Re: [PATCH v2] x86: signal: move save_altstack_ex out of generic headers

From: Al Viro
Date: Fri Apr 03 2020 - 19:39:50 EST

Next message: Joseph Qi: "Re: [PATCH 3/5] ocfs2: Add missing annotation for dlm_empty_lockres()"
Previous message: Sakari Ailus: "Re: [PATCH v2 1/1] lib/vsprintf: Add support for printing V4L2 and DRM fourccs"
In reply to: Nick Desaulniers: "[PATCH v2] x86: signal: move save_altstack_ex out of generic headers"
Next in thread: Oleg Nesterov: "Re: [PATCH v2] x86: signal: move save_altstack_ex out of generic headers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 03, 2020 at 04:16:06PM -0700, Nick Desaulniers wrote:
> In some configurations (clang+KASAN), sas_ss_reset() may emit calls to
> memset(). This is a problem for SMAP protections on x86, which should
> try to minimize calls to any function not already on short whitelist, in
> order to prevent leaking AC flags or being used as a gadget.
>
> Linus noted that unsafe_save_altstack() only has callsites in the
> arch-specific arch/x86/kernel/signal.c, and shouldn't be defined in arch
> independent headers.
>
> Split the logic of unsafe_save_altstack() into two, and move the definitions
> to arch/x86/include/asm/sigframe.h. This does less work with the SMAP
> guards down.

Just move that into signal_delivered() and that's it. SMAP or no SMAP -
doing that until the sigframe is set and we are committed to entering
the handler is wrong.

Next message: Joseph Qi: "Re: [PATCH 3/5] ocfs2: Add missing annotation for dlm_empty_lockres()"
Previous message: Sakari Ailus: "Re: [PATCH v2 1/1] lib/vsprintf: Add support for printing V4L2 and DRM fourccs"
In reply to: Nick Desaulniers: "[PATCH v2] x86: signal: move save_altstack_ex out of generic headers"
Next in thread: Oleg Nesterov: "Re: [PATCH v2] x86: signal: move save_altstack_ex out of generic headers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]