From patchwork Sat Apr 28 14:07:02 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: "Eric W. Biederman" <ebiederm@xmission.com>
X-Patchwork-Id: 906145
Return-Path: 
 <linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none)
	header.from=xmission.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="N/6Pifez";
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40YFcw26kWz9s15
	for <incoming@patchwork.ozlabs.org>;
	Sun, 29 Apr 2018 01:50:24 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References:
	In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description:
	Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
	List-Owner; bh=nCTwNd/s1Nem1JlZd/NqQY49oub5pxLRgfXGBx4HBhY=;
	b=N/6Pifezr2YgoY
	Pz/QwsRsek7SI8kmyMB+2dDHfLib0ZF155CQg6P7sCubzL6vJDdjAttnD2LRXrgCN0BSfz4f773Ua
	FBKVGG33lfaEikd8b1+/paX1yvV3vITDjZT+oxVtp095uq/vnfi4TcCIG4gcKfouDfGf5lkFd5Tle
	1N22Pw3rzb9xLNa6f4Gek/100N8vt3aDt6C/zmZ7DE9shxfxVyrV5qsH52eAc7x3Rrb9ielfWPfbt
	ERXpIzdn05hKsiOJPaD8fKmBNRuC/NNr2JOVMTIhuwHf6DJW8mwUmOLTfDIYgXxbkvs1ds79eHip6
	v1sCtrTNaAYlFMavUynQ==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux))
	id 1fCS7A-0007zF-RK; Sat, 28 Apr 2018 15:50:20 +0000
Received: from out02.mta.xmission.com ([166.70.13.232])
	by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat
	Linux)) id 1fCQVz-0006uC-4G
	for linux-um@lists.infradead.org; Sat, 28 Apr 2018 14:07:52 +0000
Received: from in02.mta.xmission.com ([166.70.13.52])
	by out02.mta.xmission.com with esmtps
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87)
	(envelope-from <ebiederm@xmission.com>)
	id 1fCQVo-0005DP-7i; Sat, 28 Apr 2018 08:07:40 -0600
Received: from [68.116.237.29] (helo=x220.home)
	by in02.mta.xmission.com with esmtpsa
	(TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87)
	(envelope-from <ebiederm@xmission.com>)
	id 1fCQVn-0002Sz-84; Sat, 28 Apr 2018 08:07:40 -0600
From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Linux-Arch <linux-arch@vger.kernel.org>
Date: Sat, 28 Apr 2018 09:07:02 -0500
Message-Id: <20180428140702.3925-5-ebiederm@xmission.com>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <87zi1nctut.fsf_-_@xmission.com>
References: <87zi1nctut.fsf_-_@xmission.com>
MIME-Version: 1.0
X-XM-SPF: eid=1fCQVn-0002Sz-84; ; ;
	mid=<20180428140702.3925-5-ebiederm@xmission.com>; ; ;
	hst=in02.mta.xmission.com; ; ; ip=68.116.237.29; ; ;
	frm=ebiederm@xmission.com; ; ; spf=neutral
X-XM-AID: U2FsdGVkX1/SzuVNlbNfwhR5lO9Sxh1bpqBwywF3Ye0=
X-SA-Exim-Connect-IP: 68.116.237.29
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa04.xmission.com
X-Spam-Level: ****
X-Spam-Status: No, score=4.0 required=8.0 tests=ALL_TRUSTED,BAYES_50,
	DCC_CHECK_NEGATIVE, TR_Symld_Words, T_TM2_M_HEADER_IN_MSG,
	T_TooManySym_01, T_TooManySym_02, XMNoVowels, XMSubLong,
	XM_Body_Dirty_Words autolearn=disabled version=3.4.1
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
	*  1.5 XMNoVowels Alpha-numberic number with no vowels
	*  1.5 TR_Symld_Words too many words that have symbols inside
	*  0.7 XMSubLong Long Subject
	*  0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available.
	*  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
	*      [score: 0.5000]
	* -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
	*      [sa04 1397; Body=1 Fuz1=1 Fuz2=1]
	*  0.0 T_TooManySym_01 4+ unique symbols in subject
	*  0.5 XM_Body_Dirty_Words Contains a dirty word
	*  0.0 T_TooManySym_02 5+ unique symbols in subject
X-Spam-DCC: XMission; sa04 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: ****;Linux-Arch <linux-arch@vger.kernel.org>
X-Spam-Relay-Country: 
X-Spam-Timing: total 569 ms - load_scoreonly_sql: 0.05 (0.0%),
	signal_user_changed: 3.7 (0.6%), b_tie_ro: 2.5 (0.4%),
	parse: 1.80 (0.3%),
	extract_message_metadata: 35 (6.2%), get_uri_detail_list: 4.8 (0.8%),
	tests_pri_-1000: 16 (2.8%), tests_pri_-950: 1.60 (0.3%),
	tests_pri_-900: 1.26
	(0.2%), tests_pri_-400: 30 (5.3%), check_bayes: 29 (5.1%),
	b_tokenize: 10
	(1.8%), b_tok_get_all: 10 (1.7%), b_comp_prob: 2.7 (0.5%),
	b_tok_touch_all:
	4.0 (0.7%), b_finish: 0.62 (0.1%), tests_pri_0: 229 (40.2%),
	check_dkim_signature: 0.56 (0.1%), check_dkim_adsp: 3.3 (0.6%),
	tests_pri_500: 246 (43.2%), poll_dns_idle: 234 (41.1%),
	rewrite_mail: 0.00 (0.0%)
Subject: [REVIEW][PATCH 5/5] signal/um: More carefully relay signals in
	relay_signal.
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180428_070751_194055_DD1480D8 
X-CRM114-Status: GOOD (  10.98  )
X-Spam-Score: -0.7 (/)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-0.7 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
	low trust [166.70.13.232 listed in list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
X-Mailman-Approved-At: Sat, 28 Apr 2018 08:50:16 -0700
X-BeenThere: linux-um@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <linux-um.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-um>,
	<mailto:linux-um-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-um/>
List-Post: <mailto:linux-um@lists.infradead.org>
List-Help: <mailto:linux-um-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-um>,
	<mailto:linux-um-request@lists.infradead.org?subject=subscribe>
Cc: user-mode-linux-devel@lists.sourceforge.net, Richard Weinberger
	<richard.weinberger@gmail.com>, Richard Weinberger <richard@nod.at>,
	Jeff Dike <jdike@addtoit.com>, linux-um@lists.infradead.org,
	linux-kernel@vger.kernel.org, =?utf-8?q?Martin_P=C3=A4rtel?=
	<martin.partel@gmail.com>,  "Eric W. Biederman" <ebiederm@xmission.com>,
	Anton Ivanov <anton.ivanov@kot-begemot.co.uk>
Sender: "linux-um" <linux-um-bounces@lists.infradead.org>
Errors-To: linux-um-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

