Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp16042lqb; Tue, 28 May 2024 07:44:11 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWsvHyW4jelffT0ldzZBqK3/L7WVgEvn+PveFWqhYLywDhFzd7pKEEVIoxwG4LVFpOf9GntZu0SAzQoLPwUNi5mXo9s7P5nHgarXpnuog== X-Google-Smtp-Source: AGHT+IGBFW1k2mSQRyrSEvb7Zf5sJlxdVjVuzr6eTf1lKQNdwIH3HU3NPtWZmBIBlH1c1UgZQCtD X-Received: by 2002:a17:906:3a98:b0:a63:31a5:44f3 with SMTP id a640c23a62f3a-a6331a5459emr179827966b.5.1716907451699; Tue, 28 May 2024 07:44:11 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716907451; cv=pass; d=google.com; s=arc-20160816; b=Z9y8qk8QGW6TxGD0UdfHSBqBJTv/24Cc2nSKr5rM/+xUlMnJnM/95lSh6pKGGVZS4x zrFuo9NbiJ6zRKuaQrn1PztTz1VGOkWz+zk8kK4XbjvmEdrmo6tUBSBfg2zIGZ6JSsfJ wbcv9UvKFx6Isui8KZ8oBDLVquAmas1vgyJYbDWIXJpKsaTv142guuT/2O8PzpItVsL9 ShH9iUO2t5QVwpW9lF2FcISj0p4QKutclHilzhRQUXUn0XhvRWiNYksqDHhZxd39w4de zC12R0ed7cYqJ2VMME8LHOCaVwkX7us2Du9E4HaQcnMv+9wh/vrlLq3Rpl9AcYnXCnD5 7liw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=H9cdt3lpPMrTDH2HH5AJwUAq5CiV1r3IfA2xEocJ7Ww=; fh=dYyTpsYHmQ7vAYGZ+0LZf7VVqc0FNLCxJisZgbW6Ak0=; b=atzkaX69KnKxqTxjg2FPhH/fr/CFxOinGn1EbOCwllDpfnIj9kAzvT1qvbwfWvTdRr Ag1LDJe+XUzC2Q7uyfCaqSqkIbZ5346/YCX5JCqp6goWoPB9iypiW7tZf0QqbdpAVXI6 pTgu2Rg92zbo5arlA7t8eM8lq5XSxRoyUnWnVP6j7Eah3f924p3DL29oRn8Sn5wNgX6b t/dd3p+wE+r6TXYrKykd65Dpq7lzQp4dL4R9yY2tesxYZHRlOzGPWWNbBw7YjKy0SaX7 E8vL97FByY+9eSnaEFm+ZG6elg2v/KYmaO9YEZDSxlw4x0OullddG9FPnYvzSFT5LThH 3WDQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=neutral (bad format) header.i=@oracle.com; arc=pass (i=1 spf=pass spfdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-kernel+bounces-192556-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192556-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a626cdd1c45si524732366b.998.2024.05.28.07.44.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 May 2024 07:44:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-192556-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=neutral (bad format) header.i=@oracle.com; arc=pass (i=1 spf=pass spfdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-kernel+bounces-192556-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-192556-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 49BA31F23AF7 for ; Tue, 28 May 2024 14:44:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 271A617085E; Tue, 28 May 2024 14:43:45 +0000 (UTC) Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5E3BB16F27E for ; Tue, 28 May 2024 14:43:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.165.32 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716907424; cv=none; b=Pfh3ws7sGP8/bJEZKqgAGk0xIgWEZ7t+Gs4l3DEjYAgmA3gf8R8pZESmdEXzNSTO4i0RW5jicLf1nfpyiTLL2gQV26ctMWVMSo7OcAe+/r5iluDTdub4ebdL2SKEH2M2UEa3FJH20JuGGl4uMOKtj1wFq+jS6jVGAA7ylIfXrN0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716907424; c=relaxed/simple; bh=xRBtbxLMzh49QddBZgDAH2CFH4T6i5yktzrkn+9i++U=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=cSdYfNzG8L9Q+Z7uyew0Gagzbr083/WU3lbuBWjDKrXfW4KzS+sEiBmffdwTp8PkB4T+RGPcXUnzgPP5+EGDwcjRH7yBh0iwFKYVklP2NFO1KjUDsuDps7F0tf/hY46knLoctx7gCM3Lj/ELfE+E92jg7LmxzlSjMnilaSC5g6U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; arc=none smtp.client-ip=205.220.165.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Received: from pps.filterd (m0246629.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 44SBorRU020154; Tue, 28 May 2024 14:43:35 GMT DKIM-Signature: =?UTF-8?Q?v=3D1;_a=3Drsa-sha256;_c=3Drelaxed/relaxed;_d=3Doracle.com;_h?= =?UTF-8?Q?=3Dcc:content-transfer-encoding:date:from:in-reply-to:message-i?= =?UTF-8?Q?d:mime-version:references:subject:to;_s=3Dcorp-2023-11-20;_bh?= =?UTF-8?Q?=3DH9cdt3lpPMrTDH2HH5AJwUAq5CiV1r3IfA2xEocJ7Ww=3D;_b=3DJwzg3JCm?= =?UTF-8?Q?W2MPH6QINpOLZrzmjW4ijeoRKZRmpvgf/SrBOG9po4kaxT4F/jnc+3IKGXRG_x6?= =?UTF-8?Q?EcerbojpTDHIXIYpbGLgLmx9ebQUOT95ob/QxlCCoaj738z0DDYUO2rh3GCfMnJ?= =?UTF-8?Q?+2k_NF3zwpPh7mc9WHNoPQ6WKQS04yhmjIHIVjTcQ680PACtqPHgRXvSNDPVIOI?= =?UTF-8?Q?yLKQFOcsv_r34D5Q34NJ2050TsS38Qc9o4b6XAmJHcRQDGhVcbGygMzgTiKq0ZO?= =?UTF-8?Q?5DtvzscztkBoAob_W3sucUaZ5gWXm1yshYeEMHNUawlC3cviX2G58ejkNcNn0zZ?