From: Al Viro <viro@zeniv.linux.org.uk>
To: Nick Desaulniers <ndesaulniers@google.com>
Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
Peter Zijlstra <peterz@infradead.org>,
clang-built-linux@googlegroups.com,
Linus Torvalds <torvalds@linux-foundation.org>,
"H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
Andy Lutomirski <luto@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
Marco Elver <elver@google.com>, Brian Gerst <brgerst@gmail.com>,
Arnd Bergmann <arnd@arndb.de>,
Andrew Morton <akpm@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] x86: signal: move save_altstack_ex out of generic headers
Date: Sat, 4 Apr 2020 00:39:24 +0100 [thread overview]
Message-ID: <20200403233924.GM23230@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20200403231611.81444-1-ndesaulniers@google.com>
On Fri, Apr 03, 2020 at 04:16:06PM -0700, Nick Desaulniers wrote:
> In some configurations (clang+KASAN), sas_ss_reset() may emit calls to
> memset(). This is a problem for SMAP protections on x86, which should
> try to minimize calls to any function not already on short whitelist, in
> order to prevent leaking AC flags or being used as a gadget.
>
> Linus noted that unsafe_save_altstack() only has callsites in the
> arch-specific arch/x86/kernel/signal.c, and shouldn't be defined in arch
> independent headers.
>
> Split the logic of unsafe_save_altstack() into two, and move the definitions
> to arch/x86/include/asm/sigframe.h. This does less work with the SMAP
> guards down.
Just move that into signal_delivered() and that's it. SMAP or no SMAP -
doing that until the sigframe is set and we are committed to entering
the handler is wrong.
next prev parent reply other threads:[~2020-04-03 23:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-24 22:08 [PATCH] x86: signal: move save_altstack_ex out of generic headers Nick Desaulniers
2020-04-03 23:16 ` [PATCH v2] " Nick Desaulniers
2020-04-03 23:39 ` Al Viro [this message]
2020-04-04 16:01 ` Oleg Nesterov
2020-04-04 17:06 ` Al Viro
2020-04-04 17:31 ` Linus Torvalds
2020-04-04 17:50 ` Oleg Nesterov
2020-04-04 22:50 ` Nathan Chancellor
2020-04-13 19:12 ` Nick Desaulniers
2020-06-26 18:18 ` Nick Desaulniers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200403233924.GM23230@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bigeasy@linutronix.de \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=clang-built-linux@googlegroups.com \
--cc=ebiederm@xmission.com \
--cc=elver@google.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=ndesaulniers@google.com \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=samitolvanen@google.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.