Re: signal delivery, was Re: reliable reproducer

To: Michael Schmitz <schmitzmic@gmail.com>
Cc: Finn Thain <fthain@linux-m68k.org>, Andreas Schwab <schwab@linux-m68k.org>, debian-68k@lists.debian.org, linux-m68k@lists.linux-m68k.org
Subject: Re: signal delivery, was Re: reliable reproducer
From: Brad Boyer <flar@allandria.com>
Date: Wed, 26 Apr 2023 14:48:35 -0700
Message-id: <[🔎] 20230426214835.GA3547@allandria.com>
In-reply-to: <[🔎] 51b8464a-bb05-144b-949f-b92720b1227c@gmail.com>
References: <a5d70bac-bd00-7131-9ca0-18976f539adf@linux-m68k.org> <b150c146-cade-bcd3-9c34-d99284dcd153@gmail.com> <c3d2d874-e366-1d3b-71b0-7a089d40308a@linux-m68k.org> <[🔎] 1fcaa695-5c2d-0c76-444d-6d6be0105f6e@linux-m68k.org> <[🔎] 87y1mgryp1.fsf@igel.home> <[🔎] ff777f08-a8a5-6f16-e197-6f2ee2510e56@gmail.com> <[🔎] a72de14b-2e3a-60c3-0aba-81e36d2a68ae@linux-m68k.org> <[🔎] 63d4ef2b-ffdc-0294-30c8-aac50ee7b946@gmail.com> <[🔎] f408a661-06d5-be01-e3b5-931647cd8617@linux-m68k.org> <[🔎] 51b8464a-bb05-144b-949f-b92720b1227c@gmail.com>

On Wed, Apr 26, 2023 at 09:10:50PM +1200, Michael Schmitz wrote:
> Am 26.04.2023 um 16:42 schrieb Finn Thain:
> >If the long format frame was corrupted while on the user stack, the
> >partially completed MOVEM won't be resumed correctly. That's why I was
> >concerned about a bug in sys_sigreturn.
> 
> Yes, it turns out I hadn't read mangle_kernel_stack() carefully enough. I
> thought the exception frame had remained on the kernel stack to be restored,
> but I'd missed that it is actually being restored from the user stack copy
> to the kernel stack.

Isn't that a security hole? If we restore the exception frame from
user memory, doesn't that allow a malicious program to affect the
internal state of the CPU just by handling a signal?

	Brad Boyer
	flar@allandria.com

Reply to:

References:
- Re: signal delivery, was Re: reliable reproducer
  - From: Finn Thain <fthain@linux-m68k.org>
- Re: signal delivery, was Re: reliable reproducer
  - From: Andreas Schwab <schwab@linux-m68k.org>
- Re: signal delivery, was Re: reliable reproducer
  - From: Michael Schmitz <schmitzmic@gmail.com>
- Re: signal delivery, was Re: reliable reproducer
  - From: Finn Thain <fthain@linux-m68k.org>
- Re: signal delivery, was Re: reliable reproducer
  - From: Michael Schmitz <schmitzmic@gmail.com>
- Re: signal delivery, was Re: reliable reproducer
  - From: Finn Thain <fthain@linux-m68k.org>
- Re: signal delivery, was Re: reliable reproducer
  - From: Michael Schmitz <schmitzmic@gmail.com>

Prev by Date: Re: signal delivery, was Re: reliable reproducer
Previous by thread: Re: signal delivery, was Re: reliable reproducer
Next by thread: Re: signal delivery, was Re: reliable reproducer
Index(es):
- Date
- Thread