= =?UTF-8?Q?xLezNE/raBei0qQF3XDtZ_Yw=3D=3D_?= Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3yb8p7meru-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 28 May 2024 14:43:34 +0000 Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 44SER3sU025784; Tue, 28 May 2024 14:43:34 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50py1j2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 28 May 2024 14:43:34 +0000 Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 44SEhW7r035350; Tue, 28 May 2024 14:43:33 GMT Received: from aruramak-dev.osdevelopmeniad.oraclevcn.com (aruramak-dev.allregionaliads.osdevelopmeniad.oraclevcn.com [100.100.253.155]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 3yc50py1g5-2; Tue, 28 May 2024 14:43:33 +0000 From: Aruna Ramakrishna To: linux-kernel@vger.kernel.org Cc: x86@kernel.org, dave.hansen@linux.intel.com, tglx@linutronix.de, mingo@kernel.org, keith.lucas@oracle.com, aruna.ramakrishna@oracle.com Subject: [PATCH v4 1/5] x86/pkeys: Add PKRU as a parameter in signal handling functions Date: Tue, 28 May 2024 14:43:27 +0000 Message-Id: <20240528144331.2758104-2-aruna.ramakrishna@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240528144331.2758104-1-aruna.ramakrishna@oracle.com> References: <20240528144331.2758104-1-aruna.ramakrishna@oracle.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.12.28.16 definitions=2024-05-28_10,2024-05-28_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 suspectscore=0 adultscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2405010000 definitions=main-2405280111 X-Proofpoint-ORIG-GUID: V89zxVvVeUVPybjM2IFzMjjOR7l6xC_2 X-Proofpoint-GUID: V89zxVvVeUVPybjM2IFzMjjOR7l6xC_2 Problem description: Let's assume there's a multithreaded application that runs untrusted user code. Each thread has its stack/code protected by a non-zero pkey, and the PKRU register is set up such that only that particular non-zero pkey is enabled. Each thread also sets up an alternate signal stack to handle signals, which is protected by pkey zero. The pkeys man page documents that the PKRU will be reset to init_pkru when the signal handler is invoked, which means that pkey zero access will be enabled. But this reset happens after the kernel attempts to push fpu state to the alternate stack, which is not (yet) accessible by the kernel, which leads to a new SIGSEGV being sent to the application, terminating it. Enabling both the non-zero pkey (for the thread) and pkey zero in userspace will not work for this use case. We cannot have the alt stack writeable by all - the rationale here is that the code running in that thread (using a non-zero pkey) is untrusted and should not have access to the alternate signal stack (that uses pkey zero), to prevent the return address of a function from being changed. The expectation is that kernel should be able to set up the alternate signal stack and deliver the signal to the application even if pkey zero is explicitly disabled by the application. The signal handler accessibility should not be dictated by whatever PKRU value the thread sets up. Solution: The PKRU register is managed by XSAVE, which means the sigframe contents must match the register contents - which is not the case here. We want the sigframe to contain the user-defined PKRU value (so that it is restored correctly from sigcontext) but the actual register must be reset to init_pkru so that the alt stack is accessible and the signal can be delivered to the application. It seems that the proper fix here would be to remove PKRU from the XSAVE framework and manage it separately, which is quite complicated. As a workaround, do this: orig_pkru = rdpkru(); wrpkru(orig_pkru & init_pkru_value); xsave_to_user_sigframe(); put_user(pkru_sigframe_addr, orig_pkru) This change is split over multiple patches. In preparation for writing PKRU to sigframe in a later patch, pass in PKRU as an additional parameter down the chain from handle_signal: setup_rt_frame() xxx_setup_rt_frame() get_sigframe() copy_fpstate_to_sigframe() copy_fpregs_to_sigframe() There are no functional changes in this patch. Signed-off-by: Aruna Ramakrishna --- arch/x86/include/asm/fpu/signal.h | 2 +- arch/x86/include/asm/sighandling.h | 10 +++++----- arch/x86/kernel/fpu/signal.c | 6 +++--- arch/x86/kernel/signal.c | 19 ++++++++++--------- arch/x86/kernel/signal_32.c | 8 ++++---- arch/x86/kernel/signal_64.c | 8 ++++---- 6 files changed, 27 insertions(+), 26 deletions(-) diff --git a/arch/x86/include/asm/fpu/signal.h b/arch/x86/include/asm/fpu/signal.h index 611fa41711af..eccc75bc9c4f 100644 --- a/arch/x86/include/asm/fpu/signal.h +++ b/arch/x86/include/asm/fpu/signal.h @@ -29,7 +29,7 @@ fpu__alloc_mathframe(unsigned long sp, int ia32_frame, unsigned long fpu__get_fpstate_size(void); -extern bool copy_fpstate_to_sigframe(void __user *buf, void __user *fp, int size); +extern bool copy_fpstate_to_sigframe(void __user *buf, void __user *fp, int size, u32 pkru); extern void fpu__clear_user_states(struct fpu *fpu); extern bool fpu__restore_sig(void __user *buf, int ia32_frame); diff --git a/arch/x86/include/asm/sighandling.h b/arch/x86/include/asm/sighandling.h index e770c4fc47f4..de458354a3ea 100644 --- a/arch/x86/include/asm/sighandling.h +++ b/arch/x86/include/asm/sighandling.h @@ -17,11 +17,11 @@ void signal_fault(struct pt_regs *regs, void __user *frame, char *where); void __user * get_sigframe(struct ksignal *ksig, struct pt_regs *regs, size_t frame_size, - void __user **fpstate); + void __user **fpstate, u32 pkru); -int ia32_setup_frame(struct ksignal *ksig, struct pt_regs *regs); -int ia32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs); -int x64_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs); -int x32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs); +int ia32_setup_frame(struct ksignal *ksig, struct pt_regs *regs, u32 pkru); +int ia32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs, u32 pkru); +int x64_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs, u32 pkru); +int x32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs, u32 pkru); #endif /* _ASM_X86_SIGHANDLING_H */ diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c index 247f2225aa9f..2b3b9e140dd4 100644 --- a/arch/x86/kernel/fpu/signal.c +++ b/arch/x86/kernel/fpu/signal.c @@ -156,7 +156,7 @@ static inline bool save_xstate_epilog(void __user *buf, int ia32_frame, return !err; } -static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf) +static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf, u32 pkru) { if (use_xsave()) return xsave_to_user_sigframe(buf); @@ -185,7 +185,7 @@ static inline int copy_fpregs_to_sigframe(struct xregs_state __user *buf) * For [f]xsave state, update the SW reserved fields in the [f]xsave frame * indicating the absence/presence of the extended state to the user. */ -bool copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size) +bool copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size, u32 pkru) { struct task_struct *tsk = current; struct fpstate *fpstate = tsk->thread.fpu.fpstate; @@ -228,7 +228,7 @@ bool copy_fpstate_to_sigframe(void __user *buf, void __user *buf_fx, int size) fpregs_restore_userregs(); pagefault_disable(); - ret = copy_fpregs_to_sigframe(buf_fx); + ret = copy_fpregs_to_sigframe(buf_fx, pkru); pagefault_enable(); fpregs_unlock(); diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c index 31b6f5dddfc2..94b894437327 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -74,7 +74,7 @@ static inline int is_x32_frame(struct ksignal *ksig) */ void __user * get_sigframe(struct ksignal *ksig, struct pt_regs *regs, size_t frame_size, - void __user **fpstate) + void __user **fpstate, u32 pkru) { struct k_sigaction *ka = &ksig->ka; int ia32_frame = is_ia32_frame(ksig); @@ -139,7 +139,7 @@ get_sigframe(struct ksignal *ksig, struct pt_regs *regs, size_t frame_size, } /* save i387 and extended state */ - if (!copy_fpstate_to_sigframe(*fpstate, (void __user *)buf_fx, math_size)) + if (!copy_fpstate_to_sigframe(*fpstate, (void __user *)buf_fx, math_size, pkru)) return (void __user *)-1L; return (void __user *)sp; @@ -206,7 +206,7 @@ unsigned long get_sigframe_size(void) } static int -setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) +setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs, u32 