From: "H. Peter Anvin" <hpa@kernel.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
x86@kernel.org, Ingo Molnar <mingo@elte.hu>,
richard -rw- weinberger <richard.weinberger@gmail.com>,
Adrian Bunk <bunk@stusta.de>,
"H. Peter Anvin" <hpa@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/2] Fix and re-enable vsyscall=emulate
Date: Mon, 05 Dec 2011 03:18:23 -0800 [thread overview]
Message-ID: <4EDCA87F.6020201@kernel.org> (raw)
In-Reply-To: <CALCETrVxHvH61D-xY6vq4ymWXAVOdj8=XV_ENqLQUJ5rMieuEg@mail.gmail.com>
On 12/02/2011 02:47 PM, Andy Lutomirski wrote:
> On Mon, Nov 7, 2011 at 4:33 PM, Andy Lutomirski <luto@amacapital.net> wrote:
>> The really nice fix (wiring up access_ok failures to be able to raise
>> signals) won't be ready on time for 3.2, so let's try the simpler fix
>> for now.
>
> I spoke to hpa about this a couple days ago, and he pointed out a
> problem with making access_ok send signals. Userspace expects signals
> that come with full context information to be restartable, and many
> system calls are not restartable. read() and write() are the obvious
> examples: once they're processed the beginning of the buffer, unless
> they adjust their parameters, they can't safely be restarted. So
> without massive changes, I think allowing access_ok to raise a signal
> with full context is asking for trouble.
>
> I can still do the patch with two modes: signals without context via
> arch_prctl and signals with context via vsyscall emulation, but that's
> probably overkill for fixing this bug. I'd say just apply these
> patches as is (for 3.3).
>
It's somewhat questionable if the "return -EFAULT and deliver SIGSEGV"
semantic resolves the problem; obviously the signal handler isn't
restartable, but returning from the signal handler will at least cause
the application to see the EFAULT and not try to restart a system call
in a way that is likely to cause massive failure. If the handler is
aware about what needs to be done then it can correct the situation and
restart the system call -- but it would have to have detailed
information about the state before the system call.
I am also concerned about information leaks from the kernel. The
existing kernel paths are not necessarily designed to be robust against
giving out additional error information. This may be a theoretical
concern, but there have been real security holes in the past from these
kinds of changes.
-hpa
next prev parent reply other threads:[~2011-12-05 11:21 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-03 9:08 [3.1 patch] x86: default to vsyscall=native Adrian Bunk
2011-10-03 13:04 ` Andrew Lutomirski
2011-10-03 17:33 ` Adrian Bunk
2011-10-03 18:06 ` Andrew Lutomirski
2011-10-03 18:41 ` Adrian Bunk
2011-10-05 22:13 ` Andrew Lutomirski
2011-10-05 22:22 ` richard -rw- weinberger
2011-10-05 22:30 ` Adrian Bunk
2011-10-05 22:41 ` richard -rw- weinberger
2011-10-05 22:46 ` Andrew Lutomirski
2011-10-05 23:36 ` Andrew Lutomirski
2011-10-06 3:06 ` Andrew Lutomirski
2011-10-06 12:12 ` richard -rw- weinberger
2011-10-06 15:37 ` richard -rw- weinberger
2011-10-06 18:16 ` Andrew Lutomirski
2011-10-06 18:34 ` Linus Torvalds
2011-10-07 0:48 ` Andrew Lutomirski
2011-10-10 11:19 ` richard -rw- weinberger
2011-10-10 11:48 ` Ingo Molnar
2011-10-10 15:31 ` Andrew Lutomirski
2011-10-11 6:22 ` Ingo Molnar
2011-10-11 17:24 ` [RFC] fixing the UML failure root cause Andrew Lutomirski
2011-10-13 6:19 ` Linus Torvalds
2011-10-13 8:40 ` Andrew Lutomirski
2011-10-14 4:46 ` Linus Torvalds
2011-10-14 6:30 ` Andrew Lutomirski
2011-10-14 20:10 ` Linus Torvalds
2011-10-21 21:01 ` [PATCH] x86-64: Set siginfo and context on vsyscall emulation faults Andy Lutomirski
2011-10-22 4:46 ` Linus Torvalds
2011-10-22 9:07 ` Andy Lutomirski
2011-11-08 0:33 ` [PATCH 0/2] Fix and re-enable vsyscall=emulate Andy Lutomirski
2011-11-08 0:33 ` [PATCH 1/2] x86-64: Set siginfo and context on vsyscall emulation faults Andy Lutomirski
2011-12-05 13:23 ` [tip:x86/asm] " tip-bot for Andy Lutomirski
2011-11-08 0:33 ` [PATCH 2/2] x86: Default to vsyscall=emulate Andy Lutomirski
2011-12-05 13:24 ` [tip:x86/asm] " tip-bot for Andy Lutomirski
2011-12-02 22:47 ` [PATCH 0/2] Fix and re-enable vsyscall=emulate Andy Lutomirski
2011-12-05 11:18 ` H. Peter Anvin [this message]
2011-10-14 19:53 ` [RFC] fixing the UML failure root cause richard -rw- weinberger
2011-10-14 20:17 ` Andrew Lutomirski
2011-10-14 20:23 ` richard -rw- weinberger
2011-10-14 20:31 ` Andrew Lutomirski
2011-10-14 20:39 ` richard -rw- weinberger
2011-10-14 22:28 ` richard -rw- weinberger
2011-10-15 16:57 ` Ingo Molnar
2011-10-05 22:24 ` [3.1 patch] x86: default to vsyscall=native Adrian Bunk
2011-10-03 13:19 ` richard -rw- weinberger
2011-10-03 17:46 ` Adrian Bunk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EDCA87F.6020201@kernel.org \
--to=hpa@kernel.org \
--cc=bunk@stusta.de \
--cc=hpa@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@elte.hu \
--cc=mingo@redhat.com \
--cc=richard.weinberger@gmail.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.