Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp580575pxb; Mon, 25 Oct 2021 14:13:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxeln8uBUyq6xdejrXgdIyXwyFJhOvaqMIYHXDIEoghPw/SVUCBWj98ExKm/TEbIRvJDL0Q X-Received: by 2002:a63:7341:: with SMTP id d1mr15217633pgn.294.1635196429563; Mon, 25 Oct 2021 14:13:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635196429; cv=none; d=google.com; s=arc-20160816; b=SouVeUyhDaLyWx1PPl4nUOZpbL66viZkT2HPO9TUbWUutwSigSuZC1J88jMUQVdDgw Z5E6gXnjZIJ2dS9Nb/dBeLBK5w+rAKUcC3s7AN4YUuWSjtcIfv9PgUVbqeJhZGsBpc2N GDuyM9exAsYEz31htvrWqXUXp29c5PLBdtHjs0sbkXYtq5NzC6ZKCVODNay99Pl/V6Eo zK2f86OVniEJ+HxnvXGpOvqb7NG0V8FW6aLE6PAbVkFfwaKOXog5tgV2vjen3o23jTsW OZXStox5hzktAVO2aXNbZmrU5yznWgzlyK/sTiBXm8W9sYTql/dSdBPjGO+7PFxp6fYk dKVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=YVX+3lzLvWhUn4tentelh/747tIk4zl+rRWtSWpc9Yk=; b=oMqkLue32KN8LyrCMvODgnsG3jXJUFyboBVl36aijy39ILKEcpkxndo0K5GR4dfaaX ldX4nfy1VpxkADgiJCTVXyO6C0S9tyBLqp9gmIfP6HBqNvVa3EUQOOjZiqCFY7ovhSqV EVOtQaO7ubxEuDjmhPNODWfM/khQkyAx2HVcyJvUC/+M6c2ZDENSOq9EHKFj4yTXyjcU P4B/A+uCJNag4V/zP0elDSX+kvmj9aTaw2CRLFAs/DqajxSK2MgE7GCk0OA9q6U5AkFu oootPnsk6q+Kf6HUF096MA3HO4pIbMyrXw8OkCJoAt1mrrHbgphLYuAOO5S6QSYPjxwM x4XA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=aQgz9Tv6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j10si12668285plc.299.2021.10.25.14.13.32; Mon, 25 Oct 2021 14:13:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=aQgz9Tv6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233922AbhJYVOq (ORCPT + 99 others); Mon, 25 Oct 2021 17:14:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48368 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230490AbhJYVOp (ORCPT ); Mon, 25 Oct 2021 17:14:45 -0400 Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C6C61C061745 for ; Mon, 25 Oct 2021 14:12:22 -0700 (PDT) Received: by mail-lf1-x12b.google.com with SMTP id bp15so14750289lfb.4 for ; Mon, 25 Oct 2021 14:12:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YVX+3lzLvWhUn4tentelh/747tIk4zl+rRWtSWpc9Yk=; b=aQgz9Tv6mpoE3tF3MaUnqcoIZTzd9NM67EmB21HgN8ByNXIhPpJTwMQIdse+uBCvM/ F0wjX2GSLWEyTKdsledeQGcf3ALxbdkQjFpv24RgLL5kI9ONayzSXg0GiAruZkeL4Mv5 m+VLxE02J/Zxm8OQiM46Uvgda5b858wHUBZVI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YVX+3lzLvWhUn4tentelh/747tIk4zl+rRWtSWpc9Yk=; b=Rp9hh3Smj0a6BvqLChdxLiwgiXbNMT4TResGIguGeUrgYXehbFF+b9lcP8JCv+UXQo NC3YqUWETHlh3Z2U2MrPQ+8T5Y1xXlG2sa2jq48bDy6Y2eYYhzXnpMJ8yz0vqpDyDBPv AqqomgvMDLc05ZT7yovg1/L9wU++mxEoF8l2t7E+vhMNrVxhhRlZYHwkGCmOOOPdjoKP LldkCoxMjAVxGL6w/et7S2CJqFh1UIWNvGPS5oitD3Nqf2hYs1knmbTiys+IIJVUdURn 48SceG9xdGv+pOcjJf8IqRMvipCE0YLqlQPZudeR7mhkhe8JOOEhEdtpQoo0EQDAyKaf yHsQ== X-Gm-Message-State: AOAM531ITeipGV4X4h5evQg1dbDcXaRkwHgtFcxHe9egJyUWlFuCK2jx v/2ibQ9RVjzBpW9i79vkeGfB51N0z0dUKdyy X-Received: by 2002:a05:6512:3501:: with SMTP id h1mr19080807lfs.446.1635196340697; Mon, 25 Oct 2021 14:12:20 -0700 (PDT) Received: from mail-lf1-f52.google.com (mail-lf1-f52.google.com. [209.85.167.52]) by smtp.gmail.com with ESMTPSA id r3sm1748679lfc.131.2021.10.25.14.12.19 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 25 Oct 2021 14:12:20 -0700 (PDT) Received: by mail-lf1-f52.google.com with SMTP id bp15so14750187lfb.4 for ; Mon, 25 Oct 2021 14:12:19 -0700 (PDT) X-Received: by 2002:a05:6512:3983:: with SMTP id j3mr11474965lfu.402.1635196339690; Mon, 25 Oct 2021 14:12:19 -0700 (PDT) MIME-Version: 1.0 References: <87y26nmwkb.fsf@disp2133> <20211020174406.17889-10-ebiederm@xmission.com> <875ytkygfj.fsf_-_@disp2133> In-Reply-To: <875ytkygfj.fsf_-_@disp2133> From: Linus Torvalds Date: Mon, 25 Oct 2021 14:12:03 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 10/32] signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved. To: "Eric W. Biederman" Cc: Andy Lutomirski , Linux Kernel Mailing List , linux-arch , Oleg Nesterov , Al Viro , Kees Cook , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "the arch/x86 maintainers" , H Peter Anvin Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 25, 2021 at 1:54 PM Eric W. Biederman wrote: > > Update save_v86_state to always complete all of it's work except > possibly some of the copies to userspace even if save_v86_state takes > a fault. This ensures that the kernel is always in a sane state, even > if userspace has done something silly. Well, honestly, with this change, you might as well replace the force_sigsegv() with just a plain "force_sig()", and make it something the process can catch. The only thing that "force_sigsgv()" does is to make SIGSEGV uncatchable. In contrast, a plain "force_sig()" just means that it can't be ignored - but it can be caught, and it is fatal only when not caught. And with the "always complete the non-vm86 state restore" part change, there's really no reason for it to not be caught. Of course, the other case (where we have no state information for the "enter vm86 mode" case) is still fatal, and is a "this should never happen". But the "cannot write to the vm86 save state" thing isn't technically fatal. It should even be possible to write a test for it: passing a read-only pointer to the vm86() system call. The vm86 entry will work (because it only reads the vm86 state from it), but then at vm86 exit, writing the state back will fail. Anybody? Linus