Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp278523pxy;
        Thu, 22 Apr 2021 01:48:04 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyJQf+6sStaXGRJjjAqGULvaqvVB2l6peBgizbShFcoR0qETuEpKVrtXw094ZILNzAkROhK
X-Received: by 2002:a17:906:a20b:: with SMTP id r11mr2210060ejy.323.1619081284564;
        Thu, 22 Apr 2021 01:48:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1619081284; cv=none;
        d=google.com; s=arc-20160816;
        b=Imbf+bRqRQa5DoZWmtLV09FPKfZU0CQ6U2yjGPNSHDlR9CLHnC7ecSIKvaPK4vnCXy
         4DenyqIGkZlfxyO3LmqxyrIF9Y3eAEP07fMPMl8Z7JYSs39PGFAGrISQNHUxRgPWNdqC
         FDqh1ZQpr8FmC+30jlSj4osg0waDCmN9xQ8K6uPcfSAwzVy3S5slLObMqiSwh1WNE5ef
         sV0mgbyqoI5LNWzocyOhyEgVB3Q4Pp8nz/IeezhjmRou8kXY9G88VPHfK/bBeLGG4spW
         qqwfA7YgTPH80gazlTelTkJ3wOBumerxDrpRPx9fLWnjOfPN+bacK8jQctstdAMYD4zf
         0kaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :mime-version:accept-language:in-reply-to:references:message-id:date
         :thread-index:thread-topic:subject:cc:to:from;
        bh=nVLp7pjIXeTb5pS/GgMeqMkp+W65CBbTPvhCZqou194=;
        b=vFizZDa48luzP17276QIa3+C/SdDzPvry56wLByXWlr9H/yjJAA8x09C9jpshn9VwS
         3JISq9rY49u/bxaKtrZf8igFO1AONXQt1XgHVVX1Dm/PgUOttKPn7igxwVdtsHtWlIOH
         AaIz7jWcKEj3m4lrn3rZ32RAkCD9+XgPTzjGrdoQO1uzTXVrNQzGp1cKBmhbueuBDsAv
         CNcaWsn7pw04oVkeNOilg8fFi6yWSzLUXwBaNKBWeefRvltYknxbj8ZK007gYAqoPtlf
         hzsGmepoVkKLpq9K7jVccoO21q8z91xGMwMS42Glr8X/TI0K44I1SjarM8un5ztH3FGx
         zYag==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id co16si1691171edb.192.2021.04.22.01.47.41;
        Thu, 22 Apr 2021 01:48:04 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S235486AbhDVIrA convert rfc822-to-8bit (ORCPT
        <rfc822;liu.h.jason@gmail.com> + 99 others);
        Thu, 22 Apr 2021 04:47:00 -0400
Received: from eu-smtp-delivery-151.mimecast.com ([185.58.85.151]:43108 "EHLO
        eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S235510AbhDVIq5 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 22 Apr 2021 04:46:57 -0400
Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) (Using
 TLS) by relay.mimecast.com with ESMTP id
 uk-mta-80-mYnYClkmMvq7hiPeIZodaQ-1; Thu, 22 Apr 2021 09:46:19 +0100
X-MC-Unique: mYnYClkmMvq7hiPeIZodaQ-1
Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by
 AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP
 Server (TLS) id 15.0.1497.2; Thu, 22 Apr 2021 09:46:14 +0100
Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by
 AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id
 15.00.1497.015; Thu, 22 Apr 2021 09:46:14 +0100
From:   David Laight <David.Laight@ACULAB.COM>
To:     "'Chang S. Bae'" <chang.seok.bae@intel.com>,
        "bp@suse.de" <bp@suse.de>,
        "tglx@linutronix.de" <tglx@linutronix.de>,
        "mingo@kernel.org" <mingo@kernel.org>,
        "luto@kernel.org" <luto@kernel.org>,
        "x86@kernel.org" <x86@kernel.org>
CC:     "len.brown@intel.com" <len.brown@intel.com>,
        "dave.hansen@intel.com" <dave.hansen@intel.com>,
        "hjl.tools@gmail.com" <hjl.tools@gmail.com>,
        "Dave.Martin@arm.com" <Dave.Martin@arm.com>,
        "jannh@google.com" <jannh@google.com>,
        "mpe@ellerman.id.au" <mpe@ellerman.id.au>,
        "carlos@redhat.com" <carlos@redhat.com>,
        "tony.luck@intel.com" <tony.luck@intel.com>,
        "ravi.v.shankar@intel.com" <ravi.v.shankar@intel.com>,
        "libc-alpha@sourceware.org" <libc-alpha@sourceware.org>,
        "linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
        "linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH v8 5/6] x86/signal: Detect and prevent an alternate signal
 stack overflow
Thread-Topic: [PATCH v8 5/6] x86/signal: Detect and prevent an alternate
 signal stack overflow
Thread-Index: AQHXNzOfB++Ln2WD/U+jOvjJUzWT2qrAORRg
Date:   Thu, 22 Apr 2021 08:46:14 +0000
Message-ID: <854d6aefdf604b559e37e82669b5e67f@AcuMS.aculab.com>
References: <20210422044856.27250-1-chang.seok.bae@intel.com>
 <20210422044856.27250-6-chang.seok.bae@intel.com>
In-Reply-To: <20210422044856.27250-6-chang.seok.bae@intel.com>
Accept-Language: en-GB, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.202.205.107]
MIME-Version: 1.0
Authentication-Results: relay.mimecast.com;
        auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: aculab.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Chang S. Bae
> Sent: 22 April 2021 05:49
> 
> The kernel pushes context on to the userspace stack to prepare for the
> user's signal handler. When the user has supplied an alternate signal
> stack, via sigaltstack(2), it is easy for the kernel to verify that the
> stack size is sufficient for the current hardware context.
> 
> Check if writing the hardware context to the alternate stack will exceed
> it's size. If yes, then instead of corrupting user-data and proceeding with
> the original signal handler, an immediate SIGSEGV signal is delivered.

What happens if SIGSEGV is caught?

> Refactor the stack pointer check code from on_sig_stack() and use the new
> helper.
> 
> While the kernel allows new source code to discover and use a sufficient
> alternate signal stack size, this check is still necessary to protect
> binaries with insufficient alternate signal stack size from data
> corruption.
...
> diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal.h
> index 3f6a0fcaa10c..ae60f838ebb9 100644
> --- a/include/linux/sched/signal.h
> +++ b/include/linux/sched/signal.h
> @@ -537,6 +537,17 @@ static inline int kill_cad_pid(int sig, int priv)
>  #define SEND_SIG_NOINFO ((struct kernel_siginfo *) 0)
>  #define SEND_SIG_PRIV	((struct kernel_siginfo *) 1)
> 
> +static inline int __on_sig_stack(unsigned long sp)
> +{
> +#ifdef CONFIG_STACK_GROWSUP
> +	return sp >= current->sas_ss_sp &&
> +		sp - current->sas_ss_sp < current->sas_ss_size;
> +#else
> +	return sp > current->sas_ss_sp &&
> +		sp - current->sas_ss_sp <= current->sas_ss_size;
> +#endif
> +}
> +

Those don't look different enough.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)