Re: [PATCH v2 3/4] x86/signal: Prevent an alternate stack overflow before a signal delivery
From: Bae, Chang Seok
Date: Tue Nov 24 2020 - 13:22:21 EST
> On Nov 20, 2020, at 15:04, Jann Horn <jannh@xxxxxxxxxx> wrote:
>
> On Thu, Nov 19, 2020 at 8:40 PM Chang S. Bae <chang.seok.bae@xxxxxxxxx> wrote:
>>
>> diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
>> index ee6f1ceaa7a2..cee41d684dc2 100644
>> --- a/arch/x86/kernel/signal.c
>> +++ b/arch/x86/kernel/signal.c
>> @@ -251,8 +251,13 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size,
>>
>> /* This is the X/Open sanctioned signal stack switching. */
>> if (ka->sa.sa_flags & SA_ONSTACK) {
>> - if (sas_ss_flags(sp) == 0)
>> + if (sas_ss_flags(sp) == 0) {
>> + /* If the altstack might overflow, die with SIGSEGV: */
>> + if (!altstack_size_ok(current))
>> + return (void __user *)-1L;
>> +
>> sp = current->sas_ss_sp + current->sas_ss_size;
>> + }
>
> A couple lines further down, we have this (since commit 14fc9fbc700d):
>
> /*
> * If we are on the alternate signal stack and would overflow it, don't.
> * Return an always-bogus address instead so we will die with SIGSEGV.
> */
> if (onsigstack && !likely(on_sig_stack(sp)))
> return (void __user *)-1L;
>
> Is that not working?
onsigstack is set at the beginning here. If a signal hits under normal stack,
this flag is not set. Then it will miss the overflow.
The added check allows to detect the sigaltstack overflow (always).
Thanks,
Chang