Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1783273pxb; Tue, 26 Oct 2021 16:04:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzZmWsgZgRw64Ehpzkoiji/x84BWeznG8jtjUCOD4p6Mux9HrA0KydU+CUuDBivsL1AtfRu X-Received: by 2002:aa7:8111:0:b0:47b:e311:cdae with SMTP id b17-20020aa78111000000b0047be311cdaemr20613463pfi.71.1635289463803; Tue, 26 Oct 2021 16:04:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635289463; cv=none; d=google.com; s=arc-20160816; b=zqabbE5QXot73XJjI3wd5sBvQ4VyYH/DiQSdgJL9aIK4uh1W9FltgU4ODVn9aEnnI3 2bVkvNteXI66djUVinOcvv6iY26RLDItiPMNDZsJehCVIhbl0OErBxMdF//FEzn2pdFe HruZGziFrg6f9s5YlGt9dxGGeFs5ZBAm10SDvu/zDoK9BSRx7hnEaJvoAm04vd2fhDeY g1xQv9lzN4X+jqTf+Euc8N9k1J7Tly91zK7+TweYTSx+Xg5yiNOpF2M7IepbzSbcS/zZ Ier/hqsqjKlnKFGfDiECxhY0OTFytQXqwGzqjn0EeOg7fFyCjp3Vjjp/4hV894iVbdH9 rE5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:references:in-reply-to:cc:subject :to:reply-to:sender:from:dkim-signature:dkim-signature:date; bh=hX+ud+iilBCpj28zSkg7J95MdecEcA3JVD1DgFnRKyk=; b=pwdRZ725k3rREjiLDTjtxCUp52cLmmXXvmVTCMHPQi72TTt6rghGLZfSxvZthr5EsY BF6Ak3uo8feB6R63HXavRuchKHQz10sUdcl3mA93NdsnIBsWTy7RfftihFGFOrRCtHhg NQhxpRnGUzv5l2rCCwi6AQD9/AufmJ7hRDENDg2prtUqSiMUW1bhX9nxpVDB468IQjVA H1qSOEqNdy4QoL7/j+Q/EItrwDXRCWXgLRTjI5DxYgglv9ime+wCrVf2wYacPnd/w134 GtQJCMI6vpKPFMIaGezWjzK9KEmAt/5g+IMj+P1k71NVXCr9fbY2hrzecxAakYAsb//M xvqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=gRHmdh2b; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=MvOd+0WS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a16si8329731plh.442.2021.10.26.16.04.08; Tue, 26 Oct 2021 16:04:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=gRHmdh2b; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=MvOd+0WS; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237678AbhJZQUN (ORCPT + 99 others); Tue, 26 Oct 2021 12:20:13 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:34684 "EHLO galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234765AbhJZQTP (ORCPT ); Tue, 26 Oct 2021 12:19:15 -0400 Date: Tue, 26 Oct 2021 16:16:49 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1635265010; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hX+ud+iilBCpj28zSkg7J95MdecEcA3JVD1DgFnRKyk=; b=gRHmdh2bHS1GOvxesoEQnE2ID9NMkLtPWlL0rf4lusodp00+woEQQAGeDQvJt34zvCKf1d Vwq7+TUlF1aQj6QClmEQ/HiwFOOZvac9aKn/UcZluzHwRApbHlLUKOirirJoFymOQ94rXl Jcttj2QEk7rBX6f7qbPVdGJrCRwscIXSW+FwijyKLQq9hWh/0tVG1ZvrlURfQ68EzjSwLI yEDwoGGDDnisgDiHb5t2neQQ1OWshpHaEy33gZU/m7QaVf+PjyG0SANpK8Yr1CV/TgeaMG y5hCm7b+GDMobQDJB0e5UPih0unv1ZQI74WsdjA00Yfvd4+snmZJArPtidydUg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1635265010; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hX+ud+iilBCpj28zSkg7J95MdecEcA3JVD1DgFnRKyk=; b=MvOd+0WS6UVVNfpnPjEoS2PQ2rmtXmindHwbbsnJowcnkrXijITpOttD+cZOGmMz4x5+Bd UrOoww3OiSJADjDA== From: "tip-bot2 for Thomas Gleixner" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/fpu] signal: Add an optional check for altstack size Cc: Thomas Gleixner , "Chang S. Bae" , Borislav Petkov , x86@kernel.org, linux-kernel@vger.kernel.org In-Reply-To: <20211021225527.10184-2-chang.seok.bae@intel.com> References: <20211021225527.10184-2-chang.seok.bae@intel.com> MIME-Version: 1.0 Message-ID: <163526500916.626.2226832710660820873.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The following commit has been merged into the x86/fpu branch of tip: Commit-ID: 1bdda24c4af64cd2d65dec5192ab624c5fee7ca0 Gitweb: https://git.kernel.org/tip/1bdda24c4af64cd2d65dec5192ab624c5fee7ca0 Author: Thomas Gleixner AuthorDate: Thu, 21 Oct 2021 15:55:05 -07:00 Committer: Borislav Petkov CommitterDate: Tue, 26 Oct 2021 10:15:12 +02:00 signal: Add an optional check for altstack size New x86 FPU features will be very large, requiring ~10k of stack in signal handlers. These new features require a new approach called "dynamic features". The kernel currently tries to ensure that altstacks