1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (C) 1991, 1992 Linus Torvalds
4 * Copyright (C) 2000, 2001, 2002 Andi Kleen SuSE Labs
5 *
6 * 1997-11-28 Modified for POSIX.1b signals by Richard Henderson
7 * 2000-06-20 Pentium III FXSR, SSE support by Gareth Hughes
8 * 2000-2002 x86-64 support by Andi Kleen
9 */
10
11#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
13#include <linux/sched.h>
14#include <linux/sched/task_stack.h>
15#include <linux/mm.h>
16#include <linux/smp.h>
17#include <linux/kernel.h>
18#include <linux/kstrtox.h>
19#include <linux/errno.h>
20#include <linux/wait.h>
21#include <linux/unistd.h>
22#include <linux/stddef.h>
23#include <linux/personality.h>
24#include <linux/uaccess.h>
25#include <linux/user-return-notifier.h>
26#include <linux/uprobes.h>
27#include <linux/context_tracking.h>
28#include <linux/entry-common.h>
29#include <linux/syscalls.h>
30#include <linux/rseq.h>
31
32#include <asm/processor.h>
33#include <asm/ucontext.h>
34#include <asm/fpu/signal.h>
35#include <asm/fpu/xstate.h>
36#include <asm/vdso.h>
37#include <asm/mce.h>
38#include <asm/sighandling.h>
39#include <asm/vm86.h>
40
41#include <asm/syscall.h>
42#include <asm/sigframe.h>
43#include <asm/signal.h>
44#include <asm/shstk.h>
45
46static inline int is_ia32_compat_frame(struct ksignal *ksig)
47{
48 return IS_ENABLED(CONFIG_IA32_EMULATION) &&
49 ksig->ka.sa.sa_flags & SA_IA32_ABI;
50}
51
52static inline int is_ia32_frame(struct ksignal *ksig)
53{
54 return IS_ENABLED(CONFIG_X86_32) || is_ia32_compat_frame(ksig);
55}
56
57static inline int is_x32_frame(struct ksignal *ksig)
58{
59 return IS_ENABLED(CONFIG_X86_X32_ABI) &&
60 ksig->ka.sa.sa_flags & SA_X32_ABI;
61}
62
63/*
64 * Set up a signal frame.
65 */
66
67/* x86 ABI requires 16-byte alignment */
68#define FRAME_ALIGNMENT 16UL
69
70#define MAX_FRAME_PADDING (FRAME_ALIGNMENT - 1)
71
72/*
73 * Determine which stack to use..
74 */
75void __user *
76get_sigframe(struct ksignal *ksig, struct pt_regs *regs, size_t frame_size,
77 void __user **fpstate)
78{
79 struct k_sigaction *ka = &ksig->ka;
80 int ia32_frame = is_ia32_frame(ksig);
81 /* Default to using normal stack */
82 bool nested_altstack = on_sig_stack(sp: regs->sp);
83 bool entering_altstack = false;
84 unsigned long math_size = 0;
85 unsigned long sp = regs->sp;
86 unsigned long buf_fx = 0;
87
88 /* redzone */
89 if (!ia32_frame)
90 sp -= 128;
91
92 /* This is the X/Open sanctioned signal stack switching. */
93 if (ka->sa.sa_flags & SA_ONSTACK) {
94 /*
95 * This checks nested_altstack via sas_ss_flags(). Sensible
96 * programs use SS_AUTODISARM, which disables that check, and
97 * programs that don't use SS_AUTODISARM get compatible.
98 */
99 if (sas_ss_flags(sp) == 0) {
100 sp = current->sas_ss_sp + current->sas_ss_size;
101 entering_altstack = true;
102 }
103 } else if (ia32_frame &&
104 !nested_altstack &&
105 regs->ss != __USER_DS &&
106 !(ka->sa.sa_flags & SA_RESTORER) &&
107 ka->sa.sa_restorer) {
108 /* This is the legacy signal stack switching. */
109 sp = (unsigned long) ka->sa.sa_restorer;
110 entering_altstack = true;
111 }
112
113 sp = fpu__alloc_mathframe(sp, ia32_frame, buf_fx: &buf_fx, size: &math_size);
114 *fpstate = (void __user *)sp;
115
116 sp -= frame_size;
117
118 if (ia32_frame)
119 /*
120 * Align the stack pointer according to the i386 ABI,
121 * i.e. so that on function entry ((sp + 4) & 15) == 0.
122 */
123 sp = ((sp + 4) & -FRAME_ALIGNMENT) - 4;
124 else
125 sp = round_down(sp, FRAME_ALIGNMENT) - 8;
126
127 /*
128 * If we are on the alternate signal stack and would overflow it, don't.
129 * Return an always-bogus address instead so we will die with SIGSEGV.
