lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <8299b17a-a730-46e5-a258-fac78ff0420b@p183>
Date: Fri, 15 Dec 2023 12:45:57 +0300
From: Alexey Dobriyan <adobriyan@...il.com>
To: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>
Cc: linux-kernel@...r.kernel.org, "H. Peter Anvin" <hpa@...or.com>
Subject: [PATCH] selftests/x86/mm: fixup nx_stack test stability with
 SA_ONSTACK

I forgot that using sigaltstack(2) requires opt-in with SA_ONSTACK.

If userspace stack is NX, then the test continues to work and
reports PASS.

If there is kernel bug and some pages of userspace stack are executable,
then test can be derailed because signal stack frame contents will pass
as random instruction with unpredictable consequences.

Signed-off-by: Alexey Dobriyan <adobriyan@...il.com>
---

 tools/testing/selftests/x86/nx_stack.c |   34 ++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

--- a/tools/testing/selftests/x86/nx_stack.c
+++ b/tools/testing/selftests/x86/nx_stack.c
@@ -160,10 +160,25 @@ static void sigtrap(int _, siginfo_t *__, void *uc_)
 
 int main(void)
 {
+	{
+		/*
+		 * We don't know now much stack SIGSEGV handler uses.
+		 * Bump this by 1 page every time someone complains,
+		 * or rewrite it in assembly.
+		 */
+		const size_t len = SIGSTKSZ;
+		void *p = mmap(NULL, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+		assert(p != MAP_FAILED);
+		stack_t ss = {};
+		ss.ss_sp = p;
+		ss.ss_size = len;
+		int rv = sigaltstack(&ss, NULL);
+		assert(rv == 0);
+	}
 	{
 		struct sigaction act = {};
 		sigemptyset(&act.sa_mask);
-		act.sa_flags = SA_SIGINFO;
+		act.sa_flags = SA_SIGINFO|SA_ONSTACK;
 		act.sa_sigaction = &sigsegv;
 		int rv = sigaction(SIGSEGV, &act, NULL);
 		assert(rv == 0);
@@ -171,7 +186,7 @@ int main(void)
 	{
 		struct sigaction act = {};
 		sigemptyset(&act.sa_mask);
-		act.sa_flags = SA_SIGINFO;
+		act.sa_flags = SA_SIGINFO|SA_ONSTACK;
 		act.sa_sigaction = &sigtrap;
 		int rv = sigaction(SIGTRAP, &act, NULL);
 		assert(rv == 0);
@@ -188,21 +203,6 @@ int main(void)
 		rv = setrlimit(RLIMIT_STACK, &rlim);
 		assert(rv == 0);
 	}
-	{
-		/*
-		 * We don't know now much stack SIGSEGV handler uses.
-		 * Bump this by 1 page every time someone complains,
-		 * or rewrite it in assembly.
-		 */
-		const size_t len = SIGSTKSZ;
-		void *p = mmap(NULL, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
-		assert(p != MAP_FAILED);
-		stack_t ss = {};
-		ss.ss_sp = p;
-		ss.ss_size = len;
-		int rv = sigaltstack(&ss, NULL);
-		assert(rv == 0);
-	}
 	make_stack1();
 	/*
 	 * Unreachable, but if _this_ INT3 is ever reached, it's a bug somewhere.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