From: Dmitry Safonov <dima@arista.com>
To: linux-kernel@vger.kernel.org
Cc: Dmitry Safonov <0x7f454c46@gmail.com>,
Dmitry Safonov <dima@arista.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Borislav Petkov <bp@alien8.de>,
Catalin Marinas <catalin.marinas@arm.com>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Guo Ren <guoren@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Ingo Molnar <mingo@redhat.com>, Oleg Nesterov <oleg@redhat.com>,
Russell King <linux@armlinux.org.uk>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Thomas Gleixner <tglx@linutronix.de>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
Will Deacon <will@kernel.org>,
x86@kernel.org
Subject: [PATCH 12/19] x86/signal: Land on &frame->retcode when vdso isn't mapped
Date: Sun, 8 Nov 2020 05:17:22 +0000 [thread overview]
Message-ID: <20201108051730.2042693-13-dima@arista.com> (raw)
In-Reply-To: <20201108051730.2042693-1-dima@arista.com>
Since commit 9fbbd4dd17d0 ("x86: Don't require the vDSO for handling
a.out signals") after processing 32-bit signal if there is no vdso
mapped frame->retcode is used as a landing.
Do the same for rt ia32 signals.
This shouldn't be mistaken for encouragement for running binaries with
executable stack, rather something to do in hopefully very rare
situation with disabled or unmapped vdso and absent SA_RESTORER.
For non-executable stack it'll segfault on attempt to land, rather than
land on a random address where vdso was previously mapped.
For programs with executable stack it'll just do the same for rt signals
as for non-rt.
Discouraging users to run with executable stack is done separately in
commit 47a2ebb7f505 ("execve: warn if process starts with executable
stack").
Signed-off-by: Dmitry Safonov <dima@arista.com>
---
arch/x86/ia32/ia32_signal.c | 12 +++++++-----
arch/x86/kernel/signal.c | 23 ++++++++++-------------
2 files changed, 17 insertions(+), 18 deletions(-)
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
index 81cf22398cd1..ea3db15b57bf 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -270,8 +270,8 @@ int ia32_setup_frame(int sig, struct ksignal *ksig,
unsafe_put_user(set->sig[1], &frame->extramask[0], Efault);
unsafe_put_user(ptr_to_compat(restorer), &frame->pretcode, Efault);
/*
- * These are actually not used anymore, but left because some
- * gdb versions depend on them as a marker.
+ * This is popl %eax ; movl $__NR_sigreturn, %eax ; int $0x80
+ * gdb uses it as a signature to notice signal handler stack frames.
*/
unsafe_put_user(*((u64 *)&code), (u64 __user *)frame->retcode, Efault);
user_access_end();
@@ -336,14 +336,16 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
- else
+ else if (current->mm->context.vdso)
restorer = current->mm->context.vdso +
vdso_image_32.sym___kernel_rt_sigreturn;
+ else
+ restorer = &frame->retcode;
unsafe_put_user(ptr_to_compat(restorer), &frame->pretcode, Efault);
/*
- * Not actually used anymore, but left because some gdb
- * versions need it.
+ * This is popl %eax ; movl $__NR_sigreturn, %eax ; int $0x80
+ * gdb uses it as a signature to notice signal handler stack frames.
*/
unsafe_put_user(*((u64 *)&code), (u64 __user *)frame->retcode, Efault);
unsafe_put_sigcontext32(&frame->uc.uc_mcontext, fp, regs, set, Efault);
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index ea794a083c44..372ec09dc4ac 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -317,23 +317,20 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set,
unsafe_put_user(sig, &frame->sig, Efault);
unsafe_put_sigcontext(&frame->sc, fp, regs, set, Efault);
unsafe_put_user(set->sig[1], &frame->extramask[0], Efault);
- if (current->mm->context.vdso)
+ if (ksig->ka.sa.sa_flags & SA_RESTORER)
+ restorer = ksig->ka.sa.sa_restorer;
+ else if (current->mm->context.vdso)
restorer = current->mm->context.vdso +
vdso_image_32.sym___kernel_sigreturn;
else
restorer = &frame->retcode;
- if (ksig->ka.sa.sa_flags & SA_RESTORER)
- restorer = ksig->ka.sa.sa_restorer;
/* Set up to return from userspace. */
unsafe_put_user(restorer, &frame->pretcode, Efault);
/*
* This is popl %eax ; movl $__NR_sigreturn, %eax ; int $0x80
- *
- * WE DO NOT USE IT ANY MORE! It's only left here for historical
- * reasons and because gdb uses it as a signature to notice
- * signal handler stack frames.
+ * gdb uses it as a signature to notice signal handler stack frames.
