subject:"Re\: \[PATCH v7 5\/6\] x86\/signal\: Detect and prevent an alternate signal stack overflow"

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-04-14 Thread Borislav Petkov

On Wed, Apr 14, 2021 at 01:30:43PM +0200, Florian Weimer wrote: > Is this discussion about better behavior (at least diagnostics) for > existing applications, without any code changes? Or an alternative > programming model? Former. > Does noavx512 acutally reduce the XSAVE size to AVX2 levels?

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-04-14 Thread Florian Weimer

* Borislav Petkov: > On Mon, Apr 12, 2021 at 10:30:23PM +, Bae, Chang Seok wrote: >> On Mar 26, 2021, at 03:30, Borislav Petkov wrote: >> > On Thu, Mar 25, 2021 at 09:56:53PM -0700, Andy Lutomirski wrote: >> >> We really ought to have a SIGSIGFAIL signal that's sent, double-fault >> >>

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-04-14 Thread Borislav Petkov

On Mon, Apr 12, 2021 at 10:30:23PM +, Bae, Chang Seok wrote: > On Mar 26, 2021, at 03:30, Borislav Petkov wrote: > > On Thu, Mar 25, 2021 at 09:56:53PM -0700, Andy Lutomirski wrote: > >> We really ought to have a SIGSIGFAIL signal that's sent, double-fault > >> style, when we fail to send a

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-04-12 Thread Bae, Chang Seok

On Mar 26, 2021, at 03:30, Borislav Petkov wrote: > On Thu, Mar 25, 2021 at 09:56:53PM -0700, Andy Lutomirski wrote: >> We really ought to have a SIGSIGFAIL signal that's sent, double-fault >> style, when we fail to send a signal. > > Yeap, we should be able to tell userspace that we couldn't

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-26 Thread Borislav Petkov

On Thu, Mar 25, 2021 at 09:56:53PM -0700, Andy Lutomirski wrote: > Nope. on_sig_stack() is a horrible kludge and won't work here. We > could have something like __on_sig_stack() or sp_is_on_sig_stack() or > something, though. Yeah, see my other reply. Ack to either of those carved out helpers.

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-25 Thread Andy Lutomirski

I forgot to mention why I cc'd all you fine Xen folk: On Thu, Mar 25, 2021 at 11:13 AM Andy Lutomirski wrote: > > > } else if (IS_ENABLED(CONFIG_X86_32) && > >!onsigstack && > >regs->ss != __USER_DS && This bit here seems really dubious on Xen

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-25 Thread Andy Lutomirski

On Thu, Mar 25, 2021 at 11:54 AM Borislav Petkov wrote: > > On Thu, Mar 25, 2021 at 11:13:12AM -0700, Andy Lutomirski wrote: > > diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c > > index ea794a083c44..53781324a2d3 100644 > > --- a/arch/x86/kernel/signal.c > > +++

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-25 Thread Borislav Petkov

On Thu, Mar 25, 2021 at 09:11:56PM +, Bae, Chang Seok wrote: > But if sigaltstack()’ed with the SS_AUTODISARM flag, both on_sig_stack() and > sas_ss_flags() return 0 [1]. Then, segfault always here. v5 had the exact > issue before [2]. Ah, there's that SS_AUTODISARM check above it which I

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-25 Thread Bae, Chang Seok

On Mar 25, 2021, at 11:54, Borislav Petkov wrote: > On Thu, Mar 25, 2021 at 11:13:12AM -0700, Andy Lutomirski wrote: >> diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c >> index ea794a083c44..53781324a2d3 100644 >> --- a/arch/x86/kernel/signal.c >> +++ b/arch/x86/kernel/signal.c

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-25 Thread Florian Weimer

* Chang Seok via Libc-alpha Bae: > On Mar 25, 2021, at 09:20, Borislav Petkov wrote: >> >> $ gcc tst-minsigstksz-2.c -DMY_MINSIGSTKSZ=3453 -o tst-minsigstksz-2 >> $ ./tst-minsigstksz-2 >> tst-minsigstksz-2: changed byte 50 bytes below configured stack >> >> Whoops. >> >> And the debug print

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-25 Thread Borislav Petkov

On Thu, Mar 25, 2021 at 11:13:12AM -0700, Andy Lutomirski wrote: > diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c > index ea794a083c44..53781324a2d3 100644 > --- a/arch/x86/kernel/signal.c > +++ b/arch/x86/kernel/signal.c > @@ -237,7 +237,8 @@ get_sigframe(struct k_sigaction *ka,

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-25 Thread Andy Lutomirski

On Mon, Mar 15, 2021 at 11:57 PM Chang S. Bae wrote: > > The kernel pushes context on to the userspace stack to prepare for the > user's signal handler. When the user has supplied an alternate signal > stack, via sigaltstack(2), it is easy for the kernel to verify that the > stack size is

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-25 Thread Bae, Chang Seok

On Mar 25, 2021, at 09:20, Borislav Petkov wrote: > > $ gcc tst-minsigstksz-2.c -DMY_MINSIGSTKSZ=3453 -o tst-minsigstksz-2 > $ ./tst-minsigstksz-2 > tst-minsigstksz-2: changed byte 50 bytes below configured stack > > Whoops. > > And the debug print said: > > [ 5395.252884] signal:

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-25 Thread Borislav Petkov

On Tue, Mar 16, 2021 at 06:26:46PM +, Bae, Chang Seok wrote: > I suspect the AVX-512 states not enabled there. Ok, I found a machine which has AVX-512: [0.00] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [0.00] x86/fpu: Supporting XSAVE feature

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-16 Thread Bae, Chang Seok

On Mar 16, 2021, at 04:52, Borislav Petkov wrote: > On Mon, Mar 15, 2021 at 11:52:14PM -0700, Chang S. Bae wrote: >> @@ -272,7 +275,8 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs >> *regs, size_t frame_size, >> * If we are on the alternate signal stack and would overflow it,

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

2021-03-16 Thread Borislav Petkov

On Mon, Mar 15, 2021 at 11:52:14PM -0700, Chang S. Bae wrote: > @@ -272,7 +275,8 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs > *regs, size_t frame_size, >* If we are on the alternate signal stack and would overflow it, don't. >* Return an always-bogus address instead so

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

Re: [PATCH v7 5/6] x86/signal: Detect and prevent an alternate signal stack overflow

16 matches

Site Navigation

Mail list logo

Footer information