• Eric W. Biederman's avatar
    signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved. · 1fbd60df
    Eric W. Biederman authored
    Update save_v86_state to always complete all of it's work except
    possibly some of the copies to userspace even if save_v86_state takes
    a fault.  This ensures that the kernel is always in a sane state, even
    if userspace has done something silly.
    
    When save_v86_state takes a fault update it to force userspace to take
    a SIGSEGV and terminate the userspace application.
    
    As Andy pointed out in review of the first version of this change
    there are races between sigaction and the application terinating.  Now
    that the code has been modified to always perform all save_v86_state's
    work (except possibly copying to userspace) those races do not matter
    from a kernel perspective.
    
    Forcing the userspace application to terminate (by resetting it's
    handler to SIGDFL) is there to keep everything as close to the current
    behavior as possible while removing the unique (and difficult to
    maintain) use of do_exit.
    
    If this new SIGSEGV happens during handle_signal the next time around
    the exit_to_user_mode_loop, SIGSEGV will be delivered to userspace.
    
    All of the callers of handle_vm86_trap and handle_vm86_fault run the
    exit_to_user_mode_loop before they return to userspace any signal sent
    to the current task during their execution will be delivered to the
    current task before that tasks exits to usermode.
    
    Cc: Andy Lutomirski <luto@kernel.org>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@redhat.com>
    Cc: Borislav Petkov <bp@alien8.de>
    Cc: x86@kernel.org
    Cc: H Peter Anvin <hpa@zytor.com>
    v1: https://lkml.kernel.org/r/20211020174406.17889-10-ebiederm@xmission.com
    Link: https://lkml.kernel.org/r/877de1xcr6.fsf_-_@disp2133Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
    1fbd60df
vm86_32.c 22 KB