From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Lutomirski Subject: [PATCH 1/4] signals/sigaltstack: If SS_AUTODISARM, bypass on_sig_stack Date: Tue, 3 May 2016 10:31:49 -0700 Message-ID: References: Return-path: In-Reply-To: In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, Borislav Petkov , Andy Lutomirski , Stas Sergeev , Al Viro , Aleksa Sarai , Amanieu d'Antras , Andrea Arcangeli , Andrew Morton , Andy Lutomirski , Brian Gerst , Denys Vlasenko , "Eric W. Biederman" , Frederic Weisbecker , "H. Peter Anvin" , Heinrich Schuchardt , Jason Low , Josh Triplett , Konstantin Khlebnikov , Linus Torvalds , Oleg Nesterov , Palmer Dabbelt , Paul Moore , Pavel List-Id: linux-api@vger.kernel.org If a signal stack is set up with SS_AUTODISARM, then the kernel inherently avoids incorrectly resetting the signal stack if signals recurse: the signal stack will be reset on the first signal delivery. This means that we don't need check the stack pointer when delivering signals if SS_AUTODISARM is set. This will make segmented x86 programs more robust: currently there's a hole that could be triggered if ESP/RSP appears to point to the signal stack but actually doesn't due to a nonzero SS base. Signed-off-by: Stas Sergeev Cc: Al Viro Cc: Aleksa Sarai Cc: Amanieu d'Antras Cc: Andrea Arcangeli Cc: Andrew Morton Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: Eric W. Biederman Cc: Frederic Weisbecker Cc: H. Peter Anvin Cc: Heinrich Schuchardt Cc: Jason Low Cc: Josh Triplett Cc: Konstantin Khlebnikov Cc: Linus Torvalds Cc: Oleg Nesterov Cc: Palmer Dabbelt Cc: Paul Moore Cc: Pavel Emelyanov Cc: Peter Zijlstra Cc: Richard Weinberger Cc: Sasha Levin Cc: Shuah Khan Cc: Tejun Heo Cc: Thomas Gleixner Cc: Vladimir Davydov Cc: linux-api@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Andy Lutomirski --- include/linux/sched.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/linux/sched.h b/include/linux/sched.h index 2950c5cd3005..8f03a93348b9 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -2576,6 +2576,18 @@ static inline int kill_cad_pid(int sig, int priv) */ static inline int on_sig_stack(unsigned long sp) { + /* + * If the signal stack is AUTODISARM then, by construction, we + * can't be on the signal stack unless user code deliberately set + * SS_AUTODISARM when we were already on the it. + * + * This improve reliability: if user state gets corrupted such that + * the stack pointer points very close to the end of the signal stack, + * then this check will enable the signal to be handled anyway. + */ + if (current->sas_ss_flags & SS_AUTODISARM) + return 0; + #ifdef CONFIG_STACK_GROWSUP return sp >= current->sas_ss_sp && sp - current->sas_ss_sp < current->sas_ss_size; -- 2.5.5