On Mar 5, 2021, at 02:43, Borislav Petkov <bp@xxxxxxx> wrote:
> On Sat, Feb 27, 2021 at 08:59:08AM -0800, Chang S. Bae wrote:
>> Historically, signal.h defines MINSIGSTKSZ (2KB) and SIGSTKSZ (8KB), for
>> use by all architectures with sigaltstack(2). Over time, the hardware state
>> size grew, but these constants did not evolve. Today, literal use of these
>> constants on several architectures may result in signal stack overflow, and
>> thus user data corruption.
>>
>> A few years ago, the ARM team addressed this issue by establishing
>> getauxval(AT_MINSIGSTKSZ). This enables the kernel to supply at runtime
>> value that is an appropriate replacement on the current and future
>> hardware.
>>
>> Add getauxval(AT_MINSIGSTKSZ) support to x86, analogous to the support
>> added for ARM in commit 94b07c1f8c39 ("arm64: signal: Report signal frame
>> size to userspace via auxv").
>>
>> Also, include a documentation to describe x86-specific auxiliary vectors.
>>
>> Reported-by: Florian Weimer <fweimer@xxxxxxxxxx>
>> Fixes: c2bc11f10a39 ("x86, AVX-512: Enable AVX-512 States Context Switch")
>
> Right, so this has a Fixes: tag and points to bugzilla entry which talks
> about signal stack corruption with AVX-512F.
>
> But if this is going to be backported to stable, then the patch(es)
> should be minimal and not contain documentation. And if so, one will
> need all three to be backported, which means, a cc:stable should contain
> a comment explaining that.
>
> Or am I misreading and they should not need to be backported to stable
> because some <non-obvious reason>?
>
> Also, I'm not sure backporting a patch to stable which changes ABI is
> ok. It probably is but I don't know.
>
> So what's the deal here?
Yeah, right. While this attempts to fix the issue, it involves the ABI change.
Len and I think PATCH5 [1] is rather a backport candidate as it gives a more
reasonable behavior.
At least, I can make a new patch for this documentation if you think it is the
right way.
> You also need:
>
> diff --git a/Documentation/x86/index.rst b/Documentation/x86/index.rst
> index 4693e192b447..d58614d5cde6 100644
> --- a/Documentation/x86/index.rst
> +++ b/Documentation/x86/index.rst
> @@ -35,3 +35,4 @@ x86-specific Documentation
> sva
> sgx
> features
> + elf_auxvec
>
> to add this to the TOC.
Ah, will do that.
>> + #include <sys/auxv.h>
>> + #include <elf.h>
>> +
>> + #ifndef AT_MINSIGSTKSZ
>> + #define AT_MINSIGSTKSZ 51
>> + #endif
>> +
>> + stack_t ss;
>> + int err;
>> +
>> + ss.ss_size = getauxval(AT_MINSIGSTKSZ) + SIGSTKSZ;
>> + ss.ss_sp = malloc(ss.ss_size);
>> + ...
>> +
>> + err = sigaltstack(&ss, NULL);
>> + ...
>
> That source code needs some special markup to look like source code -
> currently, the result looks bad.
How about this code:
#include <sys/auxv.h>
#include <elf.h>
#include <signal.h>
#include <stdlib.h>
#include <assert.h>
#include <err.h>
#ifndef AT_MINSIGSTKSZ
#define AT_MINSIGSTKSZ 51
#endif
stack_t ss;
ss.ss_sp = malloc(ss.ss_size);
assert(ss.ss_sp);
ss.ss_size = getauxval(AT_MINSIGSTKSZ) + SIGSTKSZ;
ss.ss_flags = 0;
if (sigaltstack(&ss, NULL))
err(1, "sigaltstack");
>> +2. The exposed auxiliary vectors
>> +---------------------------------
>> +
>> +AT_SYSINFO
>> + The entry point to the system call function the virtual Dynamic Shared
>> + Object (vDSO), not exported on 64-bit.
>
> I can't parse that sentence.
>
>> +
>> +AT_SYSINFO_EHDR
>> + The start address of the page containing vDSO.
> ^
> the
>> +
>> +AT_MINSIGSTKSZ
>> + The minimum stack size required to deliver a signal. It is a calculated
>> + sigframe size based on the largest possible user context. When programs
>> + use sigaltstack() to provide alternate signal stack, that stack must be
>> + at least the size to function properly on this hardware. Note that this
>> + is a minimum of the kernel to correctly get to the signal handler.
>
> I get what this is trying to say but it reads weird. Simplify pls.
>
>> + Additional space must be added to handle objects pushed onto the stack
>> + by the signal handlers, as well as for nested signal delivery.
>> +
>> + The purpose of this parameter is to accommodate the different stack
>> + sizes required by different hardware configuration. E.g., the x86
>> + system supporting the Advanced Vector Extension needs at least 8KB more
>> + than the one without it.
>
> That could be simplified too.
Rewrote like this:
AT_SYSINFO is used for locating the vsyscall entry point. It is not exported
on 64-bit mode.
AT_SYSINFO_EHDR is the start address of the page containing the vDSO.
AT_MINSIGSTKSZ denotes the minimum stack size required by the kernel to
deliver a signal to user-space. AT_MINSIGSTKSZ comprehends the space consumed
by the kernel to accommodate the user context for the current hardware
configuration. It does not comprehend subsequent user-space stack
consumption, which must be added by the user. (e.g. Above, user-space adds
SIGSTKSZ to AT_MINSIGSTKSZ.)
>> diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
>> index 66bdfe838d61..cd10795c178e 100644
>> --- a/arch/x86/include/asm/elf.h
>> +++ b/arch/x86/include/asm/elf.h
>> @@ -312,6 +312,7 @@ do { \
>> NEW_AUX_ENT(AT_SYSINFO, VDSO_ENTRY); \
>> NEW_AUX_ENT(AT_SYSINFO_EHDR, VDSO_CURRENT_BASE); \
>> } \
>> + NEW_AUX_ENT(AT_MINSIGSTKSZ, get_sigframe_size()); \
>
> Check vertical alignment of the '\'
Sorry, I will make sure this next time.
Thanks,
Chang
[1] https://lore.kernel.org/lkml/20210227165911.32757-6-chang.seok.bae@xxxxxxxxx/
