[PATCH 5/5] arm64: signal: Allow expansion of the signal frame

[PATCH 0/5] arm64: signal: Signal frame expansion support · Dave.Martin@arm.com (Dave Martin) · 2017-06-15
[PATCH 1/5] arm64: signal: split frame link record from sigcontext structure · Dave.Martin@arm.com (Dave Martin) · 2017-06-15
[PATCH 1/5] arm64: signal: split frame link record from sigcontext structure · catalin.marinas@arm.com (Catalin Marinas) · 2017-06-15
[PATCH 1/5] arm64: signal: split frame link record from sigcontext structure · Dave.Martin@arm.com (Dave P Martin) · 2017-06-16
[PATCH 2/5] arm64: signal: Refactor sigcontext parsing in rt_sigreturn · Dave.Martin@arm.com (Dave Martin) · 2017-06-15
[PATCH 2/5] arm64: signal: Refactor sigcontext parsing in rt_sigreturn · catalin.marinas@arm.com (Catalin Marinas) · 2017-06-15
[PATCH 2/5] arm64: signal: Refactor sigcontext parsing in rt_sigreturn · Yury Norov <hidden> · 2017-06-22
[PATCH 2/5] arm64: signal: Refactor sigcontext parsing in rt_sigreturn · Dave.Martin@arm.com (Dave Martin) · 2017-06-23
[PATCH 3/5] arm64: signal: factor frame layout and population into separate passes · Dave.Martin@arm.com (Dave Martin) · 2017-06-15
[PATCH 3/5] arm64: signal: factor frame layout and population into separate passes · catalin.marinas@arm.com (Catalin Marinas) · 2017-06-15
[PATCH 4/5] arm64: signal: factor out signal frame record allocation · Dave.Martin@arm.com (Dave Martin) · 2017-06-15
[PATCH 4/5] arm64: signal: factor out signal frame record allocation · catalin.marinas@arm.com (Catalin Marinas) · 2017-06-15
[PATCH 5/5] arm64: signal: Allow expansion of the signal frame · Dave.Martin@arm.com (Dave Martin) · 2017-06-15
[PATCH 5/5] arm64: signal: Allow expansion of the signal frame · catalin.marinas@arm.com (Catalin Marinas) · 2017-06-15
[PATCH 5/5] arm64: signal: Allow expansion of the signal frame · catalin.marinas@arm.com (Catalin Marinas) · 2017-06-16
[PATCH 5/5] arm64: signal: Allow expansion of the signal frame · Dave.Martin@arm.com (Dave Martin) · 2017-06-19
[PATCH 5/5] arm64: signal: Allow expansion of the signal frame · catalin.marinas@arm.com (Catalin Marinas) · 2017-06-19
[PATCH 5/5] arm64: signal: Allow expansion of the signal frame · Dave.Martin@arm.com (Dave Martin) · 2017-06-20
[PATCH] fixup! arm64: signal: Allow expansion of the signal frame · Dave.Martin@arm.com (Dave Martin) · 2017-06-20

STALE3280d

Revisions (6)

2017-06-15 v1 [diff vs current]
2017-06-15 v1 [diff vs current]
2017-06-16 v1 [diff vs current]
2017-06-19 v1 [diff vs current]
2017-06-19 v1 [diff vs current]
2017-06-20 v1 current

From: Dave.Martin@arm.com (Dave Martin)
Date: 2017-06-20 16:20:18
Also in: linux-arch

On Mon, Jun 19, 2017 at 12:03:47PM +0100, Catalin Marinas wrote:

On Mon, Jun 19, 2017 at 11:12:29AM +0100, Dave P Martin wrote:

quoted

On Fri, Jun 16, 2017 at 11:47:41AM +0100, Catalin Marinas wrote:

quoted

On Thu, Jun 15, 2017 at 03:03:42PM +0100, Dave P Martin wrote:

quoted

+struct extra_context {
+	struct _aarch64_ctx head;
+	void __user *data;	/* 16-byte aligned pointer to extra space */
+	__u32 size;		/* size in bytes of the extra space */
+	__u32 __reserved[3];
+};

Some more thoughts on the type of "data" above. It's the first time we
introduce pointers in sigcontext and wonder whether __u64 would make
more sense (invariable size with the ABI).

I'm happy to change this if you want -- it can be a __u64 without
impacting the semantics.

I was thinking in the context of ILP32 but we can address this
separately for the exported kernel headers and glibc definitions.
Looking at this structure from an LP64 perspective, it indeed makes
sense to keep it as void *. We have other UAPI structures with user
pointers already.

OK -- I'll reply with an additional fixup that can be folded in if you
do want the u64.

quoted

Also for discussion - whether using an offset vs absolute address would
be better.

My rationale here related to the ucontext semantics associated with
the signal frame, rather than signal handling itself.

Consider:

void signal_handler(int n, siginfo_t *si, void *uc)
{
	*signal_context = *(ucontext_t *)uc;
}

Will this "work"?  On most machines, yes it will. 

With an expanded signal frame on arm64, it won't work: the copied
context will be truncated at the end of __reserved[].  If extra_data
uses an offset to locate the additional data then someone parsing
*signal_context won't be able to detect the error and will overrun:
this includes rt_sigreturn (if that is run on a stack that has the
copied context).

If a pointer is used in extra_context, this provides some chance of
handling this: naive code like the above will result in a ucontext_t
whose extra_context data pointer is "wrong": extra_context aware
parsers can detect that and error out or ignore the remaining data.
extra_context aware code that wants to copy the signal context can walk
the signal frame to determine its true size, allocate memory, copy, and
then update the extra_context data pointer in the new copy.

Thanks for the explanation, it makes sense to keep an absolute pointer
here rather than offset. So no further changes needed to this patch.

Fair enough.

Cheers
---Dave

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help