On Tue, Sep 24, 2024 at 01:27:58PM +0200, Kevin Brodsky wrote:
On 22/08/2024 17:11, Joey Gouly wrote:
@@ -1178,6 +1237,9 @@ static void setup_return(struct pt_regs *regs, struct k_sigaction *ka, sme_smstop(); }
- if (system_supports_poe())
write_sysreg_s(POR_EL0_INIT, SYS_POR_EL0);
At the point where setup_return() is called, the signal frame has already been written to the user stack. In other words, we write to the user stack first, and then reset POR_EL0. This may be problematic, especially if we are using the alternate signal stack, which the interrupted POR_EL0 may not grant access to. In that situation uaccess will fail and we'll end up with a SIGSEGV.
This issue has already been discussed on the x86 side, and as it happens patches to reset PKRU early [1] have just landed. I don't think this is a blocker for getting this series landed, but we should try and align with x86. If there's no objection, I'm planning to work on a counterpart to the x86 series (resetting POR_EL0 early during signal delivery).
Kevin
[1] https://lore.kernel.org/lkml/20240802061318.2140081-2-aruna.ramakrishna@orac...
+1, all the uaccess in signal delivery is done by the kernel on behalf of the signal handler context, so we should do it with (at least) the same memory permissions that the signal handler is going to be entered with.
(In an ideal world, userspace would save this information itself, using its own handler permissions -- well, no, in an ideal world we wouldn't have the signal delivery mechanism at all, but hopefully you get the idea.)
Cheers ---Dave