| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56AF955D.7060601@list.ru>
Date: Mon, 1 Feb 2016 20:26:53 +0300
From: Stas Sergeev <stsp@...t.ru>
To: Oleg Nesterov <oleg@...hat.com>
Cc: Linux kernel <linux-kernel@...r.kernel.org>,
linux-api@...r.kernel.org, Andy Lutomirski <luto@...capital.net>,
Ingo Molnar <mingo@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Amanieu d'Antras <amanieu@...il.com>,
Richard Weinberger <richard@....at>, Tejun Heo <tj@...nel.org>,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
Jason Low <jason.low2@...com>,
Heinrich Schuchardt <xypron.glpk@....de>,
Andrea Arcangeli <aarcange@...hat.com>,
Konstantin Khlebnikov <khlebnikov@...dex-team.ru>,
Josh Triplett <josh@...htriplett.org>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Aleksa Sarai <cyphar@...har.com>,
Paul Moore <pmoore@...hat.com>,
Palmer Dabbelt <palmer@...belt.com>,
Vladimir Davydov <vdavydov@...allels.com>
Subject: Re: [PATCH 4/4] sigaltstack: allow disabling and re-enabling sas
within sighandler
01.02.2016 20:09, Oleg Nesterov пишет:
> On 02/01, Oleg Nesterov wrote:
>>> + onsigstack = on_sig_stack(sp);
>>> + if (ss_size == 0) {
>>> + switch (ss_flags) {
>>> + case 0:
>>> + error = -EPERM;
>>> + if (onsigstack)
>>> + goto out;
>>> + current->sas_ss_sp = 0;
>>> + current->sas_ss_size = 0;
>>> + current->sas_ss_flags = SS_DISABLE;
>>> + break;
>>> + case SS_ONSTACK:
>>> + /* re-enable previously disabled sas */
>>> + error = -EINVAL;
>>> + if (current->sas_ss_size == 0)
>>> + goto out;
>>> + break;
>>> + default:
>>> + break;
>>> + }
>> and iiuc the "default" case allows you to write SS_DISABLE into ->sas_ss_flags
>> even if on_sig_stack().
>>
>> So the sequence is
>>
>> // running on alt stack
>>
>> sigaltstack(SS_DISABLE);
>>
>> temporary_run_on_another_stack();
>>
>> sigaltstack(SS_ONSTACK);
>>
>> and SS_DISABLE saves us from another SA_ONSTACK signal, right?
>>
>> But afaics it can only help after we change the stack. Suppose that SA_ONSTACK signal
>> comess before temporary_run_on_another_stack(). get_sigframe() should be fine after
>> your changes (afaics), it won't pick the alt stack after SS_DISABLE.
>>
>> However, unless I missed something save_altstack_ex() will record SS_ONSTACK in
>> uc_stack->ss_flags, and after return from signal handler restore_altstack() will
>> enable alt stack again?
> OK, I didn't notice you modified save_altstack_ex() to use ->sas_ss_flags instead
> of sas_ss_flags()... still doesn't look right, in this case restore_altstack() will
> not restore sas_ss_size/sas_ss_sp and they can be changed by signal handler.
How?
Trying to change them in a sighandler with sigaltstack()
will get EPERM. And if you change them in uc_stack without
setting ss_flags back to SS_ONSTACK, they should better be ignored.
> Anyway, whatever I missed I agree with Andy, SS_FORCE looks simpler and better to me.
But perhaps you missed the most important thing, that
it is not possible to change the altstack in sighandler - you'll
get EPERM, even with my patch. But with SS_FORCE this is
exactly not the case. So I'd like you to confirm your opinion
after all the implementation details are understood.
Also it would be interesting to know what do you think about
just removing the EPERM check instead of this all. There are
3 possibilities to choose from, not 2. Removing EPERM looks
simplest.
Powered by blists - more mailing lists