*/
unsafe_put_user(*((u64 *)&retcode), (u64 *)frame->retcode, Efault);
user_access_end();
@@ -382,18 +379,18 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
unsafe_save_altstack(&frame->uc.uc_stack, regs->sp, Efault);
/* Set up to return from userspace. */
- restorer = current->mm->context.vdso +
- vdso_image_32.sym___kernel_rt_sigreturn;
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
+ else if (current->mm->context.vdso)
+ restorer = current->mm->context.vdso +
+ vdso_image_32.sym___kernel_rt_sigreturn;
+ else
+ restorer = &frame->retcode;
unsafe_put_user(restorer, &frame->pretcode, Efault);
/*
* This is movl $__NR_rt_sigreturn, %ax ; int $0x80
- *
- * WE DO NOT USE IT ANY MORE! It's only left here for historical
- * reasons and because gdb uses it as a signature to notice
- * signal handler stack frames.
+ * gdb uses it as a signature to notice signal handler stack frames.
*/
unsafe_put_user(*((u64 *)&rt_retcode), (u64 *)frame->retcode, Efault);
unsafe_put_sigcontext(&frame->uc.uc_mcontext, fp, regs, set, Efault);
--
2.28.0
next prev parent reply other threads:[~2020-11-08 5:18 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-08 5:17 [PATCH 00/19] Add generic user_landing tracking Dmitry Safonov
2020-11-08 5:17 ` [PATCH 01/19] x86/elf: Check in_x32_syscall() in compat_arch_setup_additional_pages() Dmitry Safonov
2020-11-08 5:17 ` [PATCH 02/19] elf: Move arch_setup_additional_pages() to generic elf.h Dmitry Safonov
2020-11-13 6:58 ` kernel test robot
2020-11-13 7:01 ` kernel test robot
2020-11-08 5:17 ` [PATCH 03/19] arm64: Use in_compat_task() in arch_setup_additional_pages() Dmitry Safonov
2020-11-08 5:17 ` [PATCH 04/19] x86: Remove compat_arch_setup_additional_pages() Dmitry Safonov
2020-11-08 5:17 ` [PATCH 05/19] elf: " Dmitry Safonov
2020-11-08 5:17 ` [PATCH 06/19] elf/vdso: Reuse arch_setup_additional_pages() parameters Dmitry Safonov
2020-11-13 6:57 ` kernel test robot
2020-11-13 8:04 ` kernel test robot
2020-11-08 5:17 ` [PATCH 07/19] elf: Use sysinfo_ehdr in ARCH_DLINFO() Dmitry Safonov
2020-11-08 5:17 ` [PATCH 08/19] arm/vdso: Remove vdso pointer from mm->context Dmitry Safonov
2020-11-08 5:17 ` [PATCH 09/19] s390/vdso: Remove vdso_base " Dmitry Safonov
2020-11-08 5:17 ` [PATCH 10/19] sparc/vdso: Remove vdso " Dmitry Safonov
2020-11-08 5:17 ` [PATCH 11/19] mm/mmap: Make vm_special_mapping::mremap return void Dmitry Safonov
2020-11-08 5:17 ` Dmitry Safonov [this message]
2020-11-08 19:06 ` [PATCH 12/19] x86/signal: Land on &frame->retcode when vdso isn't mapped Andy Lutomirski
2020-11-09 1:22 ` Dmitry Safonov
2020-11-08 5:17 ` [PATCH 13/19] x86/signal: Check if vdso_image_32 is mapped before trying to land on it Dmitry Safonov
2020-11-08 5:17 ` [PATCH 14/19] mm: Add user_landing in mm_struct Dmitry Safonov
2020-11-08 19:04 ` Andy Lutomirski
2020-11-09 1:25 ` Dmitry Safonov
2020-11-08 5:17 ` [PATCH 15/19] x86/vdso: Migrate to user_landing Dmitry Safonov
2020-11-08 5:17 ` [PATCH 16/19] arm/vdso: " Dmitry Safonov
2020-11-08 5:17 ` [PATCH 17/19] arm64/vdso: Migrate compat signals " Dmitry Safonov
2020-11-08 5:17 ` [PATCH 18/19] arm64/vdso: Migrate native " Dmitry Safonov
2020-11-08 5:17 ` [PATCH 19/19] mips/vdso: Migrate " Dmitry Safonov
2020-11-13 9:58 ` kernel test robot
2020-11-08 19:07 ` [PATCH 00/19] Add generic user_landing tracking Andy Lutomirski
2020-11-09 1:27 ` Dmitry Safonov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201108051730.2042693-13-dima@arista.com \
--to=dima@arista.com \
--cc=0x7f454c46@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=christophe.leroy@csgroup.eu \
--cc=guoren@kernel.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=tglx@linutronix.de \
--cc=tsbogend@alpha.franken.de \
--cc=vincenzo.frascino@arm.com \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox