From: ebiederm@xmission.com (Eric W. Biederman)
To: Dave Martin <Dave.Martin@arm.com>
Cc: linux-arch@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
Nicolas Pitre <nico@linaro.org>, Tony Lindgren <tony@atomide.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Tyler Baicar <tbaicar@codeaurora.org>,
Will Deacon <will.deacon@arm.com>,
linux-kernel@vger.kernel.org, Oleg Nesterov <oleg@redhat.com>,
James Morse <james.morse@arm.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Olof Johansson <olof@lixom.net>,
Santosh Shilimkar <santosh.shilimkar@ti.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH 07/11] signal/arm64: Document conflicts with SI_USER and SIGFPE, SIGTRAP, SIGBUS
Date: Wed, 17 Jan 2018 11:24:06 -0600 [thread overview]
Message-ID: <87h8rkflft.fsf@xmission.com> (raw)
In-Reply-To: <20180117171729.GJ22781@e103592.cambridge.arm.com> (Dave Martin's message of "Wed, 17 Jan 2018 17:17:29 +0000")
Dave Martin <Dave.Martin@arm.com> writes:
> On Mon, Jan 15, 2018 at 11:23:03AM -0600, Eric W. Biederman wrote:
>> Dave Martin <Dave.Martin@arm.com> writes:
>>
>> > On Thu, Jan 11, 2018 at 06:59:36PM -0600, Eric W. Biederman wrote:
>
> [...]
>
>> >> Possible ABI fixes include:
>> >> - Send the signal without siginfo
>> >> - Don't generate a signal
>
> [...]
>
>> >> - Possibly assign and use an appropriate si_code
>> >> - Don't handle cases which can't happen
>> >
>> > I think a mixture of these two is the best approach.
>> >
>> > In any case, si_code == 0 here doesn't seem to have any explicit meaning.
>> > I think we can translate all of the arm64 faults to proper si_codes --
>> > see my sketch below. Probably means a bit more thought though.
>
> [...]
>
>> >> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
>
> [...]
>
>> >> @@ -607,70 +607,70 @@ static int do_sea(unsigned long addr, unsigned int esr, struct pt_regs *regs)
>> >> }
>> >>
>> >> static const struct fault_info fault_info[] = {
>> >> - { do_bad, SIGBUS, 0, "ttbr address size fault" },
>> >> - { do_bad, SIGBUS, 0, "level 1 address size fault" },
>> >> - { do_bad, SIGBUS, 0, "level 2 address size fault" },
>> >> - { do_bad, SIGBUS, 0, "level 3 address size fault" },
>
> If I convert this kind of thing to SIGKILL there really is nothing
> sensible to put in si_code, except possibly SI_KERNEL (indicating that
> the kill did not come from userspace). Even so, it hardly seems worth
> filling in fields like si_pid and si_uid just to make this "correct".
>
> In any case, if siginfo is never seen by userspace for SIGKILL this is
> moot.
>
> Obviously, siginfo is never copied to the user stack in that case, but
> is it also guaranteed not to be visible to userspace by other means?
> For ptrace I'm hoping not, since SIGKILL should nuke the tracee
> immediately instead of being reported to the tracer as a
> signal-delivery-stop -- so the tracer should get WIFSIGNALED() &&
> WTERMSIG() == SIGKILL. A subsequent PTRACE_GETSIGINFO would fail with
> ESRCH.
>
> Does that match your understanding?
>
> If so, there is some merit in not pretending to pass a reall value
> for si_code.
>
> Should si_code simply be ignored for the SIGKILL case?
I know what x86 does in a similar case is it uses force_sig instead of
force_sig_info. Then the generic code gets to worry about
If the appropriate paths generic paths get to worry about what siginfo
to fill in in that case. Which for SI_KERNEL is zero for everything
except the si_code and the si_signo.
That seems perfectly reasonable.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 07/11] signal/arm64: Document conflicts with SI_USER and SIGFPE, SIGTRAP, SIGBUS
Date: Wed, 17 Jan 2018 11:24:06 -0600 [thread overview]
Message-ID: <87h8rkflft.fsf@xmission.com> (raw)
In-Reply-To: <20180117171729.GJ22781@e103592.cambridge.arm.com> (Dave Martin's message of "Wed, 17 Jan 2018 17:17:29 +0000")
Dave Martin <Dave.Martin@arm.com> writes:
> On Mon, Jan 15, 2018 at 11:23:03AM -0600, Eric W. Biederman wrote:
>> Dave Martin <Dave.Martin@arm.com> writes:
>>
>> > On Thu, Jan 11, 2018 at 06:59:36PM -0600, Eric W. Biederman wrote:
>
> [...]
>
>> >> Possible ABI fixes include:
>> >> - Send the signal without siginfo
>> >> - Don't generate a signal
>
> [...]
>
>> >> - Possibly assign and use an appropriate si_code
>> >> - Don't handle cases which can't happen
>> >
>> > I think a mixture of these two is the best approach.
>> >
>> > In any case, si_code == 0 here doesn't seem to have any explicit meaning.
>> > I think we can translate all of the arm64 faults to proper si_codes --
>> > see my sketch below. Probably means a bit more thought though.
>
> [...]
>
>> >> diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
>
> [...]
>
>> >> @@ -607,70 +607,70 @@ static int do_sea(unsigned long addr, unsigned int esr, struct pt_regs *regs)
>> >> }
>> >>
>> >> static const struct fault_info fault_info[] = {
>> >> - { do_bad, SIGBUS, 0, "ttbr address size fault" },
>> >> - { do_bad, SIGBUS, 0, "level 1 address size fault" },
>> >> - { do_bad, SIGBUS, 0, "level 2 address size fault" },
>> >> - { do_bad, SIGBUS, 0, "level 3 address size fault" },
>
> If I convert this kind of thing to SIGKILL there really is nothing
> sensible to put in si_code, except possibly SI_KERNEL (indicating that
> the kill did not come from userspace). Even so, it hardly seems worth
> filling in fields like si_pid and si_uid just to make this "correct".
>
> In any case, if siginfo is never seen by userspace for SIGKILL this is
> moot.
>
> Obviously, siginfo is never copied to the user stack in that case, but
> is it also guaranteed not to be visible to userspace by other means?
> For ptrace I'm hoping not, since SIGKILL should nuke the tracee
> immediately instead of being reported to the tracer as a
> signal-delivery-stop -- so the tracer should get WIFSIGNALED() &&
> WTERMSIG() == SIGKILL. A subsequent PTRACE_GETSIGINFO would fail with
> ESRCH.
>
> Does that match your understanding?
>
> If so, there is some merit in not pretending to pass a reall value
> for si_code.
>
> Should si_code simply be ignored for the SIGKILL case?
I know what x86 does in a similar case is it uses force_sig instead of
force_sig_info. Then the generic code gets to worry about
If the appropriate paths generic paths get to worry about what siginfo
to fill in in that case. Which for SI_KERNEL is zero for everything
except the si_code and the si_signo.
That seems perfectly reasonable.
Eric
next prev parent reply other threads:[~2018-01-17 17:24 UTC|newest]
Thread overview: 122+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-12 0:57 [PATCH 00/11] siginfo fixes/cleanups esp SI_USER Eric W. Biederman
2018-01-12 0:57 ` Eric W. Biederman
2018-01-12 0:59 ` [PATCH 01/11] signal: Simplify and fix kdb_send_sig Eric W. Biederman
2018-01-12 0:59 ` [PATCH 02/11] signal/sh: Ensure si_signo is initialized in do_divide_error Eric W. Biederman
2018-01-12 0:59 ` Eric W. Biederman
2018-01-12 0:59 ` [PATCH 03/11] signal/openrisc: Fix do_unaligned_access to send the proper signal Eric W. Biederman
2018-01-12 0:59 ` [OpenRISC] " Eric W. Biederman
2018-01-12 13:25 ` Stafford Horne
2018-01-12 13:25 ` [OpenRISC] " Stafford Horne
2018-01-12 17:37 ` Eric W. Biederman
2018-01-12 17:37 ` [OpenRISC] " Eric W. Biederman
2018-01-12 0:59 ` [PATCH 04/11] signal/parisc: Document a conflict with SI_USER with SIGFPE Eric W. Biederman
2018-01-12 22:29 ` Helge Deller
2018-01-13 21:06 ` Eric W. Biederman
2018-01-14 1:46 ` Eric W. Biederman
2018-02-23 0:15 ` Eric W. Biederman
2018-02-25 19:49 ` Helge Deller
2018-02-27 2:19 ` Eric W. Biederman
2018-01-12 0:59 ` [PATCH 05/11] signal/metag: " Eric W. Biederman
2018-01-12 0:59 ` [PATCH 06/11] signal/powerpc: Document conflicts with SI_USER and SIGFPE and SIGTRAP Eric W. Biederman
