From patchwork Sat Aug 22 05:10:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Collingbourne X-Patchwork-Id: 11730907 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2FE0515E4 for ; Sat, 22 Aug 2020 05:10:58 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 07F722072D for ; Sat, 22 Aug 2020 05:10:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pdikuio8"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="DWyIkqyE" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 07F722072D Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:To:From:Subject:References:Mime-Version:Message-Id: In-Reply-To:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=weQfCDXYI7mhf/H0fdOFZWSPXwVaFvhJ/AAFbO3dYJk=; b=pdikuio8XubaTce8qHitFoIaI MEPMiHtVhjaYJOQOAsINIHqbmUFqTRFJSu1TK0FynEEvf46uqXjfMV3FfgOn6YgX7z6efgAr/cF1B Erhlqj1KLPbFfdcMSbUX0q3ryYhdG8/DUpVkDzXoHNrSQUtjTII9BmsEQferuEhdbtbuVyk9Oeeoh ZGlIQWD9EoponJT436On0gKFt0dMMTH4q2ZGSR2oBgkLqDmJW+jQNQJDmHbqGI+vWHGWgcj0RkxTU cG4GBdeV6ZPEC0bgh4QH65tuEEahgditEqXoQgjpHrxGkKzXO5G+m1WaMRD5vpeWtxg79tQqb9iwv iNC0xepLg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k9Lnf-0007VJ-6o; Sat, 22 Aug 2020 05:10:43 +0000 Received: from mail-yb1-xb49.google.com ([2607:f8b0:4864:20::b49]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k9LnY-0007T6-J4 for linux-arm-kernel@lists.infradead.org; Sat, 22 Aug 2020 05:10:38 +0000 Received: by mail-yb1-xb49.google.com with SMTP id p138so4368839yba.12 for ; Fri, 21 Aug 2020 22:10:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=sender:date:in-reply-to:message-id:mime-version:references:subject :from:to:cc; bh=KrdxAilGBmE923YVVL9prklmvfKq2p4HPDeQrjFjEyM=; b=DWyIkqyEklyjgdoBNglLonZww9+p8LBWbdFnAHzb1tsVAn+VYTq7EiqnIgzZAw38L1 x+RKzjf2B9U3JCCQdu9SizqS7GzsEGuTffaXkT3HvtIFmAxS4VFwSscmssRvpQxJR62g c8NtKxoEeVNfQ3odGcYBxD/do7YOtX8a3ndoIeJPKVNTyAH5DZYUkSV8cgg0jVhkCzSc 2lLWhLseI1mlJvR8XsfUwhNR9oB48aohVvETZ6qkpaVPAzzd9sPxt/8aJwEIWkbeQyRr nBD7U87YRdxXd0DCO+H1YdCOwWQ9FgHUsYpobD/UqYiW0EHkIqPf2S/IZRfy8KpGKNGe ud9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=KrdxAilGBmE923YVVL9prklmvfKq2p4HPDeQrjFjEyM=; b=teyEDxByb0x8sB+g38meDwnGGeK27/0eC2NibZzRvK5aFWvkEWvskQ6nojLxjeTpSy JZ1zZAKt7z87ZRqa8K25hzfasZQkPzHq+SXwvWK4GIpO6RRUa0BM7gUqhnsIWij+MfTx 9bEroA/9D77y7G0sGca425ipFG5nU4mV3qRAlyH85VMouynKhWngda1FYxDL38OhyZzF xIWhVQZY2OQDqI6BBlVji1UZblEVo2Ss9KTLAg/WCktXTYv7FZ/KkXzdQgYaaTyBZkli WwvAu/rQ1sl+026JsZGr6humYG/gxKdPRYExW8R/Rtn0GRFng0HSJ6SIj43w876m11FO r8NQ== X-Gm-Message-State: AOAM533FKZ9jlfmV2DQW2R4GlnEjL5ZZ6ykzJFFC/ibEwvXTQ10B2dTS 3w022/7FKrGoKP/cO51R7eLxL9Y= X-Google-Smtp-Source: ABdhPJwf5XbobwL1l/mHkrk+/iWLsQrxUpPJ7TZdQV9SNtzqlrADocDLwSXNXUq6r5XgT8VU7oAYSyw= X-Received: from pcc-desktop.svl.corp.google.com ([2620:15c:2ce:0:7220:84ff:fe09:385a]) (user=pcc job=sendgmr) by 2002:a25:2451:: with SMTP id k78mr8388338ybk.335.1598073032784; Fri, 21 Aug 2020 22:10:32 -0700 (PDT) Date: Fri, 21 Aug 2020 22:10:13 -0700 In-Reply-To: Message-Id: <868b8a89e4050d3f2d079bf28a18786e92b9c680.1598072840.git.pcc@google.com> Mime-Version: 1.0 References: X-Mailer: git-send-email 2.28.0.297.g1956fa8f8d-goog Subject: [PATCH v10 3/7] signal: clear non-uapi flag bits when passing/returning sa_flags From: Peter Collingbourne To: Catalin Marinas , Evgenii Stepanov , Kostya Serebryany , Vincenzo Frascino , Dave Martin , Will Deacon , Oleg Nesterov , "Eric W. Biederman" , "James E.J. Bottomley" X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200822_011036_746011_7F17C1A0 X-CRM114-Status: GOOD ( 20.41 ) X-Spam-Score: -7.7 (-------) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-7.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:b49 listed in] [list.dnswl.org] -7.5 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 DKIMWL_WL_MED DKIMwl.org - Medium sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-parisc@vger.kernel.org, Andrey Konovalov , Kevin Brodsky , David Spickett , Peter Collingbourne , Linux ARM , Richard Henderson Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Previously we were not clearing non-uapi flag bits in sigaction.sa_flags when storing the userspace-provided sa_flags or when returning them via oldact. Start doing so. This allows userspace to detect missing support for flag bits and allows the kernel to use non-uapi bits internally, as we are already doing in arch/x86 for two flag bits. Now that this change is in place, we no longer need the code in arch/x86 that was hiding these bits from userspace, so remove it. This is technically a userspace-visible behavior change for sigaction, as the unknown bits returned via oldact.sa_flags are no longer set. However, we are free to define the behavior for unknown bits exactly because their behavior is currently undefined, so for now we can define the meaning of each of them to be "clear the bit in oldact.sa_flags unless the bit becomes known in the future". Furthermore, this behavior is consistent with OpenBSD [1], illumos [2] and XNU [3] (FreeBSD [4] and NetBSD [5] fail the syscall if unknown bits are set). So there is some precedent for this behavior in other kernels, and in particular in XNU, which is probably the most popular kernel among those that I looked at, which means that this change is less likely to be a compatibility issue. Link: [1] https://github.com/openbsd/src/blob/f634a6a4b5bf832e9c1de77f7894ae2625e74484/sys/kern/kern_sig.c#L278 Link: [2] https://github.com/illumos/illumos-gate/blob/76f19f5fdc974fe5be5c82a556e43a4df93f1de1/usr/src/uts/common/syscall/sigaction.c#L86 Link: [3] https://github.com/apple/darwin-xnu/blob/a449c6a3b8014d9406c2ddbdc81795da24aa7443/bsd/kern/kern_sig.c#L480 Link: [4] https://github.com/freebsd/freebsd/blob/eded70c37057857c6e23fae51f86b8f8f43cd2d0/sys/kern/kern_sig.c#L699 Link: [5] https://github.com/NetBSD/src/blob/3365779becdcedfca206091a645a0e8e22b2946e/sys/kern/sys_sig.c#L473 Signed-off-by: Peter Collingbourne --- View this change in Gerrit: https://linux-review.googlesource.com/q/I35aab6f5be932505d90f3b3450c083b4db1eca86 v10: - rename SA_UAPI_FLAGS -> UAPI_SA_FLAGS - refactor how we define it to avoid mentioning flags more than once arch/arm/include/asm/signal.h | 2 ++ arch/parisc/include/asm/signal.h | 2 ++ arch/x86/kernel/signal_compat.c | 7 ------- include/linux/signal_types.h | 12 ++++++++++++ kernel/signal.c | 10 ++++++++++ 5 files changed, 26 insertions(+), 7 deletions(-) diff --git a/arch/arm/include/asm/signal.h b/arch/arm/include/asm/signal.h index 65530a042009..430be7774402 100644 --- a/arch/arm/include/asm/signal.h +++ b/arch/arm/include/asm/signal.h @@ -17,6 +17,8 @@ typedef struct { unsigned long sig[_NSIG_WORDS]; } sigset_t; +#define __ARCH_UAPI_SA_FLAGS (SA_THIRTYTWO | SA_RESTORER) + #define __ARCH_HAS_SA_RESTORER #include diff --git a/arch/parisc/include/asm/signal.h b/arch/parisc/include/asm/signal.h index 715c96ba2ec8..30dd1e43ef88 100644 --- a/arch/parisc/include/asm/signal.h +++ b/arch/parisc/include/asm/signal.h @@ -21,6 +21,8 @@ typedef struct { unsigned long sig[_NSIG_WORDS]; } sigset_t; +#define __ARCH_UAPI_SA_FLAGS _SA_SIGGFAULT + #include #endif /* !__ASSEMBLY */ diff --git a/arch/x86/kernel/signal_compat.c b/arch/x86/kernel/signal_compat.c index 9ccbf0576cd0..c599013ae8cb 100644 --- a/arch/x86/kernel/signal_compat.c +++ b/arch/x86/kernel/signal_compat.c @@ -165,16 +165,9 @@ void sigaction_compat_abi(struct k_sigaction *act, struct k_sigaction *oact) { signal_compat_build_tests(); - /* Don't leak in-kernel non-uapi flags to user-space */ - if (oact) - oact->sa.sa_flags &= ~(SA_IA32_ABI | SA_X32_ABI); - if (!act) return; - /* Don't let flags to be set from userspace */ - act->sa.sa_flags &= ~(SA_IA32_ABI | SA_X32_ABI); - if (in_ia32_syscall()) act->sa.sa_flags |= SA_IA32_ABI; if (in_x32_syscall()) diff --git a/include/linux/signal_types.h b/include/linux/signal_types.h index f8a90ae9c6ec..a7887ad84d36 100644 --- a/include/linux/signal_types.h +++ b/include/linux/signal_types.h @@ -68,4 +68,16 @@ struct ksignal { int sig; }; +#ifndef __ARCH_UAPI_SA_FLAGS +#ifdef SA_RESTORER +#define __ARCH_UAPI_SA_FLAGS SA_RESTORER +#else +#define __ARCH_UAPI_SA_FLAGS 0 +#endif +#endif + +#define UAPI_SA_FLAGS \ + (SA_NOCLDSTOP | SA_NOCLDWAIT | SA_SIGINFO | SA_ONSTACK | SA_RESTART | \ + SA_NODEFER | SA_RESETHAND | __ARCH_UAPI_SA_FLAGS) + #endif /* _LINUX_SIGNAL_TYPES_H */ diff --git a/kernel/signal.c b/kernel/signal.c index 42b67d2cea37..f802c82c7bcc 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -3984,6 +3984,16 @@ int do_sigaction(int sig, struct k_sigaction *act, struct k_sigaction *oact) if (oact) *oact = *k; + /* + * Clear unknown flag bits in order to allow userspace to detect missing + * support for flag bits and to allow the kernel to use non-uapi bits + * internally. + */ + if (act) + act->sa.sa_flags &= UAPI_SA_FLAGS; + if (oact) + oact->sa.sa_flags &= UAPI_SA_FLAGS; + sigaction_compat_abi(act, oact); if (act) {