org \
--cc=peterz-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=pmoore-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=richard-/L3Ra7n9ekc@public.gmane.org \
--cc=stsp-cmBhpYW9OiY@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
--cc=vdavydov-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
--cc=xypron.glpk-Mmb7MZpHnFY@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.