Received: by 2002:ac0:98c7:0:0:0:0:0 with SMTP id g7-v6csp1206828imd; Thu, 1 Nov 2018 11:53:36 -0700 (PDT) X-Google-Smtp-Source: AJdET5dooF8FSnCCePdboJkBHBwdMjCNtBAZkcpBaVNfBmEIGkehTCO0PkEBSXGaRRDPdEJcX/2b X-Received: by 2002:a63:5907:: with SMTP id n7mr8101322pgb.435.1541098416303; Thu, 01 Nov 2018 11:53:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1541098416; cv=none; d=google.com; s=arc-20160816; b=aTZUpA2/OIijL+7HYHpvpB+brjTUdQn6061lyC5nAX7NWeavE7Wq+HhUPQYl6GBmb9 pGccV2Ha/crfjWfnQazwCxRLuCd1GwE4iQOfUIvZVCKKIDteK4GhqzdtYgF42EXvGiYy ng8cu4fkeb/MdJejRb7/T776qeVLv/HjdFPI0N+CPkKZOh9NO9oya7d1TiIePvcPDMiB G4Kx314IyImowvkyVA5PBOQRk5q2yMHLRsAWE1n39d06mLz6LpJdBbzJmd3T4CxD/cBa JPfkSD1m7m07pBm5mO8CSbLz1fzHtOGElrZvbojAJdZA72lio/7SaBTYUHC87GYwZNy0 qw6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=grrroWFGlfTRvG3pCAgmI61O22y76r9XfE3pgzLDiwI=; b=MK8RQb8elSoL4bxOQ683qTshc7tqpDjMbgc2cKya+3pmZTe/As/EebX0AsaQYjBAyc qjrlDRCxghKhIemhRY99Drgn1qn/sqOrgtiSqHW87MrbBLDD8jEoIgepMeQN+zSCqPfK X0WHY8+yETzRZ3nAaxjoEZDquIMYwTjJJGRJw+O1NDIzWJEFBNSqbHiAUPUq1uLwV99X uuaf0a0jhOsYeqakg/i/pw42CM20oaXSPAfns75SODSRDhsU/nUrlABYLCdabS7vozcw StDdKMrrbp2Dswqj9bxSPhZVnNzHi7nrnxsTe0V59ss5PZvEZ8FWgpvFvlea8MvJnrL+ lyTg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f7-v6si26228813plr.213.2018.11.01.11.53.19; Thu, 01 Nov 2018 11:53:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727817AbeKBD4t (ORCPT + 99 others); Thu, 1 Nov 2018 23:56:49 -0400 Received: from 216-12-86-13.cv.mvl.ntelos.net ([216.12.86.13]:57918 "EHLO brightrain.aerifal.cx" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727065AbeKBD4t (ORCPT ); Thu, 1 Nov 2018 23:56:49 -0400 Received: from dalias by brightrain.aerifal.cx with local (Exim 3.15 #2) id 1gII4v-0001aI-00; Thu, 01 Nov 2018 18:52:25 +0000 Date: Thu, 1 Nov 2018 14:52:25 -0400 From: Rich Felker To: Jann Horn Cc: Andy Lutomirski , Dave Hansen , sean.j.christopherson@intel.com, jethro@fortanix.com, jarkko.sakkinen@linux.intel.com, Florian Weimer , Linux API , Linus Torvalds , the arch/x86 maintainers , linux-arch , kernel list , Peter Zijlstra , nhorman@redhat.com, npmccallum@redhat.com, serge.ayoun@intel.com, shay.katz-zamir@intel.com, linux-sgx@vger.kernel.org, andriy.shevchenko@linux.intel.com, Thomas Gleixner , Ingo Molnar , Borislav Petkov , carlos@redhat.com, adhemerval.zanella@linaro.org Subject: Re: RFC: userspace exception fixups Message-ID: <20181101185225.GC5150@brightrain.aerifal.cx> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 01, 2018 at 07:33:33PM +0100, Jann Horn wrote: > > but I'm > > wondering if a more general mechanism would be helpful. > > > > The basic idea would be to allow libc, or maybe even any library, to > > register a handler that gets a chance to act on an exception caused by > > a user instruction before a signal is delivered. As a straw-man > > example for how this could work, there could be a new syscall: > > > > long register_exception_handler(void (*handler)(int, siginfo_t *, void *)); > > > > If a handler is registered, then, if a synchronous exception happens > > (page fault, etc), the kernel would set up an exception frame as usual > > but, rather than checking for signal handlers, it would just call the > > registered handler. > > > That handler is expected to either handle the > > exception entirely on its own or to call one of two new syscalls to > > ask for normal signal delivery > > If you do it this way, these exception handlers would have to chain, There's no need to chain if the handler is specific to the context where the fault happens. You just replace the handler with the one relevant to the code you're about to run before you run it. > > or to ask to retry the faulting instruction. > > Why would that have to be a syscall? For signal handlers registered > with SA_NODEFER, you can basically leave the signal handler with a > longjmp, right? longjmp needs a jmp_buf; it can't return to the faulting instruction. Normally (though this is not defined) signal handlers return to the faulting instruction if they return, but if returning from the exception handler meant passing through to the signal disposition, a different mechanism would be needed to signal that you want to retry the faulting instruction. Rich