130 */
131 if (unlikely((nested_altstack || entering_altstack) &&
132 !__on_sig_stack(sp))) {
133
134 if (show_unhandled_signals && printk_ratelimit())
135 pr_info("%s[%d] overflowed sigaltstack\n",
136 current->comm, task_pid_nr(current));
137
138 return (void __user *)-1L;
139 }
140
141 /* save i387 and extended state */
142 if (!copy_fpstate_to_sigframe(buf: *fpstate, fp: (void __user *)buf_fx, size: math_size))
143 return (void __user *)-1L;
144
145 return (void __user *)sp;
146}
147
148/*
149 * There are four different struct types for signal frame: sigframe_ia32,
150 * rt_sigframe_ia32, rt_sigframe_x32, and rt_sigframe. Use the worst case
151 * -- the largest size. It means the size for 64-bit apps is a bit more
152 * than needed, but this keeps the code simple.
153 */
154#if defined(CONFIG_X86_32) || defined(CONFIG_IA32_EMULATION)
155# define MAX_FRAME_SIGINFO_UCTXT_SIZE sizeof(struct sigframe_ia32)
156#else
157# define MAX_FRAME_SIGINFO_UCTXT_SIZE sizeof(struct rt_sigframe)
158#endif
159
160/*
161 * The FP state frame contains an XSAVE buffer which must be 64-byte aligned.
162 * If a signal frame starts at an unaligned address, extra space is required.
163 * This is the max alignment padding, conservatively.
164 */
165#define MAX_XSAVE_PADDING 63UL
166
167/*
168 * The frame data is composed of the following areas and laid out as:
169 *
170 * -------------------------
171 * | alignment padding |
172 * -------------------------
173 * | (f)xsave frame |
174 * -------------------------
175 * | fsave header |
176 * -------------------------
177 * | alignment padding |
178 * -------------------------
179 * | siginfo + ucontext |
180 * -------------------------
181 */
182
183/* max_frame_size tells userspace the worst case signal stack size. */
184static unsigned long __ro_after_init max_frame_size;
185static unsigned int __ro_after_init fpu_default_state_size;
186
187static int __init init_sigframe_size(void)
188{
189 fpu_default_state_size = fpu__get_fpstate_size();
190
191 max_frame_size = MAX_FRAME_SIGINFO_UCTXT_SIZE + MAX_FRAME_PADDING;
192
193 max_frame_size += fpu_default_state_size + MAX_XSAVE_PADDING;
194
195 /* Userspace expects an aligned size. */
196 max_frame_size = round_up(max_frame_size, FRAME_ALIGNMENT);
197
198 pr_info("max sigframe size: %lu\n", max_frame_size);
199 return 0;
200}
201early_initcall(init_sigframe_size);
202
203unsigned long get_sigframe_size(void)
204{
205 return max_frame_size;
206}
207
208static int
209setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
210{
211 /* Perform fixup for the pre-signal frame. */
212 rseq_signal_deliver(ksig, regs);
213
214 /* Set up the stack frame */
215 if (is_ia32_frame(ksig)) {
216 if (ksig->ka.sa.sa_flags & SA_SIGINFO)
217 return ia32_setup_rt_frame(ksig, regs);
218 else
219 return ia32_setup_frame(ksig, regs);
220 } else if (is_x32_frame(ksig)) {
221 return x32_setup_rt_frame(ksig, regs);
222 } else {
223 return x64_setup_rt_frame(ksig, regs);
224 }
225}
226
227static void
228handle_signal(struct ksignal *ksig, struct pt_regs *regs)
229{
230 bool stepping, failed;
231 struct fpu *fpu = &current->thread.fpu;
232
233 if (v8086_mode(regs))
234 save_v86_state(a: (struct kernel_vm86_regs *) regs, VM86_SIGNAL);
235
236 /* Are we from a system call? */
237 if (syscall_get_nr(current, regs) != -1) {
238 /* If so, check system call restarting.. */
239 switch (syscall_get_error(current, regs)) {
240 case -ERESTART_RESTARTBLOCK:
241 case -ERESTARTNOHAND:
242 regs->ax = -EINTR;
243 break;
244
245 case -ERESTARTSYS:
246 if (!(ksig->ka.sa.sa_flags & SA_RESTART)) {
247 regs->ax = -EINTR;
248 break;
249 }
250 fallthrough;
251 case -ERESTARTNOINTR:
252 regs->ax = regs->orig_ax;
253 regs->ip -= 2;
254 break;
255 }
256 }
257
258 /*
259 * If TF is set due to a debugger (TIF_FORCED_TF), clear TF now
260 * so that register information in the sigcontext is correct and
261 * then notify the tracer before entering the signal handler.
262 */
263 stepping = test_thread_flag(TIF_SINGLESTEP);
264 if (stepping)
265 user_disable_single_step(current);
266
267 failed = (setup_rt_frame(ksig, regs) < 0);
268 if (!failed) {
269 /*
270 * Clear the direction flag as per the ABI for function entry.
271 *
272 * Clear RF when entering the signal handler, because
273 * it might disable possible debug exception from the
274 * signal handler.
275 *
276 * Clear TF for the case when it wasn't set by debugger to
277 * avoid the recursive send_sigtrap() in SIGTRAP handler.
