From patchwork Fri Jan 15 21:10:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Chang S. Bae" X-Patchwork-Id: 41723 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9BE6C398B148; Fri, 15 Jan 2021 21:15:19 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9BE6C398B148 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1610745319; bh=qNM2yYSPL9EqjHDdekTdOlq7QialeOeV6GBOY/czPCk=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=P2iIkebv9pcQ08vwsttqYDxX6HvfqcAtlTuvOzPkpUbdt1rN/Ub2bPq5G3qd9LsbJ OawdoeZmMDSljsKM2ig8cJqQXL1RKUzHkYcavxMPeg+4iP2w13C5y49cOR2MnS2ynR gDZPMSFJ4gU3FTXLkcoLjwmj07L8KSApow3QUCYQ= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by sourceware.org (Postfix) with ESMTPS id 29C373857C69 for ; Fri, 15 Jan 2021 21:15:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 29C373857C69 IronPort-SDR: 00oG1gw3XrF/MXx2lQ8HLtoPTEBhH15xYglt5PrT8uM9NfxBcr/UHA+drbeoCsk71EakibJc4W bvVypj4Su6Jg== X-IronPort-AV: E=McAfee;i="6000,8403,9865"; a="158382271" X-IronPort-AV: E=Sophos;i="5.79,350,1602572400"; d="scan'208";a="158382271" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Jan 2021 13:15:15 -0800 IronPort-SDR: 1M9GAuDspsCvPRQeL54zCIkrCO/CE9pz+yzb+uIZgY7SGHnGEyFzv9KH02kHfmSz33rsLU2WsC ciQVcXt9ZPmw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.79,350,1602572400"; d="scan'208";a="401418959" Received: from chang-linux-3.sc.intel.com ([172.25.66.175]) by fmsmga002.fm.intel.com with ESMTP; 15 Jan 2021 13:15:15 -0800 To: bp@suse.de, tglx@linutronix.de, mingo@kernel.org, luto@kernel.org, x86@kernel.org Subject: [PATCH v4 0/4] x86: Improve Minimum Alternate Stack Size Date: Fri, 15 Jan 2021 13:10:34 -0800 Message-Id: <20210115211038.2072-1-chang.seok.bae@intel.com> X-Mailer: git-send-email 2.17.1 X-Spam-Status: No, score=-4.5 required=5.0 tests=AC_FROM_MANY_DOTS, BAYES_00, KAM_DMARC_STATUS, KAM_SHORT, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: "Chang S. Bae via Libc-alpha" From: "Chang S. Bae" Reply-To: "Chang S. Bae" Cc: linux-arch@vger.kernel.org, len.brown@intel.com, tony.luck@intel.com, libc-alpha@sourceware.org, ravi.v.shankar@intel.com, chang.seok.bae@intel.com, jannh@google.com, linux-kernel@vger.kernel.org, dave.hansen@intel.com, linux-api@vger.kernel.org, Dave.Martin@arm.com Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" During signal entry, the kernel pushes data onto the normal userspace stack. On x86, the data pushed onto the user stack includes XSAVE state, which has grown over time as new features and larger registers have been added to the architecture. MINSIGSTKSZ is a constant provided in the kernel signal.h headers and typically distributed in lib-dev(el) packages, e.g. [1]. Its value is compiled into programs and is part of the user/kernel ABI. The MINSIGSTKSZ constant indicates to userspace how much data the kernel expects to push on the user stack, [2][3]. However, this constant is much too small and does not reflect recent additions to the architecture. For instance, when AVX-512 states are in use, the signal frame size can be 3.5KB while MINSIGSTKSZ remains 2KB. The bug report [4] explains this as an ABI issue. The small MINSIGSTKSZ can cause user stack overflow when delivering a signal. In this series, we suggest a couple of things: 1. Provide a variable minimum stack size to userspace, as a similar approach to [5] 2. Avoid using a too-small alternate stack Changes from v3 [8]: * Updated the changelog (Borislav Petkov) * Revised the test messages again (Borislav Petkov) Changes from v2 [7]: * Simplified the sigaltstack overflow prevention (Jann Horn) * Renamed fpstate size helper with cleanup (Borislav Petkov) * Cleaned up the signframe struct size defines (Borislav Petkov) * Revised the selftest messages (Borislav Petkov) * Revised a changelog (Borislav Petkov) Changes from v1 [6]: * Took stack alignment into account for sigframe size (Dave Martin) [1]: https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/bits/sigstack.h;h=b9dca794da093dc4d41d39db9851d444e1b54d9b;hb=HEAD [2]: https://www.gnu.org/software/libc/manual/html_node/Signal-Stack.html [3]: https://man7.org/linux/man-pages/man2/sigaltstack.2.html [4]: https://bugzilla.kernel.org/show_bug.cgi?id=153531 [5]: https://blog.linuxplumbersconf.org/2017/ocw/system/presentations/4671/original/plumbers-dm-2017.pdf [6]: https://lore.kernel.org/lkml/20200929205746.6763-1-chang.seok.bae@intel.com/ [7]: https://lore.kernel.org/lkml/20201119190237.626-1-chang.seok.bae@intel.com/ [8]: https://lore.kernel.org/lkml/20201223015312.4882-1-chang.seok.bae@intel.com/ Chang S. Bae (4): x86/signal: Introduce helpers to get the maximum signal frame size x86/elf: Support a new ELF aux vector AT_MINSIGSTKSZ x86/signal: Detect and prevent an alternate signal stack overflow selftest/x86/signal: Include test cases for validating sigaltstack arch/x86/include/asm/elf.h | 4 + arch/x86/include/asm/fpu/signal.h | 2 + arch/x86/include/asm/sigframe.h | 2 + arch/x86/include/uapi/asm/auxvec.h | 6 +- arch/x86/kernel/cpu/common.c | 3 + arch/x86/kernel/fpu/signal.c | 19 ++++ arch/x86/kernel/signal.c | 69 +++++++++++- tools/testing/selftests/x86/Makefile | 2 +- tools/testing/selftests/x86/sigaltstack.c | 128 ++++++++++++++++++++++ 9 files changed, 228 insertions(+), 7 deletions(-) create mode 100644 tools/testing/selftests/x86/sigaltstack.c