This is a note to let you know that I've just added the patch titled
signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved.
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
signal-vm86_32-properly-send-sigsegv-when-the-vm86-state-cannot-be-saved.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 1fbd60df8a852d9c55de8cd3621899cf4c72a5b7 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Date: Wed, 20 Oct 2021 12:43:56 -0500
Subject: signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved.
From: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
commit 1fbd60df8a852d9c55de8cd3621899cf4c72a5b7 upstream.
Update save_v86_state to always complete all of it's work except
possibly some of the copies to userspace even if save_v86_state takes
a fault. This ensures that the kernel is always in a sane state, even
if userspace has done something silly.
When save_v86_state takes a fault update it to force userspace to take
a SIGSEGV and terminate the userspace application.
As Andy pointed out in review of the first version of this change
there are races between sigaction and the application terinating. Now
that the code has been modified to always perform all save_v86_state's
work (except possibly copying to userspace) those races do not matter
from a kernel perspective.
Forcing the userspace application to terminate (by resetting it's
handler to SIGDFL) is there to keep everything as close to the current
behavior as possible while removing the unique (and difficult to
maintain) use of do_exit.
If this new SIGSEGV happens during handle_signal the next time around
the exit_to_user_mode_loop, SIGSEGV will be delivered to userspace.
All of the callers of handle_vm86_trap and handle_vm86_fault run the
exit_to_user_mode_loop before they return to userspace any signal sent
to the current task during their execution will be delivered to the
current task before that tasks exits to usermode.
Cc: Andy Lutomirski <luto@xxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxxxxx>
Cc: Borislav Petkov <bp@xxxxxxxxx>
Cc: x86@xxxxxxxxxx
Cc: H Peter Anvin <hpa@xxxxxxxxx>
v1: https://lkml.kernel.org/r/20211020174406.17889-10-ebiederm@xxxxxxxxxxxx
Link: https://lkml.kernel.org/r/877de1xcr6.fsf_-_@disp2133
Signed-off-by: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
Cc: Thomas Backlund <tmb@xxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/vm86_32.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -142,6 +142,7 @@ void save_v86_state(struct kernel_vm86_r
user_access_end();
+exit_vm86:
preempt_disable();
tsk->thread.sp0 = vm86->saved_sp0;
tsk->thread.sysenter_cs = __KERNEL_CS;
@@ -161,7 +162,8 @@ Efault_end:
user_access_end();
Efault:
pr_alert("could not access userspace vm86 info\n");
- do_exit(SIGSEGV);
+ force_sigsegv(SIGSEGV);
+ goto exit_vm86;
}
static int do_vm86_irq_handling(int subfunction, int irqnumber);
Patches currently in stable-queue which might be from ebiederm@xxxxxxxxxxxx are
queue-5.15/signal-vm86_32-properly-send-sigsegv-when-the-vm86-state-cannot-be-saved.patch
queue-5.15/signal-don-t-always-set-sa_immutable-for-forced-signals.patch
queue-5.15/signal-x86-in-emulate_vsyscall-force-a-signal-instead-of-calling-do_exit.patch
queue-5.15/ipc-warn-if-trying-to-remove-ipc-object-which-is-absent.patch
queue-5.15/signal-replace-force_sigsegv-sigsegv-with-force_fatal_sig-sigsegv.patch
queue-5.15/signal-powerpc-on-swapcontext-failure-force-sigsegv.patch
queue-5.15/exit-syscall_user_dispatch-send-ordinary-signals-on-failure.patch
queue-5.15/signal-s390-use-force_sigsegv-in-default_trap_handler.patch
queue-5.15/signal-implement-force_fatal_sig.patch
queue-5.15/signal-sparc32-in-setup_rt_frame-and-setup_fram-use-force_fatal_sig.patch
queue-5.15/signal-sparc32-exit-with-a-fatal-signal-when-try_to_clear_window_buffer-fails.patch
queue-5.15/shm-extend-forced-shm-destroy-to-support-objects-from-several-ipc-nses.patch
queue-5.15/signal-replace-force_fatal_sig-with-force_exit_sig-when-in-doubt.patch