There is a bug in relay signal.  It assumes that when a signal is
relayed the signal never uses a signal independent si_code, such
as SI_USER, SI_KERNEL, SI_QUEUE, ... SI_SIGIO etc.  In practice
siginfo was assuming it was relaying a signal with the SIL_FAULT
layout.  As that is the common cases for the signals it supported
that is a reasonable assumption.

Further user mode linux must be very careful when relaying different
kinds of signals to prevent an information leak.  This means simply
increasing the kinds of signals that are handled in relay_signal
is non-trivial.

Therefore use siginfo_layout and force_sig_fault to simplify
the signal relaying in relay_signal.

By taking advantage of the fact that user mode linux only works
on x86 and x86_64 we can assume that si_trapno can be ignored,
and that si_errno is always zero.

For the signals SIGLL, SIGFPE, SIGSEGV, SIGBUS, and SIGTRAP the only
fault handler I know of that sets si_errno is SIGTRAP TRAP_HWBKPT on a
few oddball architectures.  Those architectures have been modified to
use force_sig_ptrace_errno_trap.

Similarly only a few architectures set __ARCH_SI_TRAPNO.

At the point uml supports those architectures again these additional
cases can be examined and supported if desired in relay_signal.

Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@kot-begemot.co.uk>
Cc: Martin Pärtel <martin.partel@gmail.com>
Cc: user-mode-linux-devel@lists.sourceforge.net
Cc: linux-um@lists.infradead.org
Fixes: d3c1cfcdb43e ("um: pass siginfo to guest process")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 arch/um/kernel/trap.c | 38 ++++++++++++++------------------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c
index d18be983814a..ec9a42c14c56 100644
--- a/arch/um/kernel/trap.c
+++ b/arch/um/kernel/trap.c
@@ -286,9 +286,7 @@ unsigned long segv(struct faultinfo fi, unsigned long ip, int is_user,
 
 void relay_signal(int sig, struct siginfo *si, struct uml_pt_regs *regs)
 {
-	struct faultinfo *fi;
-	struct siginfo clean_si;
-
+	int code, err;
 	if (!UPT_IS_USER(regs)) {
 		if (sig == SIGBUS)
 			printk(KERN_ERR "Bus error - the host /dev/shm or /tmp "
@@ -298,29 +296,21 @@ void relay_signal(int sig, struct siginfo *si, struct uml_pt_regs *regs)
 
 	arch_examine_signal(sig, regs);
 
-	clear_siginfo(&clean_si);
-	clean_si.si_signo = si->si_signo;
-	clean_si.si_errno = si->si_errno;
-	clean_si.si_code = si->si_code;
-	switch (sig) {
-	case SIGILL:
-	case SIGFPE:
-	case SIGSEGV:
-	case SIGBUS:
-	case SIGTRAP:
-		fi = UPT_FAULTINFO(regs);
-		clean_si.si_addr = (void __user *) FAULT_ADDRESS(*fi);
+	/* Is the signal layout for the signal known?
+	 * Signal data must be scrubbed to prevent information leaks.
+	 */
+	code = si->si_code;
+	err = si->si_errno;
+	if ((err == 0) && (siginfo_layout(sig, code) == SIL_FAULT)) {
+		struct faultinfo *fi = UPT_FAULTINFO(regs);
 		current->thread.arch.faultinfo = *fi;
-#ifdef __ARCH_SI_TRAPNO
-		clean_si.si_trapno = si->si_trapno;
-#endif
-		break;
-	default:
-		printk(KERN_ERR "Attempted to relay unknown signal %d (si_code = %d)\n",
-			sig, si->si_code);
+		force_sig_fault(sig, code, (void __user *)FAULT_ADDRESS(*fi),
+				current);
+	} else {
+		printk(KERN_ERR "Attempted to relay unknown signal %d (si_code = %d) with errno %d\n",
+		       sig, code, err);
+		force_sig(sig, current);
 	}
-
-	force_sig_info(sig, &clean_si, current);
 }
 
 void bus_handler(int sig, struct siginfo *si, struct uml_pt_regs *regs)