Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5023542pxj; Tue, 22 Jun 2021 13:21:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwBIRc72TiA4G0WAHWXtjuDJJOxhCsHpGXF9HvGUOOfKVqcRkxNyb0ekeoH22wHoZdV5O2g X-Received: by 2002:a5d:87c4:: with SMTP id q4mr4050320ios.141.1624393261246; Tue, 22 Jun 2021 13:21:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624393261; cv=none; d=google.com; s=arc-20160816; b=VyN23FKwp+bbvYXnAkISfSwSz8qdyH2yEn/zi5lJVWl+NrwusU5fa7/0XSFz6E59gp 8TAj2Tx/MAYL8uIX5OKlYsS3MfB+5mCqYUPBNuC9eWMgSttn9YRw9v9yHQuRiZBdxaUZ cOo1y/p82EY9s6Krlw5RmKdHRsjEOSqv0TweJNfvnRYkNqHzuOSQyS7AowTRFFb8I691 12MVv89WdfVcWdxaHMNh8RNGF4vvBvhMbbf7Pt/oDSRhLi9yvB7VtcxJv9mM6O8EGdfv FnZJzDdbrxyir8rzAL0CnTQibYgocn+PGZQOyqYSS51Z+elcRiEK0Wc/QoSEqjUyGzmR pUoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=ovEQ7FoDVgapYfuOnmglgDdv+z4xMPtDKRy3yaP/4rw=; b=BEDZh7fkkcx8s5LYdj5OFb0s4ks1ZNlj+4zh0TY5gzWe04BmhZoGcw82vzGHAupswf b9ZDfSOmh14vDFmPPKa7WYqZ8Yh/O92QLH0m/1nNDp09aZEUqiiml/YDTjVfdRwzUsl/ WMHbk7l3z/qfGGxIhPUSG0iUdlRAeqa1l3rguIhCagh/nVqNhf83ErEVuf2Q7f+BI1rY rn+TWXY6lHcPKcBSVW3KrpV3kHw0Njavvvbmi1+gMFgqOiVtmpqgr2f4CbGpV4e0xl7j h/HDfR3IIo+4+eOtgvQBZn5EQGV4j/mzW5rf+BeVC6zkBpboFtKiZMz6ip9tiEREd4J3 Lksw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y5si19533903ilu.5.2021.06.22.13.20.48; Tue, 22 Jun 2021 13:21:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229794AbhFVUVZ (ORCPT + 99 others); Tue, 22 Jun 2021 16:21:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41364 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229567AbhFVUVZ (ORCPT ); Tue, 22 Jun 2021 16:21:25 -0400 Received: from zeniv-ca.linux.org.uk (zeniv-ca.linux.org.uk [IPv6:2607:5300:60:148a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0737DC061574; Tue, 22 Jun 2021 13:19:09 -0700 (PDT) Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94.2 #2 (Red Hat Linux)) id 1lvmrH-00BHkC-6N; Tue, 22 Jun 2021 20:18:55 +0000 Date: Tue, 22 Jun 2021 20:18:55 +0000 From: Al Viro To: Michael Schmitz Cc: Linus Torvalds , "Eric W. Biederman" , linux-arch , Jens Axboe , Oleg Nesterov , Linux Kernel Mailing List , Richard Henderson , Ivan Kokshaysky , Matt Turner , alpha , Geert Uytterhoeven , linux-m68k , Arnd Bergmann , Tejun Heo , Kees Cook , Tetsuo Handa , Andreas Schwab Subject: Re: Kernel stack read with PTRACE_EVENT_EXIT and io_uring threads Message-ID: References: <87eed4v2dc.fsf@disp2133> <5929e116-fa61-b211-342a-c706dcb834ca@gmail.com> <87fsxjorgs.fsf@disp2133> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: Al Viro Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 23, 2021 at 08:04:11AM +1200, Michael Schmitz wrote: > All syscalls that _do_ save the switch stack are currently called through > wrappers which pull the syscall arguments out of the saved pt_regs on the > stack (pushing the switch stack after the SAVE_ALL saved stuff buries the > syscall arguments on the stack, see comment about m68k_clone(). We'd have to > push the switch stack _first_ when entering system_call to leave the syscall > arguments in place, but that will require further changes to the syscall > exit path (currently shared with the interrupt exit path). Not to mention > the register offset calculations in arch/m68k/kernel/ptrace.c, and perhaps a > few other dependencies that don't come to mind immediately. > > We have both pt_regs and switch_stack in uapi/asm/ptrace.h, but the ordering > of the two is only mentioned in a comment. Can we reorder them on the stack, > as long as we don't change the struct definitions proper? > > This will take a little more time to work out and test - certainly not > before the weekend. I'll send a corrected version of my debug patch before > that. This is insane, *especially* on m68k where you have the mess with different frame layouts and associated ->stkadj crap (see mangle_kernel_stack() for the (very) full barfbag).