are reasonably sized. Right now, on x86, sys_sigaltstack() requires a size of >=2k. However, that 2k is a constant. Simply raising that 2k requirement to >10k for the new features would break existing apps which have a compiled-in size of 2k. Instead of universally enforcing a larger stack, prohibit a process from using dynamic features without properly-sized altstacks. This must be enforced in two places: * A dynamic feature can not be enabled without an large-enough altstack for each process thread. * Once a dynamic feature is enabled, any request to install a too-small altstack will be rejected The dynamic feature enabling code must examine each thread in a process to ensure that the altstacks are large enough. Add a new lock (sigaltstack_lock()) to ensure that threads can not race and change their altstack after being examined. Add the infrastructure in form of a config option and provide empty stubs for architectures which do not need dynamic altstack size checks. This implementation will be fleshed out for x86 in a future patch called x86/arch_prctl: Add controls for dynamic XSTATE components [dhansen: commit message. ] Signed-off-by: Thomas Gleixner Signed-off-by: Chang S. Bae Signed-off-by: Borislav Petkov Link: https://lkml.kernel.org/r/20211021225527.10184-2-chang.seok.bae@intel.com --- arch/Kconfig | 3 +++ include/linux/signal.h | 6 ++++++ kernel/signal.c | 35 +++++++++++++++++++++++++++++------ 3 files changed, 38 insertions(+), 6 deletions(-) diff --git a/arch/Kconfig b/arch/Kconfig index 8df1c71..af5cf30 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -1288,6 +1288,9 @@ config ARCH_HAS_ELFCORE_COMPAT config ARCH_HAS_PARANOID_L1D_FLUSH bool +config DYNAMIC_SIGFRAME + bool + source "kernel/gcov/Kconfig" source "scripts/gcc-plugins/Kconfig" diff --git a/include/linux/signal.h b/include/linux/signal.h index 3f96a63..7d34105 100644 --- a/include/linux/signal.h +++ b/include/linux/signal.h @@ -464,6 +464,12 @@ int __save_altstack(stack_t __user *, unsigned long); unsafe_put_user(t->sas_ss_size, &__uss->ss_size, label); \ } while (0); +#ifdef CONFIG_DYNAMIC_SIGFRAME +bool sigaltstack_size_valid(size_t ss_size); +#else +static inline bool sigaltstack_size_valid(size_t size) { return true; } +#endif /* !CONFIG_DYNAMIC_SIGFRAME */ + #ifdef CONFIG_PROC_FS struct seq_file; extern void render_sigset_t(struct seq_file *, const char *, sigset_t *); diff --git a/kernel/signal.c b/kernel/signal.c index 952741f..9278f52 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -4151,11 +4151,29 @@ int do_sigaction(int sig, struct k_sigaction *act, struct k_sigaction *oact) return 0; } +#ifdef CONFIG_DYNAMIC_SIGFRAME +static inline void sigaltstack_lock(void) + __acquires(¤t->sighand->siglock) +{ + spin_lock_irq(¤t->sighand->siglock); +} + +static inline void sigaltstack_unlock(void) + __releases(¤t->sighand->siglock) +{ + spin_unlock_irq(¤t->sighand->siglock); +} +#else +static inline void sigaltstack_lock(void) { } +static inline void sigaltstack_unlock(void) { } +#endif + static int do_sigaltstack (const stack_t *ss, stack_t *oss, unsigned long sp, size_t min_ss_size) { struct task_struct *t = current; + int ret = 0; if (oss) { memset(oss, 0, sizeof(stack_t)); @@ -4179,19 +4197,24 @@ do_sigaltstack (const stack_t *ss, stack_t *oss, unsigned long sp, ss_mode != 0)) return -EINVAL; + sigaltstack_lock(); if (ss_mode == SS_DISABLE) { ss_size = 0; ss_sp = NULL; } else { if (unlikely(ss_size < min_ss_size)) - return -ENOMEM; + ret = -ENOMEM; + if (!sigaltstack_size_valid(ss_size)) + ret = -ENOMEM; } - - t->sas_ss_sp = (unsigned long) ss_sp; - t->sas_ss_size = ss_size; - t->sas_ss_flags = ss_flags; + if (!ret) { + t->sas_ss_sp = (unsigned long) ss_sp; + t->sas_ss_size = ss_size; + t->sas_ss_flags = ss_flags; + } + sigaltstack_unlock(); } - return 0; + return ret; } SYSCALL_DEFINE2(sigaltstack,const stack_t __user *,uss, stack_t __user *,uoss)