From: Daniel Axtens <dja@axtens•net>
To: Michael Ellerman <mpe@ellerman•id.au>, linuxppc-dev@ozlabs•org
Cc: linux-arch@vger•kernel.org, hughd@google•com,
linux-kernel@vger•kernel.org
Subject: Re: [PATCH 2/5] powerpc: Allow 4096 bytes of stack expansion for the signal frame
Date: Thu, 23 Jul 2020 23:35:36 +1000 [thread overview]
Message-ID: <87blk6tkuv.fsf@dja-thinkpad.axtens.net> (raw)
In-Reply-To: <20200703141327.1732550-2-mpe@ellerman.id.au>
Hi Michael,
Unfortunately, this patch doesn't completely solve the problem.
Trying the original reproducer, I'm still able to trigger the crash even
with this patch, although not 100% of the time. (If I turn ASLR off
outside of tmux it reliably crashes, if I turn ASLR off _inside_ of tmux
it reliably succeeds; all of this is on a serial console.)
./foo 1241000 & sleep 1; killall -USR1 foo; echo ok
If I add some debugging information, I see that I'm getting
address + 4096 = 7fffffed0fa0
gpr1 = 7fffffed1020
So address + 4096 is 0x80 bytes below the 4k window. I haven't been able
to figure out why, gdb gives me a NIP in __kernel_sigtramp_rt64 but I
don't know what to make of that.
Kind regards,
Daniel
P.S. I don't know what your policy on linking to kernel bugzilla is, but
if you want:
Link: https://bugzilla.kernel.org/show_bug.cgi?id=205183
> Reported-by: Tom Lane <tgl@sss•pgh.pa.us>
> Signed-off-by: Michael Ellerman <mpe@ellerman•id.au>
> ---
> arch/powerpc/mm/fault.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
> index 641fc5f3d7dd..ed01329dd12b 100644
> --- a/arch/powerpc/mm/fault.c
> +++ b/arch/powerpc/mm/fault.c
> @@ -274,7 +274,7 @@ static bool bad_stack_expansion(struct pt_regs *regs, unsigned long address,
> /*
> * N.B. The POWER/Open ABI allows programs to access up to
> * 288 bytes below the stack pointer.
> - * The kernel signal delivery code writes up to about 1.5kB
> + * The kernel signal delivery code writes up to 4KB
> * below the stack pointer (r1) before decrementing it.
> * The exec code can write slightly over 640kB to the stack
> * before setting the user r1. Thus we allow the stack to
> @@ -299,7 +299,7 @@ static bool bad_stack_expansion(struct pt_regs *regs, unsigned long address,
> * between the last mapped region and the stack will
> * expand the stack rather than segfaulting.
> */
> - if (address + 2048 >= uregs->gpr[1])
> + if (address + 4096 >= uregs->gpr[1])
> return false;
>
> if ((flags & FAULT_FLAG_WRITE) && (flags & FAULT_FLAG_USER) &&
> --
> 2.25.1
next prev parent reply other threads:[~2020-07-23 13:37 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-03 14:13 [PATCH 1/5] selftests/powerpc: Add test of stack expansion logic Michael Ellerman
2020-07-03 14:13 ` [PATCH 2/5] powerpc: Allow 4096 bytes of stack expansion for the signal frame Michael Ellerman
2020-07-23 13:35 ` Daniel Axtens [this message]
2020-07-24 9:20 ` Michael Ellerman
2020-07-03 14:13 ` [PATCH 3/5] selftests/powerpc: Update the stack expansion test Michael Ellerman
2020-07-05 17:52 ` Christophe Leroy
2020-07-07 6:53 ` Michael Ellerman
2020-07-03 14:13 ` [RFC PATCH 4/5] powerpc/mm: Remove custom stack expansion checking Michael Ellerman
2020-07-05 17:49 ` Christophe Leroy
2020-07-06 1:15 ` Nicholas Piggin
2020-07-07 6:53 ` Michael Ellerman
2020-07-23 14:11 ` Daniel Axtens
2020-07-03 14:13 ` [RFC PATCH 5/5] selftests/powerpc: Remove powerpc special cases from stack expansion test Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87blk6tkuv.fsf@dja-thinkpad.axtens.net \
--to=dja@axtens$(echo .)net \
--cc=hughd@google$(echo .)com \
--cc=linux-arch@vger$(echo .)kernel.org \
--cc=linux-kernel@vger$(echo .)kernel.org \
--cc=linuxppc-dev@ozlabs$(echo .)org \
--cc=mpe@ellerman$(echo .)id.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox