On Tue, Nov 17, 2020 at 5:40 AM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
>
> Peter Collingbourne <pcc@xxxxxxxxxx> writes:
>
> > diff --git a/kernel/signal.c b/kernel/signal.c
> > index 8f34819e80de..16be62e6d341 100644
> > --- a/kernel/signal.c
> > +++ b/kernel/signal.c
> > @@ -1650,6 +1650,15 @@ void force_sigsegv(int sig)
> > force_sig(SIGSEGV);
> > }
> >
> > +static void __user *get_si_addr(void __user *addr, unsigned long sig,
> > + unsigned long si_code)
> > +{
> > + if (current->sighand->action[sig - 1].sa.sa_flags & SA_EXPOSE_TAGBITS)
> > + return addr;
>
> Apologies for not seeing this before but this part of the patch is
> buggy.
>
> It is using current->sighand->action when the destination task may not
> be current. send_sig_fault and send_sig_mcerr may somewhat legitimately
> be used to send faults to other processes.
>
> Now that I think about it there are interactions with
> PTRACE_GETSIGINFO/PTRACE_SETSIGINFO.
>
> Can we move the masking into get_signal after the ptrace handling?
>
> That way everything in the core of the kernel deals with unmasked
> si_addr values and we only mask the address just before sending it to
> userspace?
Makes sense, done in v18.
Peter
