From patchwork Tue Jul 23 14:47:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrew Zaborowski X-Patchwork-Id: 13740154 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1848C3DA70 for ; Tue, 23 Jul 2024 14:48:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 26FCB6B00AE; Tue, 23 Jul 2024 10:48:09 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2220A6B00B1; Tue, 23 Jul 2024 10:48:09 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F3FC26B00B2; Tue, 23 Jul 2024 10:48:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id D451C6B00AE for ; Tue, 23 Jul 2024 10:48:08 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 5A7D71C054F for ; Tue, 23 Jul 2024 14:48:08 +0000 (UTC) X-FDA: 82371297456.14.73714D1 Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51]) by imf11.hostedemail.com (Postfix) with ESMTP id 7C3E040017 for ; Tue, 23 Jul 2024 14:48:06 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=none; spf=pass (imf11.hostedemail.com: domain of balrogg@gmail.com designates 209.85.208.51 as permitted sender) smtp.mailfrom=balrogg@gmail.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=intel.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1721746050; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+dSTBvmiXsKIJg1nIDwcRbXdVetMzZpCGukJXuNM8Mg=; b=8Quobsc7Y7Swd9Zzbhhszp4VMC+PD9/GJA7pxb5v3s4HIQaHfeOBntTRd0TlUJv+2sixAE F1s5w2o9dMIyU0a/nV25EIFDn5E/4P77fFbb4oNCAMFiGV2b72IuepUpY0jar6dKGqkSlD amI/uJKffuFw5BXfhdAi9Fr/dIwW3Wo= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=none; spf=pass (imf11.hostedemail.com: domain of balrogg@gmail.com designates 209.85.208.51 as permitted sender) smtp.mailfrom=balrogg@gmail.com; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=intel.com (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1721746050; a=rsa-sha256; cv=none; b=fHgzU4nq9qRBFZIhLxrZk9DeVMv50ADnfT/7UTRQVjFwFb10BkwkuhhP8q9e6p6yKgb96J EXbYnze6pyg+fJr29QpjW4v4+/UvzNvCELBdIcTP6pcosEzHpU6NDyFeoA7iI2RpH0kDB7 Bi3tC0PnCTR5qqDM6yxvAMCxDilcUPM= Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-5a20de39cfbso4983965a12.1 for ; Tue, 23 Jul 2024 07:48:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721746085; x=1722350885; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+dSTBvmiXsKIJg1nIDwcRbXdVetMzZpCGukJXuNM8Mg=; b=gA8ZNpsdYeDFmmk9/oB6zrdBJDVCaSsvfw3R90VakWi+6G7fXO/fCP8r/NvxrCWFbl jv4EMcKQy5qaNrq7AyFTUo0TzncpE1tLkcnwHIjbdu2T1NjeKb7MrLRhSABq3JOBZ1Xv 5QYG3PXprzMRWzRiMVchTSZtKYekDtZ6REMn0o5ptJ358TJOl/pWXiARGTvbo+m+uDIi TXp0ay/GHUhSdhUeR/iaGdkY/b+5xupstnSzsUkbsJcNjid7EiJAJ3F3vNsxQT5RtM47 QqK+l7paxJ1ilgNEoyB5EqqrJ5+Ybem1aS/aLJ2B8cX4WrApmv//9bHqbiul5TnK21tO 3+yQ== X-Forwarded-Encrypted: i=1; AJvYcCUZ4YUnKP8CuEpQz5eC833hushrX/QgCKGXFyoZwDn3QmFTECRup4hS+YNGtc3ExSfBhZmgN8UKxH8CmNTlBhTEu+U= X-Gm-Message-State: AOJu0Yz9IKR+esGN4dZxbrBWnEowVLCvA078GlrcR6IODYQsOTH0Azhh lesXRMjEOjSPaLRZQuwLW4TqwjwPhquCngncWZIcHDjD0FgOI3zp X-Google-Smtp-Source: AGHT+IFsLZAKyynJoDJ+VTBxNc87Aq7bXNUhQFN3SUw3iTssqlxbS/Hb3ixCOgUjFnM2sQsZonSapg== X-Received: by 2002:a05:6402:3584:b0:59c:31fd:266b with SMTP id 4fb4d7f45d1cf-5a3f08931a3mr9333027a12.28.1721746084919; Tue, 23 Jul 2024 07:48:04 -0700 (PDT) Received: from localhost.localdomain ([2a01:110f:4a11:8500:e7a:15ff:fe95:b9d8]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5a30c7d36f3sm7555071a12.91.2024.07.23.07.48.