On Wed, Feb 19, 2020 at 06:42:23PM +0100, Borislav Petkov wrote:
> On Wed, Feb 19, 2020 at 09:21:48AM -0800, Andy Lutomirski wrote:
> > Unless there is a signal pending and the signal setup code is about to
> > hit the same failed memory. I suppose we can just treat cases like
> > this as "oh well, time to kill the whole system".
> >
> > But we should genuinely agree that we're okay with deferring this handling.
>
> Good catch!
>
> static void exit_to_usermode_loop(struct pt_regs *regs, u32 cached_flags)
> {
>
> ...
>
> /* deal with pending signal delivery */
> if (cached_flags & _TIF_SIGPENDING)
> do_signal(regs);
>
> if (cached_flags & _TIF_NOTIFY_RESUME) {
> clear_thread_flag(TIF_NOTIFY_RESUME);
> tracehook_notify_resume(regs);
> rseq_handle_notify_resume(NULL, regs);
> }
>
>
> Err, can we make task_work run before we handle signals? Or there's a
> reason it is run in this order?
>
> Comment over task_work_add() says:
>
> * This is like the signal handler which runs in kernel mode, but it doesn't
> * try to wake up the @task.
>
> which sounds to me like this should really run before the signal
> handlers...
here goes...
--- a/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@ -155,16 +155,16 @@ static void exit_to_usermode_loop(struct
if (cached_flags & _TIF_PATCH_PENDING)
klp_update_patch_state(current);
- /* deal with pending signal delivery */
- if (cached_flags & _TIF_SIGPENDING)
- do_signal(regs);
-
if (cached_flags & _TIF_NOTIFY_RESUME) {
clear_thread_flag(TIF_NOTIFY_RESUME);
tracehook_notify_resume(regs);
rseq_handle_notify_resume(NULL, regs);
}
+ /* deal with pending signal delivery */
+ if (cached_flags & _TIF_SIGPENDING)
+ do_signal(regs);
+
if (cached_flags & _TIF_USER_RETURN_NOTIFY)
fire_user_return_notifiers();
