lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 12 Aug 2015 13:47:42 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Stas Sergeev <stsp@...t.ru>
Cc:	X86 ML <x86@...nel.org>,
	Linux kernel <linux-kernel@...r.kernel.org>
Subject: Re: [regression] x86/signal/64: Fix SS handling for signals delivered
 to 64-bit programs breaks dosemu

On Wed, Aug 12, 2015 at 1:45 PM, Stas Sergeev <stsp@...t.ru> wrote:
> 12.08.2015 23:28, Andy Lutomirski пишет:
>
>> On Wed, Aug 12, 2015 at 1:14 PM, Stas Sergeev <stsp@...t.ru> wrote:
>>>
>>> 12.08.2015 23:01, Andy Lutomirski пишет:
>>>>
>>>> On Wed, Aug 12, 2015 at 12:55 PM, Stas Sergeev <stsp@...t.ru> wrote:
>>>>>
>>>>> 12.08.2015 22:20, Andy Lutomirski пишет:
>>>>>>
>>>>>> current kernels, it stays switched.  If we change this, it won't stay
>>>>>> switched.  Even ignoring old ABI, it's not really clear to me what the
>>>>>> right thing to do is.
>>>>>
>>>>> There can be the following cases:
>>>>> - switch_userspace_thread() switches fs to non-zero selector
>>>>> - switch_userspace_thread() switches the fs base via syscall
>>>>> - switch_userspace_thread() switches fs in sigcontext
>>>>> - switch_userspace_thread() switches fs_base in sigcontext (???)
>>>>> What exactly case do you have in mind?
>>>>> I'd say, the way x86_32 is doing things - is good, but the
>>>>> bases... perhaps, in ideal world, they should be a part of
>>>>> the sigcontext as well?
>>>>
>>>> Any of the above.  What do you want the kernel to do, and how does the
>>>> kernel know you want to do that?  The kernel has to pick *some*
>>>> semantics here.
>>>
>>> Assuming the bases are made the part of a sigcontext,
>>> I'd say there would be no ambiguities remained at all:
>>> whatever you change in a sigcontext, will be "applied" by
>>> the sigreturn(). Whatever you put in the registers
>>> (either segregs or MSRs), is valid until sigreturn(), then
>>> forgotten forever.
>>> The mess only comes in when some things are part of
>>> sigcontext and some are not. But if you have _all_ things
>>> accessable in sigcontext, then the user has a way of expressing
>>> his needs very clearly: he'll either touch sigcontext or direct
>>> values, depending on what he need.
>>>
>>> Is this right?
>>
>> Maybe, except that doing this might break existing code (Wine and Java
>> come to mind).  I'm not really sure.
>
> Yes, but that's why I was talking about some new
> flag. Maybe a new sigaction() flag? Or something else that
> will allow the user to request explicitly the new handling
> where the things are all switched by the kernel. Then
> the old programs that don't use that flag, will remain
> unaffected. I realize this may be a lot of work... But please
> note that there will be no more a chance like this one,
> when things are already badly broken. :)

I think that, with my patch, we get the best of both worlds.  We keep
the old behavior in cases where it would work, and we switch to the
new behavior in cases where the old behavior would result in killing
the task.

>
>> Anyway, can you give this and its parent a try:
>>
>>
>> https://git.kernel.org/cgit/linux/kernel/git/luto/linux.git/commit/?h=x86/sigcontext&id=83a08d8c3f43c5524ffc0d88c0eff747716696f5
>>
>> If they fix the problem for you, I'll improve the test cases and send
>> them to -stable.
>
> :(
> Doesn't look pretty at all.
> Of course I'll test it if you can't think of any alternative,
> but do you really think explicitly requesting a new interface
> will not be possible, and we'll have to live with work-arounds
> and new problems like in the gcc tracker popping up once in
> a while?

I think that explicitly asking for the new behavior would just make it uglier.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists