diff options
author | Andy Lutomirski <[email protected]> | 2016-05-03 10:31:49 -0700 |
---|---|---|
committer | Ingo Molnar <[email protected]> | 2016-05-04 08:34:13 +0200 |
commit | c876eeab6432687846d4cd5fe1e43dbc348de134 (patch) | |
tree | d15d76828305cdb9cd9f8d4ad26b8415ca36f6b3 | |
parent | 19fd2868e3671b446b13d135a44363182bbd319a (diff) |
signals/sigaltstack: If SS_AUTODISARM, bypass on_sig_stack()
If a signal stack is set up with SS_AUTODISARM, then the kernel
inherently avoids incorrectly resetting the signal stack if signals
recurse: the signal stack will be reset on the first signal
delivery. This means that we don't need check the stack pointer
when delivering signals if SS_AUTODISARM is set.
This will make segmented x86 programs more robust: currently there's
a hole that could be triggered if ESP/RSP appears to point to the
signal stack but actually doesn't due to a nonzero SS base.
Signed-off-by: Andy Lutomirski <[email protected]>
Cc: Al Viro <[email protected]>
Cc: Aleksa Sarai <[email protected]>
Cc: Amanieu d'Antras <[email protected]>
Cc: Andrea Arcangeli <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: Eric W. Biederman <[email protected]>
Cc: Frederic Weisbecker <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Jason Low <[email protected]>
Cc: Josh Triplett <[email protected]>
Cc: Konstantin Khlebnikov <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Oleg Nesterov <[email protected]>
Cc: Palmer Dabbelt <[email protected]>
Cc: Paul Moore <[email protected]>
Cc: Pavel Emelyanov <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Richard Weinberger <[email protected]>
Cc: Sasha Levin <[email protected]>
Cc: Shuah Khan <[email protected]>
Cc: Stas Sergeev <[email protected]>
Cc: Tejun Heo <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Vladimir Davydov <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/c46bee4654ca9e68c498462fd11746e2bd0d98c8.1462296606.git.luto@kernel.org
Signed-off-by: Ingo Molnar <[email protected]>
-rw-r--r-- | include/linux/sched.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/include/linux/sched.h b/include/linux/sched.h index 2950c5cd3005..77fd49f20c5f 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -2576,6 +2576,18 @@ static inline int kill_cad_pid(int sig, int priv) */ static inline int on_sig_stack(unsigned long sp) { + /* + * If the signal stack is SS_AUTODISARM then, by construction, we + * can't be on the signal stack unless user code deliberately set + * SS_AUTODISARM when we were already on it. + * + * This improves reliability: if user state gets corrupted such that + * the stack pointer points very close to the end of the signal stack, + * then this check will enable the signal to be handled anyway. + */ + if (current->sas_ss_flags & SS_AUTODISARM) + return 0; + #ifdef CONFIG_STACK_GROWSUP return sp >= current->sas_ss_sp && sp - current->sas_ss_sp < current->sas_ss_size; |