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jul 2024 07:48:04 -0700 (PDT) From: Andrew Zaborowski To: linux-edac@vger.kernel.org, linux-mm@kvack.org Cc: Kees Cook , Tony Luck , Eric Biederman , Borislav Petkov Subject: [RESEND][PATCH 3/3] rseq: Ensure SIGBUS delivered on memory failure Date: Tue, 23 Jul 2024 16:47:52 +0200 Message-ID: <20240723144752.1478226-3-andrew.zaborowski@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240723144752.1478226-1-andrew.zaborowski@intel.com> References: <20240723144752.1478226-1-andrew.zaborowski@intel.com> MIME-Version: 1.0 X-Stat-Signature: yckkx8eakjxiq5kuwmaeq5miepe9wygq X-Rspam-User: X-Rspamd-Queue-Id: 7C3E040017 X-Rspamd-Server: rspam02 X-HE-Tag: 1721746086-284220 X-HE-Meta: U2FsdGVkX1/kVv/48giOruucruyH0C2FNaA6mSoYRdpZgwLGhNjLH4RKciMmx4CfegZ2iNof5Y2jR5UNWSX/wAAzvd5jEe+71xUKnPUC5uukuShO1GfurxZ/86T8yyBtCYqluNNNX91Y5Z6QxdjMTJhh7pO92QCBH6IPznZUMJ/XkvDFQr8m9lg+wyiViFgtN4UvUy1D4//i0Wl05SkWpPVfEpJ8eJ6taNZtiMPc9CyIkxgmFohJxfgDn+0SIG2Cyhr6nO1W5jf1DjXuwvzDKk7v7/LcyXpN50vkOlPUuwqw+71escrETYwpYk+mZaDkwA9OLcVZm2llet52Nb7ZPgCiSt/zj8AV+JNM0vAvZ19kBOBGvhz/U6IsShGr1gVEOCMGy3W/FmnNzmjUoGG3cAWa+curZnheVHiN2LrmTv25Ib0OHTKkcIPRKijv8t1n353vdSixwNxsqF3j0VUTiaZdMdptf/mNfkJgP3Pc+kFH1OiD926PwuOYoiQ0AcnA9PSOHMhlxjqNP9L6EDQLlf1ZKcbKlt4czCE8B0R/KTc75+r6gIA5M3O+3u946gDibhgBHQ01w/GH4vX8nYaPumU/iCN0UXIReylU4lzxU0i0hYuf3T4f74W0xuovJsiHmJsvXWnUeZJmSFEH0PKGpndKYSc6mGT7G8Y2S+MqUkoxttlbGV6quRO6aHgg1LxTT1tmXHBnfl4FX/UduhpiV2P0SeWT9quw6YQDq6I5XKckLnjKVqXoLky+wMWSE5pCS+QC1YJX3lPMadvxcpMcRBpfHL51lyrBqgJfZ958dZmWDnY35fEj7wgwtKk6zWWmjmYR11uL7bYQ7tQtefzLx7H4GjGw2LrrWoCiAlrCJlq8cUcpswJAhLHAzVPz/gGXgXFP9FG0+ePi3FfmTdd0sYO7Ti0tnRVGe6yz4+gaMUVBSBaQcMVDZb0aIHwZOy5PFBh1dU4GIR4CxzoYjAN KgMi1KzL dvOYCXe7aMfM0xwOwRTflT9VkMiK595w2b8gwDtN3pO52+sQNQuE1q/jechiisDe7Sg/8l/2B7C/cLJjDBbXs2ohmwXlQ76DXQPR5r6x/nSYAc7S/DJMz3M9lRFkE3PeK0gZVA46I7y9bAG/ImWQbpS/CQLW7zy/WZ3KcYnyRC3owOsIatEp1J/7n/bACPedcH/vqvDbwlqR5ldMpQE40s0+zPCPoZxrmNAF3lBd91tqbViPhp32/NwztWmRIm7x2UQU+HI8A0PhDbdw26LaQu78+1eF4paiETTpDl9uy0/t9OncI4zU/IstA3pDsKNAJbz1vkAGU23kuNynf8aIIOIUi0dfMarDaUni+sRlEWnVRnaiCDZTVx5I3bO0Ub/Xb6RzKrQIc5B4DNFbHWAsdQv/0cA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Uncorrected memory errors for user pages are signaled to processes using SIGBUS or, if the error happens in a syscall, an error retval from the syscall. The SIGBUS is documented in Documentation/mm/hwpoison.rst#failure-recovery-modes Once a user task sets t->rseq in the rseq() syscall, if the kernel cannot access the memory pointed to by t->rseq->rseq_cs, that initial rseq() and all future syscalls should return an error so understandably the code just kills the task. To ensure that SIGBUS is used set the new t->kill_on_efault flag and run queued task work on rseq_get_rseq_cs() errors to give memory_failure the chance to run. Note: the rseq checks run inside resume_user_mode_work() so whenever _TIF_NOTIFY_RESUME is set. They do not run on every syscall exit so I'm not concerned that these extra flag operations are in a hot path, except with CONFIG_DEBUG_RSEQ. Signed-off-by: Andrew Zaborowski --- kernel/rseq.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/kernel/rseq.c b/kernel/rseq.c index 9de6e35fe..c5809cd13 100644 --- a/kernel/rseq.c +++ b/kernel/rseq.c @@ -13,6 +13,7 @@ #include #include #include +#include #include #define CREATE_TRACE_POINTS @@ -320,6 +321,8 @@ void __rseq_handle_notify_resume(struct ksignal *ksig, struct pt_regs *regs) if (unlikely(t->flags & PF_EXITING)) return; + t->kill_on_efault = true; + /* * regs is NULL if and only if the caller is in a syscall path. Skip * fixup and leave rseq_cs as is so that rseq_sycall() will detect and @@ -330,13 +333,18 @@ void __rseq_handle_notify_resume(struct ksignal *ksig, struct pt_regs *regs) if (unlikely(ret < 0)) goto error; } - if (unlikely(rseq_update_cpu_node_id(t))) - goto error; - return; + if (likely(!rseq_update_cpu_node_id(t))) + goto out; error: + /* Allow task work to override signr */ + task_work_run(); + sig = ksig ? ksig->sig : 0; force_sigsegv(sig); + +out: + t->kill_on_efault = false; } #ifdef CONFIG_DEBUG_RSEQ @@ -353,8 +361,17 @@ void rseq_syscall(struct pt_regs *regs) if (!t->rseq) return; - if (rseq_get_rseq_cs(t, &rseq_cs) || in_rseq_cs(ip, &rseq_cs)) + + t->kill_on_efault = true; + + if (rseq_get_rseq_cs(t, &rseq_cs) || in_rseq_cs(ip, &rseq_cs)) { + /* Allow task work to override signr */ + task_work_run(); + force_sig(SIGSEGV); + } + + t->kill_on_efault = false; } #endif