Re: [PATCH 17/20] signal/x86: In emulate_vsyscall force a signal instead of... | linux-arch

[PATCH 00/20] exit cleanups · Eric W. Biederman <hidden> · 2021-10-20
[PATCH 01/20] exit/doublefault: Remove apparently bogus comment about rewind_stack_do_exit · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 01/20] exit/doublefault: Remove apparently bogus comment about rewind_stack_do_exit · Kees Cook <hidden> · 2021-10-21
[PATCH 02/20] exit: Remove calls of do_exit after noreturn versions of die · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 02/20] exit: Remove calls of do_exit after noreturn versions of die · Kees Cook <hidden> · 2021-10-21
[PATCH 03/20] reboot: Remove the unreachable panic after do_exit in reboot(2) · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 03/20] reboot: Remove the unreachable panic after do_exit in reboot(2) · Kees Cook <hidden> · 2021-10-21
[PATCH 04/20] signal/sparc32: Remove unreachable do_exit in do_sparc_fault · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 04/20] signal/sparc32: Remove unreachable do_exit in do_sparc_fault · Kees Cook <hidden> · 2021-10-21
[PATCH 05/20] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 05/20] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT · Kees Cook <hidden> · 2021-10-21
Re: [PATCH 05/20] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT · "Maciej W. Rozycki" <macro@orcam.me.uk> · 2021-10-24
Re: [PATCH 05/20] signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT · Thomas Bogendoerfer <tsbogend@alpha.franken.de> · 2021-10-24
[PATCH 06/20] signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 06/20] signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) · Linus Torvalds <torvalds@linux-foundation.org> · 2021-10-20
Re: [PATCH 06/20] signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) · Rich Felker <dalias@libc.org> · 2021-10-27
Re: [PATCH 06/20] signal/sh: Use force_sig(SIGKILL) instead of do_group_exit(SIGKILL) · Kees Cook <hidden> · 2021-10-21
[PATCH 07/20] signal/powerpc: On swapcontext failure force SIGSEGV · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 07/20] signal/powerpc: On swapcontext failure force SIGSEGV · Kees Cook <hidden> · 2021-10-21
[PATCH 08/20] signal/sparc: In setup_tsb_params convert open coded BUG into BUG · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 08/20] signal/sparc: In setup_tsb_params convert open coded BUG into BUG · Kees Cook <hidden> · 2021-10-21
[PATCH 09/20] signal/vm86_32: Replace open coded BUG_ON with an actual BUG_ON · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 09/20] signal/vm86_32: Replace open coded BUG_ON with an actual BUG_ON · Kees Cook <hidden> · 2021-10-21
[PATCH 10/20] signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved. · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 10/20] signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved. · Kees Cook <hidden> · 2021-10-21
Re: [PATCH 10/20] signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved. · "Andy Lutomirski" <luto@kernel.org> · 2021-10-21
[PATCH 11/20] signal/s390: Use force_sigsegv in default_trap_handler · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 11/20] signal/s390: Use force_sigsegv in default_trap_handler · Kees Cook <hidden> · 2021-10-21
Re: [PATCH 11/20] signal/s390: Use force_sigsegv in default_trap_handler · Christian Borntraeger <hidden> · 2021-10-26
[PATCH 12/20] exit/kthread: Have kernel threads return instead of calling do_exit · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 12/20] exit/kthread: Have kernel threads return instead of calling do_exit · Christoph Hellwig <hch@infradead.org> · 2021-10-21
Re: [PATCH 12/20] exit/kthread: Have kernel threads return instead of calling do_exit · Kees Cook <hidden> · 2021-10-21
[PATCH 14/20] exit/syscall_user_dispatch: Send ordinary signals on failure · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 14/20] exit/syscall_user_dispatch: Send ordinary signals on failure · Kees Cook <hidden> · 2021-10-21
Re: [PATCH 14/20] exit/syscall_user_dispatch: Send ordinary signals on failure · Andy Lutomirski <luto@kernel.org> · 2021-10-25
[PATCH 13/20] signal: Implement force_fatal_sig · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 13/20] signal: Implement force_fatal_sig · Linus Torvalds <torvalds@linux-foundation.org> · 2021-10-20
Re: [PATCH 13/20] signal: Implement force_fatal_sig · Andy Lutomirski <luto@kernel.org> · 2021-10-25
Re: [PATCH 13/20] signal: Implement force_fatal_sig · Linus Torvalds <torvalds@linux-foundation.org> · 2021-10-25
Re: [PATCH 13/20] signal: Implement force_fatal_sig · Kees Cook <hidden> · 2021-10-21
[PATCH 15/20] signal/sparc32: Exit with a fatal signal when try_to_clear_window_buffer fails · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 15/20] signal/sparc32: Exit with a fatal signal when try_to_clear_window_buffer fails · Kees Cook <hidden> · 2021-10-21
[PATCH 16/20] signal/sparc32: In setup_rt_frame and setup_fram use force_fatal_sig · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 16/20] signal/sparc32: In setup_rt_frame and setup_fram use force_fatal_sig · Kees Cook <hidden> · 2021-10-21
[PATCH 17/20] signal/x86: In emulate_vsyscall force a signal instead of calling do_exit · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 17/20] signal/x86: In emulate_vsyscall force a signal instead of calling do_exit · Kees Cook <hidden> · 2021-10-21
[PATCH 18/20] exit/rtl8723bs: Replace the macro thread_exit with a simple return 0 · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 18/20] exit/rtl8723bs: Replace the macro thread_exit with a simple return 0 · Greg KH <gregkh@linuxfoundation.org> · 2021-10-21
Re: [PATCH 18/20] exit/rtl8723bs: Replace the macro thread_exit with a simple return 0 · Kees Cook <hidden> · 2021-10-21
[PATCH 19/20] exit/rtl8712: Replace the macro thread_exit with a simple return 0 · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 19/20] exit/rtl8712: Replace the macro thread_exit with a simple return 0 · Greg KH <hidden> · 2021-10-21
Re: [PATCH 19/20] exit/rtl8712: Replace the macro thread_exit with a simple return 0 · Kees Cook <hidden> · 2021-10-21
[PATCH 20/20] exit/r8188eu: Replace the macro thread_exit with a simple return 0 · Eric W. Biederman <hidden> · 2021-10-20
Re: [PATCH 20/20] exit/r8188eu: Replace the macro thread_exit with a simple return 0 · Greg KH <hidden> · 2021-10-21
Re: [PATCH 20/20] exit/r8188eu: Replace the macro thread_exit with a simple return 0 · Kees Cook <hidden> · 2021-10-21