278 */
279 regs->flags &= ~(X86_EFLAGS_DF|X86_EFLAGS_RF|X86_EFLAGS_TF);
280 /*
281 * Ensure the signal handler starts with the new fpu state.
282 */
283 fpu__clear_user_states(fpu);
284 }
285 signal_setup_done(failed, ksig, stepping);
286}
287
288static inline unsigned long get_nr_restart_syscall(const struct pt_regs *regs)
289{
290#ifdef CONFIG_IA32_EMULATION
291 if (current->restart_block.arch_data & TS_COMPAT)
292 return __NR_ia32_restart_syscall;
293#endif
294#ifdef CONFIG_X86_X32_ABI
295 return __NR_restart_syscall | (regs->orig_ax & __X32_SYSCALL_BIT);
296#else
297 return __NR_restart_syscall;
298#endif
299}
300
301/*
302 * Note that 'init' is a special process: it doesn't get signals it doesn't
303 * want to handle. Thus you cannot kill init even with a SIGKILL even by
304 * mistake.
305 */
306void arch_do_signal_or_restart(struct pt_regs *regs)
307{
308 struct ksignal ksig;
309
310 if (get_signal(ksig: &ksig)) {
311 /* Whee! Actually deliver the signal. */
312 handle_signal(ksig: &ksig, regs);
313 return;
314 }
315
316 /* Did we come from a system call? */
317 if (syscall_get_nr(current, regs) != -1) {
318 /* Restart the system call - no handlers present */
319 switch (syscall_get_error(current, regs)) {
320 case -ERESTARTNOHAND:
321 case -ERESTARTSYS:
322 case -ERESTARTNOINTR:
323 regs->ax = regs->orig_ax;
324 regs->ip -= 2;
325 break;
326
327 case -ERESTART_RESTARTBLOCK:
328 regs->ax = get_nr_restart_syscall(regs);
329 regs->ip -= 2;
330 break;
331 }
332 }
333
334 /*
335 * If there's no signal to deliver, we just put the saved sigmask
336 * back.
337 */
338 restore_saved_sigmask();
339}
340
341void signal_fault(struct pt_regs *regs, void __user *frame, char *where)
342{
343 struct task_struct *me = current;
344
345 if (show_unhandled_signals && printk_ratelimit()) {
346 printk("%s"
347 "%s[%d] bad frame in %s frame:%p ip:%lx sp:%lx orax:%lx",
348 task_pid_nr(current) > 1 ? KERN_INFO : KERN_EMERG,
349 me->comm, me->pid, where, frame,
350 regs->ip, regs->sp, regs->orig_ax);
351 print_vma_addr(KERN_CONT " in ", rip: regs->ip);
352 pr_cont("\n");
353 }
354
355 force_sig(SIGSEGV);
356}
357
358#ifdef CONFIG_DYNAMIC_SIGFRAME
359#ifdef CONFIG_STRICT_SIGALTSTACK_SIZE
360static bool strict_sigaltstack_size __ro_after_init = true;
361#else
362static bool strict_sigaltstack_size __ro_after_init = false;
363#endif
364
365static int __init strict_sas_size(char *arg)
366{
367 return kstrtobool(s: arg, res: &strict_sigaltstack_size) == 0;
368}
369__setup("strict_sas_size", strict_sas_size);
370
371/*
372 * MINSIGSTKSZ is 2048 and can't be changed despite the fact that AVX512
373 * exceeds that size already. As such programs might never use the
374 * sigaltstack they just continued to work. While always checking against
375 * the real size would be correct, this might be considered a regression.
376 *
377 * Therefore avoid the sanity check, unless enforced by kernel
378 * configuration or command line option.
379 *
380 * When dynamic FPU features are supported, the check is also enforced when
381 * the task has permissions to use dynamic features. Tasks which have no
382 * permission are checked against the size of the non-dynamic feature set
383 * if strict checking is enabled. This avoids forcing all tasks on the
384 * system to allocate large sigaltstacks even if they are never going
385 * to use a dynamic feature. As this is serialized via sighand::siglock
386 * any permission request for a dynamic feature either happened already
387 * or will see the newly install sigaltstack size in the permission checks.
388 */
389bool sigaltstack_size_valid(size_t ss_size)
390{
391 unsigned long fsize = max_frame_size - fpu_default_state_size;
392 u64 mask;
393
394 lockdep_assert_held(&current->sighand->siglock);
395
396 if (!fpu_state_size_dynamic() && !strict_sigaltstack_size)
397 return true;
398
399 fsize += current->group_leader->thread.fpu.perm.__user_state_size;
400 if (likely(ss_size > fsize))
401 return true;
402
403 if (strict_sigaltstack_size)
404 return ss_size > fsize;
405
406 mask = current->group_leader->thread.fpu.perm.__state_perm;
407 if (mask & XFEATURE_MASK_USER_DYNAMIC)
408 return ss_size > fsize;
409
410 return true;
411}
412#endif /* CONFIG_DYNAMIC_SIGFRAME */
413

source code of linux/arch/x86/kernel/signal.c