Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp841858pxb; Mon, 25 Oct 2021 20:20:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwlMd+zzgx2tIET/SYHqHGe4I60DwoGKWd88UnJopos5p6eZGjNSsnccmnGXH3plFyFiJLq X-Received: by 2002:aa7:de12:: with SMTP id h18mr20133328edv.109.1635218442047; Mon, 25 Oct 2021 20:20:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635218442; cv=none; d=google.com; s=arc-20160816; b=Eslh6HXZRXGHqyOP8CKyAKDhJ05vTs8XWstARF+g6dwBwJfhmeRF2wKmLs7iIYnsc2 mBawPWfsUCtvduBBFCH3zpiOxBGTWJH1AIChOmGgNKEzjWxPPoPM5ASpKxCUYjJikyAn aoaK8CJtcoDz+z1bSkYUfAkXY9EXbXz9Gm70ByVZVSWdJqjNAg+gVRBeYwbP6IYA3cGr HcDX8T6I40mZ5RpEYnxk5W/MCmr1GIZ7LY/kulpeN2FNW9TQZJkKkerrsxerB+rNNCir SMF4hwuiMUOKwye+ajg+ARXw3L4vGgZPdW0xQkglzrPrbPEZ4uusBCz9dHiMkBEVTRIX 82vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=VPDfwDoASh6gAt3dTueRf0PEqHtCNlU8x3H2SBa8PO4=; b=BhMCbLbc8p5Bkzn2qVA2uUWSQJ3S8uPrujpWGm8rtDBD+m+NoPOa4ewjlvK00kv2Fh 1hJn7N1ZcIXmzRQJUjLEtc/RMyalrDWXPNgODaCGkjd7d542OwJ2GiXmN8pKx6Shy0T8 EJ3P2RyPb1JB3aBD8HjC7XKvDS/yDRM8oF7pIZP5pX3H56oLtyA2Wfx2E+R143IxndtK bBLH3ycl2PRiKVTAqQw0xvOMH8afpTzZ1MIrrLOxyvdBNECffHIWYFfxsMPyFkehlWDh wBa5DEnmhbfkM1zRqtSpGQuA6NINIngHuFlnrgDBLLmh0t4egZjdMJTc/afSdihBEQiX a+Kw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=VfI8DkON; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e19si22649495ejs.586.2021.10.25.20.20.17; Mon, 25 Oct 2021 20:20:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=VfI8DkON; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234813AbhJYXsm (ORCPT + 99 others); Mon, 25 Oct 2021 19:48:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55140 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231536AbhJYXsl (ORCPT ); Mon, 25 Oct 2021 19:48:41 -0400 Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53AFAC061745 for ; Mon, 25 Oct 2021 16:46:18 -0700 (PDT) Received: by mail-lj1-x233.google.com with SMTP id o26so16443179ljj.2 for ; Mon, 25 Oct 2021 16:46:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VPDfwDoASh6gAt3dTueRf0PEqHtCNlU8x3H2SBa8PO4=; b=VfI8DkON3Tp1Fy/ofZHy+9jJbXoEWslhCEpoyPUBV0DwrRu9leXOH8yO3qbMa8LdhO eiUBtfuN+svqTIJpFzlFvTHE08JfxYnG5ajgah9TKaME07JJqGYzwD5d+WrXn3J/9Qbk aJK7XBlwJWrID+d8Uo2ITEIDrOP5ddtY/6OVU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VPDfwDoASh6gAt3dTueRf0PEqHtCNlU8x3H2SBa8PO4=; b=qxwLi/RfKU7hn+vCvskLJnnWOa9L1MtvI8bhTZmc9oOA1dB/gRq8PTLciuwfnsdDpX affoBbvjo5AN3jIT/pSKkwzCnFJr4nordL5Mr3Fxq5DGxgemoPkQXcXVqxCBwKwUaEOl iQ9/sKMN9Vjvh1kdC0UWx2V7z46moj3/ZllEeYPRoImt+42FC0Brpismm/kFRxam5PfO S8CZxTMSpHF4CAj6oOIqfrWAzD50Kkpr/bdD4a1reQ2kSYjCMTbrJtovxID2c/ytYB4w d7RMTTjuheD0bxdJSBTGqc/ioEQD3GM0C0KcURaFbP9+q+EIMmH4VxOUORBrObYMZLxS 1mpg== X-Gm-Message-State: AOAM531R4psOS/uBXURLrJmJjL1zaXvQupz97OErS4/osfHSdzUTp9dY W0IntANScjSTpb6eQNoSweOq3baip+9hPg== X-Received: by 2002:a2e:6c0c:: with SMTP id h12mr22418112ljc.361.1635205576060; Mon, 25 Oct 2021 16:46:16 -0700 (PDT) Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com. [209.85.167.42]) by smtp.gmail.com with ESMTPSA id c1sm1840955ljf.12.2021.10.25.16.46.15 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 25 Oct 2021 16:46:15 -0700 (PDT) Received: by mail-lf1-f42.google.com with SMTP id j2so129501lfg.3 for ; Mon, 25 Oct 2021 16:46:15 -0700 (PDT) X-Received: by 2002:a05:6512:10d0:: with SMTP id k16mr20142390lfg.150.1635205574900; Mon, 25 Oct 2021 16:46:14 -0700 (PDT) MIME-Version: 1.0 References: <87y26nmwkb.fsf@disp2133> <20211020174406.17889-10-ebiederm@xmission.com> <875ytkygfj.fsf_-_@disp2133> <4b203254-a333-77b1-0fa9-75c11fabac36@kernel.org> In-Reply-To: <4b203254-a333-77b1-0fa9-75c11fabac36@kernel.org> From: Linus Torvalds Date: Mon, 25 Oct 2021 16:45:59 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 10/32] signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved. To: Andy Lutomirski Cc: "Eric W. Biederman" , Linux Kernel Mailing List , linux-arch , Oleg Nesterov , Al Viro , Kees Cook , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "the arch/x86 maintainers" , H Peter Anvin Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 25, 2021 at 3:25 PM Andy Lutomirski wrote: > > I think the result would be nicer if, instead of adding an extra goto, > you just literally moved all the cleanup under the unsafe_put_user()s > above them. Unless I missed something, none of the put_user stuff reads > any state that is written by the cleanup code. Sure it does: memcpy(®s->pt, &vm86->regs32, sizeof(struct pt_regs)); is very much part of the cleanup code, and overwrites that regs->pt thing. Which is exactly what we're writing back to user space in that unsafe_put_user() thing. That said, thinking more about this, and looking at it again, I take back my statement that we could just make it a catchable SIGSEGV instead. If we can't write the vm86 state to user space, we will have fundamentally lost it, and while it's not fatal to the kernel, and while we've recovered the original 32-bit state, it's not something that user space can sanely recover from because the register state at the end of the vm86 work has now been irrecoverably thrown away. So I think Eric's patch is fine. Except, as mentioned as part of the other patch, the "force_sigsegv()" conversion to use "force_fatal_sig()" was broken, because that function wasn't actually fatal at all. Linus