Re: [PATCH 17/20] signal/x86: In emulate_vsyscall force a signal instead of calling do_exit

From: Kees Cook <hidden>
Date: 2021-10-21 16:36:49
Also in: lkml

On Wed, Oct 20, 2021 at 12:44:03PM -0500, Eric W. Biederman wrote:

quoted hunk ↗ jump to hunk

Directly calling do_exit with a signal number has the problem that
all of the side effects of the signal don't happen, such as
killing all of the threads of a process instead of just the
calling thread.

So replace do_exit(SIGSYS) with force_fatal_sig(SIGSYS) which
causes the signal handling to take it's normal path and work
as expected.

Cc: Andy Lutomirski <luto@kernel.org>
Signed-off-by: "Eric W. Biederman" <redacted>
---
 arch/x86/entry/vsyscall/vsyscall_64.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c
index 1b40b9297083..0b6b277ee050 100644
--- a/arch/x86/entry/vsyscall/vsyscall_64.c
+++ b/arch/x86/entry/vsyscall/vsyscall_64.c

@@ -226,7 +226,8 @@ bool emulate_vsyscall(unsigned long error_code,
 	if ((!tmp && regs->orig_ax != syscall_nr) || regs->ip != address) {
 		warn_bad_vsyscall(KERN_DEBUG, regs,
 				  "seccomp tried to change syscall nr or ip");
-		do_exit(SIGSYS);
+		force_fatal_sig(SIGSYS);
+		return true;
 	}
 	regs->orig_ax = -1;
 	if (tmp)

This looks correct to me, but please double-check the x86 selftests if
you haven't already.

Reviewed-by: Kees Cook <redacted>

-- 
Kees Cook

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help