Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp1365680pxv; Fri, 2 Jul 2021 01:53:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyfE+wTQWLiX6XwQPIvNf70NMJFk1ZMGdqR29zQ0BDm+DRV+b5WeR7au8WixskKhcc8HNHQ X-Received: by 2002:aa7:dc01:: with SMTP id b1mr5240592edu.239.1625215998058; Fri, 02 Jul 2021 01:53:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625215998; cv=none; d=google.com; s=arc-20160816; b=gUdTsmZ/fbq88WYiuiVDEjY/6yG07Kh6lqi/GkTLRxedt1xy5QMbaqYkP6hm6Z0kaN XbcbHDedZDXEsxTY/rAZ93FvjY/y1cxFcXgY1ybo5kTx8J5N2AHT03Ur5AXdjkC1OnS4 izuGAlBz4IVmgdITleCyVb515wXovT7Hfog+Pe1qXHsAHEbDRfISrGyqxmi/JDMLqCmR U6Wa/jpDamdOhhtCa5JhiO4ViWC3NT115uA9S86wiTY0eSM6z4lBHfn4APjKnxFjT6hP jaBCdQXpd6fPDa2TIxuGBJppeClnlKWTDRspM78HOYPnzCI+BCdZcVe6gIjyDAUcTdPE oGSQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=8Oc8KMkpBYdZMwI+ReRnPMa1xDeaaOBuU3aOqlFtbqE=; b=y8VxR3cO7Il1YJYTQ6jFcJv08409dl/1zuFGGTXtWL2CI5VAcbX9B5Gl9k5kkJJWtQ NTVsJPYCbtKw8T9QPzZuhBnaW6o3FkPo1IkwchiaQSRtfSXS+7OadoHe1MDVEVS80F4b 7lNlKPe6VDs7nyrjR9dQKKbfXN7cSGcbsAPQ1l8Za8E1l0Tibvx/V8BNzXy/imEt9tct H3V11upnyQncr82ESn62lhSH+D1RBEihZ3ypyPCn8b1FvpARt95QT1FO8yVUgsQcLtc9 FZvE/0hyBATTaUb15X3GWZVtgx1wvO/kYtQTxp04oayMXnacBn33WpPxykOivygSP3h+ kToQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=FddeFFaC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 5si2540118ejh.625.2021.07.02.01.52.54; Fri, 02 Jul 2021 01:53:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=FddeFFaC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231159AbhGBIyN (ORCPT + 99 others); Fri, 2 Jul 2021 04:54:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50622 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230442AbhGBIyN (ORCPT ); Fri, 2 Jul 2021 04:54:13 -0400 Received: from desiato.infradead.org (desiato.infradead.org [IPv6:2001:8b0:10b:1:d65d:64ff:fe57:4e05]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B636DC061762; Fri, 2 Jul 2021 01:51:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=8Oc8KMkpBYdZMwI+ReRnPMa1xDeaaOBuU3aOqlFtbqE=; b=FddeFFaCwTroJyXgl761K7vVQM 5Ouerg33itrAWShIDF2owiSiFj+fseQg1bYnxrdzfcpTbhiLpz/Tgms8eianoblMc33f/xF6uy8c0 4UwULb0AeFmRYZBxOGAtjnn4qHjbeUiPIg5OmU2PFySngMTiDZOW1pA9uM5B/CQXZrcDWtkPPQ40J 5NDmCOH8zSnznBrLJSs4jJhT9oQjv3C3rNeqfkvutjgzmMBJCJfHXLis6STF88JY7h1HurjHALyEu a+HF+3FV9A6cMrerRjAoKTKAMAuQpVYU9es6hokcfcn7hHrI5KYis86S0m5O7vwxu/AbceWAPa0K0 q/77vkiw==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1lzEtH-00Domh-Js; Fri, 02 Jul 2021 08:51:15 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id 966CB30007E; Fri, 2 Jul 2021 10:51:13 +0200 (CEST) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 34EC52DD2261F; Fri, 2 Jul 2021 10:51:13 +0200 (CEST) Date: Fri, 2 Jul 2021 10:51:13 +0200 From: Peter Zijlstra To: Andrei Vagin Cc: linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-um@lists.infradead.org, criu@openvz.org, avagin@google.com, Andrew Morton , Andy Lutomirski , Anton Ivanov , Christian Brauner , Dmitry Safonov <0x7f454c46@gmail.com>, Ingo Molnar , Jeff Dike , Mike Rapoport , Michael Kerrisk , Oleg Nesterov , Richard Weinberger , Thomas Gleixner Subject: Re: [PATCH 2/4] arch/x86: implement the process_vm_exec syscall Message-ID: References: <20210414055217.543246-1-avagin@gmail.com> <20210414055217.543246-3-avagin@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210414055217.543246-3-avagin@gmail.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I'm terrified of all of this... On Tue, Apr 13, 2021 at 10:52:15PM -0700, Andrei Vagin wrote: > +long swap_vm_exec_context(struct sigcontext __user *uctx) > +{ > + struct sigcontext ctx = {}; > + sigset_t set = {}; > + > + > + if (copy_from_user(&ctx, uctx, CONTEXT_COPY_SIZE)) > + return -EFAULT; > + /* A floating point state is managed from user-space. */ > + if (ctx.fpstate != 0) > + return -EINVAL; > + if (!user_access_begin(uctx, sizeof(*uctx))) > + return -EFAULT; > + unsafe_put_sigcontext(uctx, NULL, current_pt_regs(), (&set), Efault); > + user_access_end(); But here you save the sigcontext without FPU state. > + > + if (__restore_sigcontext(current_pt_regs(), &ctx, 0)) > + goto badframe; And here you restore sigcontext, *with* FPU state. At which point your FPU state is irrecoverably lost. Also, I'm not at all convinced this can ever do the right thing when the tasks don't agree on what the FPU state is. I suppose in the best case the save will EFAULT. > + > + return 0; > +Efault: > + user_access_end(); > +badframe: > + signal_fault(current_pt_regs(), uctx, "swap_vm_exec_context"); > + return -EFAULT; > +}