2018-01-12 0:59 ` [PATCH 07/11] signal/arm64: Document conflicts with SI_USER and SIGFPE,SIGTRAP,SIGBUS Eric W. Biederman
2018-01-12 0:59 ` [PATCH 07/11] signal/arm64: Document conflicts with SI_USER and SIGFPE, SIGTRAP, SIGBUS Eric W. Biederman
2018-01-15 16:30 ` Dave Martin
2018-01-15 16:30 ` Dave Martin
2018-01-15 17:23 ` Eric W. Biederman
2018-01-15 17:23 ` Eric W. Biederman
2018-01-16 17:24 ` Dave Martin
2018-01-16 22:28 ` Eric W. Biederman
2018-01-17 11:46 ` Dave Martin
2018-01-17 11:46 ` Dave Martin
2018-01-17 11:57 ` Russell King - ARM Linux
2018-01-17 11:57 ` Russell King - ARM Linux
2018-01-17 12:15 ` Dave Martin
2018-01-17 12:15 ` Dave Martin
2018-01-17 12:37 ` Russell King - ARM Linux
2018-01-17 12:37 ` Russell King - ARM Linux
2018-01-17 15:37 ` Dave Martin
2018-01-17 15:37 ` Dave Martin
2018-01-17 15:49 ` Russell King - ARM Linux
2018-01-17 15:49 ` Russell King - ARM Linux
2018-01-17 16:11 ` Dave Martin
2018-01-17 16:11 ` Dave Martin
2018-01-17 16:45 ` Eric W. Biederman
2018-01-17 16:45 ` Eric W. Biederman
2018-01-17 16:45 ` Eric W. Biederman
2018-01-17 16:45 ` Eric W. Biederman
2018-01-17 17:14 ` Russell King - ARM Linux
2018-01-17 17:14 ` Russell King - ARM Linux
2018-01-24 21:28 ` Eric W. Biederman
2018-01-24 21:28 ` Eric W. Biederman
2018-01-24 21:28 ` Eric W. Biederman
2018-01-17 17:17 ` Dave Martin
2018-01-17 17:17 ` Dave Martin
2018-01-17 17:24 ` Eric W. Biederman [this message]
2018-01-17 17:24 ` Eric W. Biederman
2018-01-17 17:39 ` Dave Martin
2018-01-17 17:39 ` Dave Martin
2018-01-15 19:30 ` James Morse
2018-01-15 19:30 ` James Morse
2018-01-12 0:59 ` [PATCH 08/11] signal/arm: Document conflicts with SI_USER and SIGFPE Eric W. Biederman
2018-01-12 0:59 ` Eric W. Biederman
2018-01-12 0:59 ` Eric W. Biederman
2018-01-15 17:49 ` Russell King - ARM Linux
2018-01-15 17:49 ` Russell King - ARM Linux
2018-01-15 20:12 ` Eric W. Biederman
2018-01-15 20:12 ` Eric W. Biederman
2018-01-16 17:41 ` Dave Martin
2018-01-19 12:05 ` Dave Martin
2018-01-19 12:05 ` Dave Martin
2018-01-12 0:59 ` [PATCH 09/11] signal: Reduce copy_siginfo to just a memcpy Eric W. Biederman
2018-01-12 0:59 ` [PATCH 10/11] signal: Introduce clear_siginfo Eric W. Biederman
2018-01-12 0:59 ` [PATCH 11/11] signal: Ensure generic siginfos the kernel sends have all bits initialized Eric W. Biederman
2018-01-12 20:29 ` [PATCH 0/2] siginfo fixes Eric W. Biederman
2018-01-12 20:29 ` Eric W. Biederman
2018-01-12 20:31 ` [PATCH 1/2] mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy Eric W. Biederman
2018-01-12 20:31 ` [PATCH 2/2] x86/mm/pkeys: Fix fill_sig_info_pkey Eric W. Biederman
2018-01-14 11:44 ` [tip:x86/urgent] " tip-bot for Eric W. Biederman
2018-01-16 0:39 ` [PATCH 00/22] siginfo unification Eric W. Biederman
2018-01-16 0:39 ` Eric W. Biederman
2018-01-16 0:39 ` [PATCH 01/22] signal: Document all of the signals that use the _sigfault union member Eric W. Biederman
2018-01-16 0:39 ` [PATCH 02/22] signal: Document the strange si_codes used by ptrace event stops Eric W. Biederman
2018-01-16 0:39 ` [PATCH 03/22] signal: Document glibc's si_code of SI_ASYNCNL Eric W. Biederman
2018-01-16 0:39 ` [PATCH 04/22] signal: Ensure no siginfo union member increases the size of struct siginfo Eric W. Biederman
2018-01-16 0:39 ` [PATCH 05/22] signal: Clear si_sys_private before copying siginfo to userspace Eric W. Biederman
2018-01-16 0:39 ` [PATCH 06/22] signal: Remove _sys_private and _overrun_incr from struct compat_siginfo Eric W. Biederman
2018-01-16 0:39 ` [PATCH 07/22] ia64/signal: switch to generic struct siginfo Eric W. Biederman
