signal: Unify and correct copy_siginfo_from_user32

The function copy_siginfo_from_user32 is used for two things, in ptrace
since the dawn of siginfo for arbirarily modifying a signal that
user space sees, and in sigqueueinfo to send a signal with arbirary
siginfo data.

Create a single copy of copy_siginfo_from_user32 that all architectures
share, and teach it to handle all of the cases in the siginfo union.

In the generic version of copy_siginfo_from_user32 ensure that all
of the fields in siginfo are initialized so that the siginfo structure
can be safely copied to userspace if necessary.

When copying the embedded sigval union copy the si_int member.  That
ensures the 32bit values passes through the kernel unchanged.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman 2017-07-31 17:15:31 -05:00
parent 56b81456f4
commit 212a36a17e
11 changed files with 82 additions and 178 deletions

View File

@ -195,16 +195,6 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
return err;
}
int copy_siginfo_from_user32(siginfo_t *to, compat_siginfo_t __user *from)
{
if (copy_from_user(to, from, __ARCH_SI_PREAMBLE_SIZE) ||
copy_from_user(to->_sifields._pad,
from->_sifields._pad, SI_PAD_SIZE))
return -EFAULT;
return 0;
}
/*
* VFP save/restore code.
*

View File

@ -133,13 +133,3 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
}
return err;
}
int copy_siginfo_from_user32(siginfo_t *to, compat_siginfo_t __user *from)
{
if (copy_from_user(to, from, 3*sizeof(int)) ||
copy_from_user(to->_sifields._pad,
from->_sifields._pad, SI_PAD_SIZE32))
return -EFAULT;
return 0;
}

View File

@ -261,50 +261,6 @@ setup_sigcontext32(struct compat_sigcontext __user *sc, struct compat_regfile __
return err;
}
int
copy_siginfo_from_user32 (siginfo_t *to, compat_siginfo_t __user *from)
{
compat_uptr_t addr;
int err;
if (!access_ok(VERIFY_READ, from, sizeof(compat_siginfo_t)))
return -EFAULT;
err = __get_user(to->si_signo, &from->si_signo);
err |= __get_user(to->si_errno, &from->si_errno);
err |= __get_user(to->si_code, &from->si_code);
if (to->si_code < 0)
err |= __copy_from_user(&to->_sifields._pad, &from->_sifields._pad, SI_PAD_SIZE);
else {
switch (siginfo_layout(to->si_signo, to->si_code)) {
case SIL_CHLD:
err |= __get_user(to->si_utime, &from->si_utime);
err |= __get_user(to->si_stime, &from->si_stime);
err |= __get_user(to->si_status, &from->si_status);
default:
case SIL_KILL:
err |= __get_user(to->si_pid, &from->si_pid);
err |= __get_user(to->si_uid, &from->si_uid);
break;
case SIL_FAULT:
err |= __get_user(addr, &from->si_addr);
to->si_addr = compat_ptr(addr);
break;
case SIL_POLL:
err |= __get_user(to->si_band, &from->si_band);
err |= __get_user(to->si_fd, &from->si_fd);
break;
case SIL_RT:
err |= __get_user(to->si_pid, &from->si_pid);
err |= __get_user(to->si_uid, &from->si_uid);
err |= __get_user(to->si_int, &from->si_int);
break;
}
}
return err;
}
int
copy_siginfo_to_user32 (compat_siginfo_t __user *to, const siginfo_t *from)
{

View File

@ -35,7 +35,6 @@ struct compat_ucontext {
/* ELF32 signal handling */
int copy_siginfo_to_user32 (compat_siginfo_t __user *to, const siginfo_t *from);
int copy_siginfo_from_user32 (siginfo_t *to, compat_siginfo_t __user *from);
/* In a deft move of uber-hackery, we decide to carry the top half of all
* 64-bit registers in a non-portable, non-ABI, hidden structure.

View File

@ -933,15 +933,6 @@ int copy_siginfo_to_user32(struct compat_siginfo __user *d, const siginfo_t *s)
#define copy_siginfo_to_user copy_siginfo_to_user32
int copy_siginfo_from_user32(siginfo_t *to, struct compat_siginfo __user *from)
{
if (copy_from_user(to, from, 3*sizeof(int)) ||
copy_from_user(to->_sifields._pad,
from->_sifields._pad, SI_PAD_SIZE32))
return -EFAULT;
return 0;
}
#endif /* CONFIG_PPC64 */
/*

View File

@ -102,54 +102,6 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
return err ? -EFAULT : 0;
}
int copy_siginfo_from_user32(siginfo_t *to, compat_siginfo_t __user *from)
{
int err;
u32 tmp;
err = __get_user(to->si_signo, &from->si_signo);
err |= __get_user(to->si_errno, &from->si_errno);
err |= __get_user(to->si_code, &from->si_code);
if (to->si_code < 0)
err |= __copy_from_user(&to->_sifields._pad, &from->_sifields._pad, SI_PAD_SIZE);
else {
switch (siginfo_layout(to->si_signo, to->si_code)) {
case SIL_RT:
err |= __get_user(to->si_int, &from->si_int);
/* fallthrough */
case SIL_KILL:
err |= __get_user(to->si_pid, &from->si_pid);
err |= __get_user(to->si_uid, &from->si_uid);
break;
case SIL_CHLD:
err |= __get_user(to->si_pid, &from->si_pid);
err |= __get_user(to->si_uid, &from->si_uid);
err |= __get_user(to->si_utime, &from->si_utime);
err |= __get_user(to->si_stime, &from->si_stime);
err |= __get_user(to->si_status, &from->si_status);
break;
case SIL_FAULT:
err |= __get_user(tmp, &from->si_addr);
to->si_addr = (void __force __user *)
(u64) (tmp & PSW32_ADDR_INSN);
break;
case SIL_POLL:
err |= __get_user(to->si_band, &from->si_band);
err |= __get_user(to->si_fd, &from->si_fd);
break;
case SIL_TIMER:
err |= __get_user(to->si_tid, &from->si_tid);
err |= __get_user(to->si_overrun, &from->si_overrun);
err |= __get_user(to->si_int, &from->si_int);
break;
default:
break;
}
}
return err ? -EFAULT : 0;
}
/* Store registers needed to create the signal frame */
static void store_sigregs(void)
{

View File

@ -123,22 +123,6 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
return err;
}
/* CAUTION: This is just a very minimalist implementation for the
* sake of compat_sys_rt_sigqueueinfo()
*/
int copy_siginfo_from_user32(siginfo_t *to, compat_siginfo_t __user *from)
{
if (!access_ok(VERIFY_WRITE, from, sizeof(compat_siginfo_t)))
return -EFAULT;
if (copy_from_user(to, from, 3*sizeof(int)) ||
copy_from_user(to->_sifields._pad, from->_sifields._pad,
SI_PAD_SIZE))
return -EFAULT;
return 0;
}
/* Checks if the fp is valid. We always build signal frames which are
* 16-byte aligned, therefore we can always enforce that the restore
* frame has that property as well.

View File

@ -105,24 +105,6 @@ int copy_siginfo_to_user32(struct compat_siginfo __user *to, const siginfo_t *fr
return err;
}
int copy_siginfo_from_user32(siginfo_t *to, struct compat_siginfo __user *from)
{
int err;
if (!access_ok(VERIFY_READ, from, sizeof(struct compat_siginfo)))
return -EFAULT;
err = __get_user(to->si_signo, &from->si_signo);
err |= __get_user(to->si_errno, &from->si_errno);
err |= __get_user(to->si_code, &from->si_code);
err |= __get_user(to->si_pid, &from->si_pid);
err |= __get_user(to->si_uid, &from->si_uid);
err |= __get_user(to->si_int, &from->si_int);
return err;
}
/* The assembly shim for this function arranges to ignore the return value. */
long compat_sys_rt_sigreturn(void)
{

View File

@ -207,24 +207,3 @@ int copy_siginfo_to_user32(compat_siginfo_t __user *to, const siginfo_t *from)
return __copy_siginfo_to_user32(to, from, in_x32_syscall());
}
int copy_siginfo_from_user32(siginfo_t *to, compat_siginfo_t __user *from)
{
int err = 0;
u32 ptr32;
if (!access_ok(VERIFY_READ, from, sizeof(compat_siginfo_t)))
return -EFAULT;
get_user_try {
get_user_ex(to->si_signo, &from->si_signo);
get_user_ex(to->si_errno, &from->si_errno);
get_user_ex(to->si_code, &from->si_code);
get_user_ex(to->si_pid, &from->si_pid);
get_user_ex(to->si_uid, &from->si_uid);
get_user_ex(ptr32, &from->si_ptr);
to->si_ptr = compat_ptr(ptr32);
} get_user_catch(err);
return err;
}

View File

@ -510,7 +510,7 @@ long compat_get_bitmap(unsigned long *mask, const compat_ulong_t __user *umask,
unsigned long bitmap_size);
long compat_put_bitmap(compat_ulong_t __user *umask, unsigned long *mask,
unsigned long bitmap_size);
int copy_siginfo_from_user32(siginfo_t *to, struct compat_siginfo __user *from);
int copy_siginfo_from_user32(siginfo_t *to, const struct compat_siginfo __user *from);
int copy_siginfo_to_user32(struct compat_siginfo __user *to, const siginfo_t *from);
int get_compat_sigevent(struct sigevent *event,
const struct compat_sigevent __user *u_event);

View File

@ -2814,6 +2814,87 @@ int copy_siginfo_to_user(siginfo_t __user *to, const siginfo_t *from)
return err;
}
#ifdef CONFIG_COMPAT
int copy_siginfo_from_user32(struct siginfo *to,
const struct compat_siginfo __user *ufrom)
{
struct compat_siginfo from;
if (copy_from_user(&from, ufrom, sizeof(struct compat_siginfo)))
return -EFAULT;
clear_siginfo(to);
to->si_signo = from.si_signo;
to->si_errno = from.si_errno;
to->si_code = from.si_code;
switch(siginfo_layout(from.si_signo, from.si_code)) {
case SIL_KILL:
to->si_pid = from.si_pid;
to->si_uid = from.si_uid;
break;
case SIL_TIMER:
to->si_tid = from.si_tid;
to->si_overrun = from.si_overrun;
to->si_int = from.si_int;
break;
case SIL_POLL:
to->si_band = from.si_band;
to->si_fd = from.si_fd;
break;
case SIL_FAULT:
to->si_addr = compat_ptr(from.si_addr);
#ifdef __ARCH_SI_TRAPNO
to->si_trapno = from.si_trapno;
#endif
#ifdef BUS_MCEERR_AR
if ((from.si_signo == SIGBUS) && (from.si_code == BUS_MCEERR_AR))
to->si_addr_lsb = from.si_addr_lsb;
#endif
#ifdef BUS_MCEER_AO
if ((from.si_signo == SIGBUS) && (from.si_code == BUS_MCEERR_AO))
to->si_addr_lsb = from.si_addr_lsb;
#endif
#ifdef SEGV_BNDERR
if ((from.si_signo == SIGSEGV) && (from.si_code == SEGV_BNDERR)) {
to->si_lower = compat_ptr(from.si_lower);
to->si_upper = compat_ptr(from.si_upper);
}
#endif
#ifdef SEGV_PKUERR
if ((from.si_signo == SIGSEGV) && (from.si_code == SEGV_PKUERR))
to->si_pkey = from.si_pkey;
#endif
break;
case SIL_CHLD:
to->si_pid = from.si_pid;
to->si_uid = from.si_uid;
to->si_status = from.si_status;
#ifdef CONFIG_X86_X32_ABI
if (in_x32_syscall()) {
to->si_utime = from._sifields._sigchld_x32._utime;
to->si_stime = from._sifields._sigchld_x32._stime;
} else
#endif
{
to->si_utime = from.si_utime;
to->si_stime = from.si_stime;
}
break;
case SIL_RT:
to->si_pid = from.si_pid;
to->si_uid = from.si_uid;
to->si_int = from.si_int;
break;
case SIL_SYS:
to->si_call_addr = compat_ptr(from.si_call_addr);
to->si_syscall = from.si_syscall;
to->si_arch = from.si_arch;
break;
}
return 0;
}
#endif /* CONFIG_COMPAT */
/**
* do_sigtimedwait - wait for queued signals specified in @which
* @which: queued signals to wait for