Patch "x86/pkeys: Restore altstack access in sigreturn()" has been added to the 6.6-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 6 Oct 2024 11:34:47 -0400

This is a note to let you know that I've just added the patch titled

    x86/pkeys: Restore altstack access in sigreturn()

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     x86-pkeys-restore-altstack-access-in-sigreturn.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 3aa3464fedec5128e3c4a0139b037e7f83dde02a
Author: Aruna Ramakrishna <aruna.ramakrishna@xxxxxxxxxx>
Date:   Fri Aug 2 06:13:17 2024 +0000

    x86/pkeys: Restore altstack access in sigreturn()
    
    [ Upstream commit d10b554919d4cc8fa8fe2e95b57ad2624728c8e4 ]
    
    A process can disable access to the alternate signal stack by not
    enabling the altstack's PKEY in the PKRU register.
    
    Nevertheless, the kernel updates the PKRU temporarily for signal
    handling. However, in sigreturn(), restore_sigcontext() will restore the
    PKRU to the user-defined PKRU value.
    
    This will cause restore_altstack() to fail with a SIGSEGV as it needs read
    access to the altstack which is prohibited by the user-defined PKRU value.
    
    Fix this by restoring altstack before restoring PKRU.
    
    Signed-off-by: Aruna Ramakrishna <aruna.ramakrishna@xxxxxxxxxx>
    Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/all/20240802061318.2140081-5-aruna.ramakrishna@xxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/x86/kernel/signal_64.c b/arch/x86/kernel/signal_64.c
index 23d8aaf8d9fd1..449a6ed0b8c98 100644
--- a/arch/x86/kernel/signal_64.c
+++ b/arch/x86/kernel/signal_64.c
@@ -260,13 +260,13 @@ SYSCALL_DEFINE0(rt_sigreturn)
 
 	set_current_blocked(&set);
 
-	if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
+	if (restore_altstack(&frame->uc.uc_stack))
 		goto badframe;
 
-	if (restore_signal_shadow_stack())
+	if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
 		goto badframe;
 
-	if (restore_altstack(&frame->uc.uc_stack))
+	if (restore_signal_shadow_stack())
 		goto badframe;
 
 	return regs->ax;