2018-01-16 0:39 ` [PATCH 08/22] signal/ia64: switch the last arch-specific copy_siginfo_to_user() to generic version Eric W. Biederman
2018-01-16 0:39 ` [PATCH 09/22] signal/mips: switch mips to generic siginfo Eric W. Biederman
2018-01-16 0:39 ` [PATCH 10/22] signal: Remove unnecessary ifdefs now that there is only one struct siginfo Eric W. Biederman
2018-01-16 0:39 ` [PATCH 11/22] signal: kill __ARCH_SI_UID_T Eric W. Biederman
2018-01-16 0:39 ` [PATCH 12/22] signal: unify compat_siginfo_t Eric W. Biederman
2018-01-16 0:40 ` [PATCH 13/22] signal: Move addr_lsb into the _sigfault union for clarity Eric W. Biederman
2018-03-16 19:00 ` Dave Hansen
2018-03-16 19:24 ` Dave Hansen
2018-03-16 20:06 ` Eric W. Biederman
2018-03-16 20:33 ` Dave Hansen
2018-03-16 21:08 ` Eric W. Biederman
2018-01-16 0:40 ` [PATCH 14/22] signal/powerpc: Remove redefinition of NSIGTRAP on powerpc Eric W. Biederman
2018-01-16 0:40 ` [PATCH 15/22] signal/ia64: Move the ia64 specific si_codes to asm-generic/siginfo.h Eric W. Biederman
2018-01-16 0:40 ` [PATCH 16/22] signal/frv: Move the frv " Eric W. Biederman
2018-01-16 0:40 ` [PATCH 17/22] signal/tile: Move the tile " Eric W. Biederman
2018-01-16 0:40 ` [PATCH 18/22] signal/blackfin: Move the blackfin " Eric W. Biederman
2018-01-16 0:40 ` [PATCH 19/22] signal/blackfin: Remove pointless UID16_SIGINFO_COMPAT_NEEDED Eric W. Biederman
2018-01-16 0:40 ` [PATCH 20/22] signal: Unify and correct copy_siginfo_from_user32 Eric W. Biederman
2018-01-16 0:40 ` [PATCH 21/22] signal: Remove the code to clear siginfo before calling copy_siginfo_from_user32 Eric W. Biederman
2018-01-16 0:40 ` [PATCH 22/22] signal: Unify and correct copy_siginfo_to_user32 Eric W. Biederman
2018-01-19 18:03 ` Al Viro
2018-01-19 21:04 ` Eric W. Biederman
2018-01-23 21:05 ` [PATCH 00/10] siginfo infrastructure Eric W. Biederman
2018-01-23 21:05 ` Eric W. Biederman
2018-01-23 21:07 ` [PATCH 01/10] ptrace: Use copy_siginfo in setsiginfo and getsiginfo Eric W. Biederman
2018-01-23 21:07 ` [PATCH 02/10] signal/arm64: Better isolate the COMPAT_TASK portion of ptrace_hbptriggered Eric W. Biederman
2018-01-23 21:07 ` [PATCH 03/10] signal: Don't use structure initializers for struct siginfo Eric W. Biederman
2018-01-23 21:07 ` [PATCH 04/10] signal: Replace memset(info,...) with clear_siginfo for clarity Eric W. Biederman
2018-01-23 21:07 ` [PATCH 05/10] signal: Add send_sig_fault and force_sig_fault Eric W. Biederman
2018-01-23 21:07 ` [PATCH 06/10] signal: Helpers for faults with specialized siginfo layouts Eric W. Biederman
2018-01-24 19:26 ` Ram Pai
2018-01-24 20:54 ` Eric W. Biederman
2018-01-23 21:07 ` [PATCH 07/10] signal/powerpc: Remove unnecessary signal_code parameter of do_send_trap Eric W. Biederman
2018-01-23 21:07 ` [PATCH 08/10] signal/ptrace: Add force_sig_ptrace_errno_trap and use it where needed Eric W. Biederman
2018-01-23 21:07 ` [PATCH 09/10] mm/memory_failure: Remove unused trapno from memory_failure Eric W. Biederman
2018-01-23 21:07 ` [PATCH 10/10] signal/memory-failure: Use force_sig_mceerr and send_sig_mceerr Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87h8rkflft.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=Dave.Martin@arm.com \
--cc=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=james.morse@arm.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nico@linaro.org \
--cc=oleg@redhat.com \
--cc=olof@lixom.net \
--cc=santosh.shilimkar@ti.com \
--cc=tbaicar@codeaurora.org \
--cc=tony@atomide.com \
--cc=viro@zeniv.linux.org.uk \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.