pkru) { /* Perform fixup for the pre-signal frame. */ rseq_signal_deliver(ksig, regs); @@ -214,21 +214,22 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) /* Set up the stack frame */ if (is_ia32_frame(ksig)) { if (ksig->ka.sa.sa_flags & SA_SIGINFO) - return ia32_setup_rt_frame(ksig, regs); + return ia32_setup_rt_frame(ksig, regs, pkru); else - return ia32_setup_frame(ksig, regs); + return ia32_setup_frame(ksig, regs, pkru); } else if (is_x32_frame(ksig)) { - return x32_setup_rt_frame(ksig, regs); + return x32_setup_rt_frame(ksig, regs, pkru); } else { - return x64_setup_rt_frame(ksig, regs); + return x64_setup_rt_frame(ksig, regs, pkru); } } static void handle_signal(struct ksignal *ksig, struct pt_regs *regs) { - bool stepping, failed; struct fpu *fpu = ¤t->thread.fpu; + u32 pkru = read_pkru(); + bool stepping, failed; if (v8086_mode(regs)) save_v86_state((struct kernel_vm86_regs *) regs, VM86_SIGNAL); @@ -264,7 +265,7 @@ handle_signal(struct ksignal *ksig, struct pt_regs *regs) if (stepping) user_disable_single_step(current); - failed = (setup_rt_frame(ksig, regs) < 0); + failed = (setup_rt_frame(ksig, regs, pkru) < 0); if (!failed) { /* * Clear the direction flag as per the ABI for function entry. diff --git a/arch/x86/kernel/signal_32.c b/arch/x86/kernel/signal_32.c index c12624bc82a3..68f2bfd7d6e7 100644 --- a/arch/x86/kernel/signal_32.c +++ b/arch/x86/kernel/signal_32.c @@ -228,7 +228,7 @@ do { \ goto label; \ } while(0) -int ia32_setup_frame(struct ksignal *ksig, struct pt_regs *regs) +int ia32_setup_frame(struct ksignal *ksig, struct pt_regs *regs, u32 pkru) { sigset32_t *set = (sigset32_t *) sigmask_to_save(); struct sigframe_ia32 __user *frame; @@ -246,7 +246,7 @@ int ia32_setup_frame(struct ksignal *ksig, struct pt_regs *regs) 0x80cd, /* int $0x80 */ }; - frame = get_sigframe(ksig, regs, sizeof(*frame), &fp); + frame = get_sigframe(ksig, regs, sizeof(*frame), &fp, pkru); if (ksig->ka.sa.sa_flags & SA_RESTORER) { restorer = ksig->ka.sa.sa_restorer; @@ -299,7 +299,7 @@ int ia32_setup_frame(struct ksignal *ksig, struct pt_regs *regs) return -EFAULT; } -int ia32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) +int ia32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs, u32 pkru) { sigset32_t *set = (sigset32_t *) sigmask_to_save(); struct rt_sigframe_ia32 __user *frame; @@ -319,7 +319,7 @@ int ia32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) 0, }; - frame = get_sigframe(ksig, regs, sizeof(*frame), &fp); + frame = get_sigframe(ksig, regs, sizeof(*frame), &fp, pkru); if (!user_access_begin(frame, sizeof(*frame))) return -EFAULT; diff --git a/arch/x86/kernel/signal_64.c b/arch/x86/kernel/signal_64.c index 23d8aaf8d9fd..6b189de005b5 100644 --- a/arch/x86/kernel/signal_64.c +++ b/arch/x86/kernel/signal_64.c @@ -161,7 +161,7 @@ static unsigned long frame_uc_flags(struct pt_regs *regs) return flags; } -int x64_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) +int x64_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs, u32 pkru) { sigset_t *set = sigmask_to_save(); struct rt_sigframe __user *frame; @@ -172,7 +172,7 @@ int x64_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) if (!(ksig->ka.sa.sa_flags & SA_RESTORER)) return -EFAULT; - frame = get_sigframe(ksig, regs, sizeof(struct rt_sigframe), &fp); + frame = get_sigframe(ksig, regs, sizeof(struct rt_sigframe), &fp, pkru); uc_flags = frame_uc_flags(regs); if (!user_access_begin(frame, sizeof(*frame))) @@ -300,7 +300,7 @@ int copy_siginfo_to_user32(struct compat_siginfo __user *to, return __copy_siginfo_to_user32(to, from); } -int x32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) +int x32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs, u32 pkru) { compat_sigset_t *set = (compat_sigset_t *) sigmask_to_save(); struct rt_sigframe_x32 __user *frame; @@ -311,7 +311,7 @@ int x32_setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) if (!(ksig->ka.sa.sa_flags & SA_RESTORER)) return -EFAULT; - frame = get_sigframe(ksig, regs, sizeof(*frame), &fp); + frame = get_sigframe(ksig, regs, sizeof(*frame), &fp, pkru); uc_flags = frame_uc_flags(regs); -- 2.39.3