Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
IronPort-SDR: q+5ck90r3hzpehbfPhcMIHvkq3I8WzncprcLsh8c8zXFOQQGA/5c+eWJrgwbXOXvSXZDKBcjvd
 UlM3Ki5NwL1g==
IronPort-SDR: sYxX/8uItS7xyvUr8JfpdoITo4dIFvVyLDb3ZfUcOfOIByx+OmyFkMqW/+VlXp8w3PXDUwbmZY
 AiKZGvR1ZgLg==
From:   "Bae, Chang Seok" <chang.seok.bae@intel.com>
To:     David Laight <David.Laight@ACULAB.COM>
CC:     "bp@suse.de" <bp@suse.de>,
        "tglx@linutronix.de" <tglx@linutronix.de>,
        "mingo@kernel.org" <mingo@kernel.org>,
        "luto@kernel.org" <luto@kernel.org>,
        "x86@kernel.org" <x86@kernel.org>,
        "Brown, Len" <len.brown@intel.com>,
        "Hansen, Dave" <dave.hansen@intel.com>,
        "hjl.tools@gmail.com" <hjl.tools@gmail.com>,
        "Dave.Martin@arm.com" <Dave.Martin@arm.com>,
        "jannh@google.com" <jannh@google.com>,
        "mpe@ellerman.id.au" <mpe@ellerman.id.au>,
        "carlos@redhat.com" <carlos@redhat.com>,
        "Luck, Tony" <tony.luck@intel.com>,
        "Shankar, Ravi V" <ravi.v.shankar@intel.com>,
        "libc-alpha@sourceware.org" <libc-alpha@sourceware.org>,
        "linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
        "linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v8 5/6] x86/signal: Detect and prevent an alternate signal
 stack overflow
Thread-Topic: [PATCH v8 5/6] x86/signal: Detect and prevent an alternate
 signal stack overflow
Thread-Index: AQHXNzOQXxUM6Mub30elxTKCBjQG3arAOYAAgACB+ICAAFz1gIAoyMgA
Date:   Tue, 18 May 2021 20:53:18 +0000
Message-ID: <8933FF62-4AE9-44E7-8A05-ACA5A91BBE28@intel.com>
References: <20210422044856.27250-1-chang.seok.bae@intel.com>
 <20210422044856.27250-6-chang.seok.bae@intel.com>
 <854d6aefdf604b559e37e82669b5e67f@AcuMS.aculab.com>
 <9C452E66-0C41-462B-9971-56825444AD65@intel.com>
 <1955da4c211f4d4fbbf74a6b8bdae0f6@AcuMS.aculab.com>
In-Reply-To: <1955da4c211f4d4fbbf74a6b8bdae0f6@AcuMS.aculab.com>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-ID: <33F9D2DE9AE84348923B5B12F8D7DC0F@namprd11.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: ea27a03d-8821-413e-f40a-08d91a3ef714
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2021 20:53:18.3493
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: lFBHYrWCT3KwCIK5GJDLSEL7Q8gZh1xAj6bjr5ga7C4WkAl95ud7lU9U+u3auE8cIGhWzBJimtfPEHVz9+L2s8KKHiyEZIri+QbnB8CDczI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5030
X-OriginatorOrg: intel.com
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Apr 22, 2021, at 15:04, David Laight <David.Laight@ACULAB.COM> wrote:
> From: Bae, Chang Seok Sent: 22 April 2021 17:31
>>=20
>> On Apr 22, 2021, at 01:46, David Laight <David.Laight@ACULAB.COM> wrote:
>>> From: Chang S. Bae Sent: 22 April 2021 05:49
>>>>=20
>>>>=20
>>>> diff --git a/include/linux/sched/signal.h b/include/linux/sched/signal=
.h
>>>> index 3f6a0fcaa10c..ae60f838ebb9 100644
>>>> --- a/include/linux/sched/signal.h
>>>> +++ b/include/linux/sched/signal.h
>>>> @@ -537,6 +537,17 @@ static inline int kill_cad_pid(int sig, int priv)
>>>> #define SEND_SIG_NOINFO ((struct kernel_siginfo *) 0)
>>>> #define SEND_SIG_PRIV	((struct kernel_siginfo *) 1)
>>>>=20
>>>> +static inline int __on_sig_stack(unsigned long sp)
>>>> +{
>>>> +#ifdef CONFIG_STACK_GROWSUP
>>>> +	return sp >=3D current->sas_ss_sp &&
>>>> +		sp - current->sas_ss_sp < current->sas_ss_size;
>>>> +#else
>>>> +	return sp > current->sas_ss_sp &&
>>>> +		sp - current->sas_ss_sp <=3D current->sas_ss_size;
>>>> +#endif
>>>> +}
>>>> +
>>>=20
>>> Those don't look different enough.
>>=20
>> The difference is on the SS_AUTODISARM flag check.  This refactoring was
>> suggested as on_sig_stack() brought confusion [3].
>=20
> I was just confused by the #ifdef.
> Whether %sp points to the last item or the next space is actually
> independent of the stack direction.
> A stack might usually use pre-decrement and post-increment but it
> doesn't have to.
> The stack pointer can't be right at one end of the alt-stack
> area (because that is the address you'd use when you switch to it),
> and if you are any where near the other end you are hosed.
> So a common test:
> 	return (unsigned long)(sp - current->sas_ss_sp) < current->sas_ss_size;
> will always work.
>=20
> It isn't as though the stack pointer should be anywhere else
> other than the 'real' thread stack.

Thanks for the suggestion. Yes, this hunk can be made better like that. But=
 I
would make this change as pure refactoring. Perhaps, follow up after this
series.

Chang