From: Michael Schmitz <schmitzmic@gmail.com>
To: Finn Thain <fthain@linux-m68k.org>
Cc: linux-m68k@vger.kernel.org, geert@linux-m68k.org,
Andreas Schwab <schwab@linux-m68k.org>,
Stan Johnson <userm57@yahoo.com>
Subject: Re: [PATCH RFC v1] m68k: signal.c: use signal frame gap to avoid stack corruption
Date: Sun, 30 Apr 2023 08:08:32 +1200 [thread overview]
Message-ID: <10ace434-8b76-bd38-5570-9befc9eb7b98@gmail.com> (raw)
In-Reply-To: <ad929524-52c8-143c-5249-02fd1722383d@linux-m68k.org>
Hi Finn,
thanks for your feedback!
Am 29.04.2023 um 21:49 schrieb Finn Thain:
>> diff --git a/arch/m68k/kernel/signal.c b/arch/m68k/kernel/signal.c
>> index dfc7590abce8..75f4c4943231 100644
>> --- a/arch/m68k/kernel/signal.c
>> +++ b/arch/m68k/kernel/signal.c
>> @@ -858,11 +858,23 @@ static inline int rt_setup_ucontext(struct ucontext __user *uc, struct pt_regs *
>> }
>>
>> static inline void __user *
>> -get_sigframe(struct ksignal *ksig, size_t frame_size)
>> +get_sigframe(struct ksignal *ksig, struct pt_regs *regs, size_t frame_size)
>> {
>> - unsigned long usp = sigsp(rdusp(), ksig);
>> + struct pt_regs *tregs = rte_regs(regs);
>> + unsigned long usp = rdusp();
>> + unsigned long ssp = sigsp(usp, ksig);
>> +
>> + if (CPU_IS_020_OR_030 && ssp == usp && tregs->format == 0xb) {
>> + struct frame *fmtbframe = (struct frame *) regs;
>> + unsigned long fltp = (unsigned long) fmtbframe->un.fmtb.daddr;
>> +
>> + if (fltp < ssp &&
>> + (fltp >> PAGE_SHIFT) == (ssp >> PAGE_SHIFT)-1 &&
>> + (((fltp - frame_size) & -8UL) >> PAGE_SHIFT) == (fltp >> PAGE_SHIFT))
>> + ssp = fltp;
>> + }
>>
>> - return (void __user *)((usp - frame_size) & -8UL);
>> + return (void __user *)((ssp - frame_size) & -8UL);
>> }
>>
>> static int setup_frame(struct ksignal *ksig, sigset_t *set,
>
> That seems over-complicated to me... I must be missing something.
>
> What I had in mind was something like this (untested):
>
> unsigned long usp;
>
> if (CPU_IS_020_OR_030 && tregs->format == 0xb)
> /* USP is unreliable so use the worst-case value. */
> usp = sigsp(rdusp() - 256, ksig);
> else
> usp = sigsp(rdusp(), ksig);
>
> return (void __user *)((usp - frame_size) & -8UL);
sigsp() may return an address from the alternate signal stack. In that
case, no adjustment to the signal stack address is advised.
The fault address may be on a different page than the normal signal
stack address (should have tested that perhaps, instead of the second
condition above). In that case we should not adjust the signal stack,
either.
As to the rest, it's a matter of how detrimental indiscriminate use of
the worst case gap size might be. Finding the 'best' adjustment may be
more hassle than it's worth.
I'll run some stress testing on both versions
Cheers,
Michael
next prev parent reply other threads:[~2023-04-29 20:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-29 8:04 [PATCH RFC v1] m68k: signal.c: use signal frame gap to avoid stack corruption Michael Schmitz
2023-04-29 8:17 ` Andreas Schwab
2023-04-29 9:01 ` Michael Schmitz
2023-04-29 9:49 ` Finn Thain
2023-04-29 20:08 ` Michael Schmitz [this message]
2023-04-30 0:24 ` Finn Thain
2023-04-30 7:56 ` Michael Schmitz
2023-04-30 9:24 ` Finn Thain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=10ace434-8b76-bd38-5570-9befc9eb7b98@gmail.com \
--to=schmitzmic@gmail.com \
--cc=fthain@linux-m68k.org \
--cc=geert@linux-m68k.org \
--cc=linux-m68k@vger.kernel.org \
--cc=schwab@linux-m68k.org \
--cc=userm57@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox