From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 229B8C3DA64 for ; Tue, 6 Aug 2024 14:19:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6A6F26B0083; Tue, 6 Aug 2024 10:19:05 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 656EC6B0085; Tue, 6 Aug 2024 10:19:05 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5453F6B008C; Tue, 6 Aug 2024 10:19:05 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 35FB86B0083 for ; Tue, 6 Aug 2024 10:19:05 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id D9CEE80179 for ; Tue, 6 Aug 2024 14:19:04 +0000 (UTC) X-FDA: 82422027408.25.EF9615A Received: from smtpout.efficios.com (smtpout.efficios.com [167.114.26.122]) by imf06.hostedemail.com (Postfix) with ESMTP id D86A318001B for ; Tue, 6 Aug 2024 14:19:02 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=efficios.com header.s=smtpout1 header.b=ebdGmdbB; dmarc=pass (policy=none) header.from=efficios.com; spf=pass (imf06.hostedemail.com: domain of mathieu.desnoyers@efficios.com designates 167.114.26.122 as permitted sender) smtp.mailfrom=mathieu.desnoyers@efficios.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722953873; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yrwtTFbqwcGZRmY5aWNWiZTOkKX+XD44+bGlTdPy46M=; b=FewKeu72LoUqIw5OXDAg1AUbqqiVLqv4jDjso7bVNOFEZ5YJXbbsHjcrpyGGr/y2EyHffc 2pOnM7ZFnDqmM9UhR7kdAxaQBCvSXCUF3ChwawHiEHXvXQ9WWe0gRV1livMcILMuM1lXOL zFihYcp2Ed5zwpGGzUrwmhjCL87AEqU= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722953873; a=rsa-sha256; cv=none; b=bgUMqHRS0bUx7aBaGe3clCjHfcpXoChqOOFC1yw3gNR3PNyEyEluisy3cpD8SYLCNaQgdf /oyn03DpczzJgrVA+6mNT8ZFS2DOc3PAVk5uYh1efoiwHKe8CqFGtMnyeMZlM0N2YIMhbG 2G5HpGzviunlTIpHLbt3GCcdUD2FAgs= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=efficios.com header.s=smtpout1 header.b=ebdGmdbB; dmarc=pass (policy=none) header.from=efficios.com; spf=pass (imf06.hostedemail.com: domain of mathieu.desnoyers@efficios.com designates 167.114.26.122 as permitted sender) smtp.mailfrom=mathieu.desnoyers@efficios.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=efficios.com; s=smtpout1; t=1722953941; bh=OLlV4kSR07kViA6wYipScsY3O8OsCoan2oV+qxcl1Aw=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=ebdGmdbBSnN94e4Bi03LDyxRfiT12DE8SzkUaOdwyQW4bGTag6f2EZvQV48xjLCSj Ou7boiUkWZ032GzkSOjezxMTc+zj6I0wRs4eH8qCQHkxglpXGuU93oCS65JPUChxHZ QXcWfDWdY/ahi8p10r1amb3NhA5ZrhF0YPlgkoCYC+6skxd9MBZwd+gsM4b6yltbV+ NH0Ox510OD32IuBR0a5jtk+g9KlSEQRqTUzK/njU3x6EwOuJGf2PlFfyxiAOwyn1LD iRatzhA+SmhI3aJchDaQAB4agjyHUw3pqzU5BUHma26E5I3LNEZaxY1DsuP17LYCAm WNcijLxZfFXBw== Received: from [172.16.0.134] (192-222-143-198.qc.cable.ebox.net [192.222.143.198]) by smtpout.efficios.com (Postfix) with ESMTPSA id 4Wdb5d45mXz1FZ7; Tue, 6 Aug 2024 10:19:01 -0400 (EDT) Message-ID: <0679fdba-1516-47e6-bd98-ec1ab4fe8a5c@efficios.com> Date: Tue, 6 Aug 2024 10:19:03 -0400 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [RESEND][PATCH 3/3] rseq: Ensure SIGBUS delivered on memory failure To: Peter Zijlstra , Kees Cook Cc: Andrew Zaborowski , linux-edac@vger.kernel.org, linux-mm@kvack.org, Tony Luck , Eric Biederman , Borislav Petkov , "Paul E. McKenney" , Boqun Feng , oleg@redhat.com References: <20240723144752.1478226-1-andrew.zaborowski@intel.com> <20240723144752.1478226-3-andrew.zaborowski@intel.com> <202408052136.119CD53B@keescook> <20240806075146.GQ39708@noisy.programming.kicks-ass.net> From: Mathieu Desnoyers Content-Language: en-US In-Reply-To: <20240806075146.GQ39708@noisy.programming.kicks-ass.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: D86A318001B X-Stat-Signature: yisx465w1obkbicow9baac8xic76xfr9 X-Rspam-User: X-HE-Tag: 1722953942-987574 X-HE-Meta: U2FsdGVkX1+pgWcP/jTPDGc9FcY8fP8M81Bh3MN7SqI55IGSHNIFYT+O2Z6UV0wZQEErGXpKMwBY2aT8ghk1F1WM6MtTHtqU3Zp1yjfk/+323TheZFSJTNgoX51BbtToXhDBqJxrsbeo7NKhGfZ2VFLwD+a6zUvTwD7dIA/9Hw7lxkLW4QXnH3feu7/u6mkZPu4S24NANoIV5Dch8eXEnFVVPFmeHSsZ8OSr+t/uMT0Qv60MunOIXEC6nGce83/WRh7ZaWJrtJx6RDOi0v3HXmhXBRuoE30yf7mYnQ5iXQ7/O1JLP+SD5JKIH4TqMhkIrdlTq9EfESKXXf6CrSaX0NMxpGBcm+v18BNi2fXSIuycmJTMKo8x71bbaL2yOb6iJtbLRQMmtamXIKBbZrgFgaEbd1FWdfYaxx5SgdRaUHYyEw6ABnJ0FgXuLRH61AucFHKrZxSxznWLkYJbgNK6WwtB23G6vtZeKtLkeBs6r97wqS3b5sybANBH+gFHNOK+BoZ7wgc1xxnGg75Wo8jMqsaF3Af4jfaO/HwMk+kbqCQIEDRSyBdZq7idgmdSXzVuOHOuAduUnB4f6EgjmbEtb3qAz4S1eO5j9pVuZbclAARsp4BLmdiy8KIQzRNQycJdk5g+PrX0PHYo3mrs9VSKUSzx1RTecHoQ2hBVRGPu8dDrJ61fuUqu9ncs3pmlGVBSf2WwpmEvyvJN3ITf8lpMYwA9MJiItoyGufhRppW8eRDPRT/yOhtU7khnWQscTeZJSw5pvvb9DdmdremQAhBTYaIznShGMG25WfXHq3z6vFl/lowwtNz1VRpRw+Lb4Ud73TiOKJ1gG8rURteQvCmGZdVb4BE5QKB5LmZQsIAeVjPjWqbp4iooNLbifdY2QZIyE/OX0m9GbFdKA7JKHiYjIMtxgz+g56S7se2Oq4uDmdtFyZ/4hNdSHg9cIjKaF9oSvazl0LvwZoL6vMncdiR IN5yByvL tU4T5wtgzlRIm4iDqIEohtPPU784b6X6k9iYjck6Gn4Gaz3oJnDbx36/l7+8d9MDa71ga/snhe0bxh6W0wRp+MV2hae7Y4O2+GOhTZDppir2erlgWhRnbKnV84TT20tVnan+s8dBgb8Ac04YcrrmkT1YgPoVL4WKgZXttgbFWSeR3FNVm8dgL13OMB/CwoiBUxA6YYznLYfaiIvsu0vmHkiYVp/94oqrhrc24kCJ6raSbZNO5owschHt6XcDmJmMAT+OSo5JtwufziFg/aCWrGJn5Qst1rOfcFGb5uUDsnrfztJ77DGSqUMuNwX2Va1YrmYb2XZLGJv38t6Qx3VJ569hgEvMIj//tOO1pYopf/fuxQeFqkha32LFzk3rs115WBozknnofahyNWwPGRLdhz5/fRXvvmAHs1JK+cRPIpwK1/VI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 2024-08-06 03:51, Peter Zijlstra wrote: > On Mon, Aug 05, 2024 at 09:37:48PM -0700, Kees Cook wrote: >> On Tue, Jul 23, 2024 at 04:47:52PM +0200, Andrew Zaborowski wrote: >>> Uncorrected memory errors for user pages are signaled to processes >>> using SIGBUS or, if the error happens in a syscall, an error retval >>> from the syscall. The SIGBUS is documented in >>> Documentation/mm/hwpoison.rst#failure-recovery-modes >>> >>> Once a user task sets t->rseq in the rseq() syscall, if the kernel >>> cannot access the memory pointed to by t->rseq->rseq_cs, that initial >>> rseq() and all future syscalls should return an error so understandably >>> the code just kills the task. >>> >>> To ensure that SIGBUS is used set the new t->kill_on_efault flag and >>> run queued task work on rseq_get_rseq_cs() errors to give memory_failure >>> the chance to run. >>> >>> Note: the rseq checks run inside resume_user_mode_work() so whenever >>> _TIF_NOTIFY_RESUME is set. They do not run on every syscall exit so >>> I'm not concerned that these extra flag operations are in a hot path, >>> except with CONFIG_DEBUG_RSEQ. >>> >>> Signed-off-by: Andrew Zaborowski >>> --- >>> kernel/rseq.c | 25 +++++++++++++++++++++---- >> >> Can an rseq maintainer please review this? I can carry it via the execve >> tree with the related patches... > > *sigh*,.. because get_maintainers just doesn't work or something? > > Anyway, I'm confused by the signal code (as always), why isn't the > task_work_run() in get_signal() sufficient? > > At some point we're going to run into trouble with sprinkling > task_work_run() around willy nilly :/ I agree with Peter: adding explicit calls to task_work_run all over the kernel does not appear to be an elegant solution. One thing I am missing is a clear motivation for adding this code: what is the real-world use-case that benefits from getting this SIGBUS rather than a SIGSEGV or -EFAULT ? Also, I feel like we should investigate turning SIGSEGV into SIGBUS at signal delivery rather than handle this here and there in the kernel code. Thoughts ? Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. https://www.efficios.com