linux/arch/arm64/kernel
Dave Martin af40ff687b arm64: signal: Ensure si_code is valid for all fault signals
Currently, as reported by Eric, an invalid si_code value 0 is
passed in many signals delivered to userspace in response to faults
and other kernel errors.  Typically 0 is passed when the fault is
insufficiently diagnosable or when there does not appear to be any
sensible alternative value to choose.

This appears to violate POSIX, and is intuitively wrong for at
least two reasons arising from the fact that 0 == SI_USER:

 1) si_code is a union selector, and SI_USER (and si_code <= 0 in
    general) implies the existence of a different set of fields
    (siginfo._kill) from that which exists for a fault signal
    (siginfo._sigfault).  However, the code raising the signal
    typically writes only the _sigfault fields, and the _kill
    fields make no sense in this case.

    Thus when userspace sees si_code == 0 (SI_USER) it may
    legitimately inspect fields in the inactive union member _kill
    and obtain garbage as a result.

    There appears to be software in the wild relying on this,
    albeit generally only for printing diagnostic messages.

 2) Software that wants to be robust against spurious signals may
    discard signals where si_code == SI_USER (or <= 0), or may
    filter such signals based on the si_uid and si_pid fields of
    siginfo._sigkill.  In the case of fault signals, this means
    that important (and usually fatal) error conditions may be
    silently ignored.

In practice, many of the faults for which arm64 passes si_code == 0
are undiagnosable conditions such as exceptions with syndrome
values in ESR_ELx to which the architecture does not yet assign any
meaning, or conditions indicative of a bug or error in the kernel
or system and thus that are unrecoverable and should never occur in
normal operation.

The approach taken in this patch is to translate all such
undiagnosable or "impossible" synchronous fault conditions to
SIGKILL, since these are at least probably localisable to a single
process.  Some of these conditions should really result in a kernel
panic, but due to the lack of diagnostic information it is
difficult to be certain: this patch does not add any calls to
panic(), but this could change later if justified.

Although si_code will not reach userspace in the case of SIGKILL,
it is still desirable to pass a nonzero value so that the common
siginfo handling code can detect incorrect use of si_code == 0
without false positives.  In this case the si_code dependent
siginfo fields will not be correctly initialised, but since they
are not passed to userspace I deem this not to matter.

A few faults can reasonably occur in realistic userspace scenarios,
and _should_ raise a regular, handleable (but perhaps not
ignorable/blockable) signal: for these, this patch attempts to
choose a suitable standard si_code value for the raised signal in
each case instead of 0.

arm64 was the only arch to define a BUS_FIXME code, so after this
patch nobody defines it.  This patch therefore also removes the
relevant code from siginfo_layout().

Cc: James Morse <james.morse@arm.com>
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2018-03-09 13:58:36 +00:00
..
probes License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
vdso arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
.gitignore
acpi_numa.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
acpi_parking_protocol.c arm64: fix endianness annotation in acpi_parking_protocol.c 2017-06-29 11:33:15 +01:00
acpi.c More ACPI updates for v4.16-rc1 2018-02-09 09:44:25 -08:00
alternative.c arm64: alternatives: use tpidr_el2 on VHE hosts 2018-01-13 10:44:33 +00:00
arm64ksyms.c arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user 2018-02-06 22:53:40 +00:00
armv8_deprecated.c arm64: signal: Make force_signal_inject more robust 2018-03-06 18:52:22 +00:00
asm-offsets.c KVM: arm64: Handle RAS SErrors from EL2 on guest exit 2018-01-16 15:09:36 +00:00
bpi.S arm64: Kill PSCI_GET_VERSION as a variant-2 workaround 2018-02-06 22:54:18 +00:00
cacheinfo.c arm64: cacheinfo: Remove CCSIDR-based cache information probing 2017-03-20 16:16:54 +00:00
cpu_errata.c arm64/kernel: enable A53 erratum #8434319 handling at runtime 2018-03-09 13:23:09 +00:00
cpu_ops.c arm64: cpu_ops: Add missing 'const' qualifiers 2017-12-01 13:05:08 +00:00
cpu-reset.h arm64: Use __pa_symbol for kernel symbols 2017-01-12 15:05:39 +00:00
cpu-reset.S arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives 2018-02-06 22:53:27 +00:00
cpufeature.c arm64: Add support for new control bits CTR_EL0.DIC and CTR_EL0.IDC 2018-03-09 13:57:57 +00:00
cpuidle.c ARM64 / cpuidle: Use new cpuidle macro for entering retention state 2018-01-02 13:50:34 +00:00
cpuinfo.c arm64: v8.4: Support for new floating point multiplication instructions 2018-01-05 11:29:48 +00:00
crash_dump.c arm64: kdump: provide /proc/vmcore file 2017-04-05 18:31:38 +01:00
debug-monitors.c arm64: Use arm64_force_sig_info instead of force_sig_info 2018-03-06 18:52:32 +00:00
efi-entry.S arm64: Add software workaround for Falkor erratum 1041 2018-02-06 22:53:13 +00:00
efi-header.S arm64: efi: split Image code and data into separate PE/COFF sections 2017-04-04 17:50:59 +01:00
efi.c arm64: mm: Use READ_ONCE/WRITE_ONCE when accessing page tables 2018-02-16 18:13:57 +00:00
entry32.S arm64: entry32: remove pointless register assignment 2015-07-10 16:47:13 +01:00
entry-fpsimd.S arm64/sve: Low-level SVE architectural state manipulation functions 2017-11-03 15:24:14 +00:00
entry-ftrace.S arm64: Fix static use of function graph 2017-11-03 12:05:23 +00:00
entry.S 2nd set of arm64 updates for 4.16: 2018-02-08 10:44:25 -08:00
fpsimd.c arm64: signal: Ensure si_code is valid for all fault signals 2018-03-09 13:58:36 +00:00
ftrace.c arm64: ftrace: emit ftrace-mod.o contents through code 2017-12-01 13:04:59 +00:00
head.S arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives 2018-02-06 22:53:27 +00:00
hibernate-asm.S arm64: assembler: Change order of macro arguments in phys_to_ttbr 2018-02-06 22:53:21 +00:00
hibernate.c arm64: mm: Use READ_ONCE/WRITE_ONCE when accessing page tables 2018-02-16 18:13:57 +00:00
hw_breakpoint.c arm64: hw_breakpoint: Use linux/uaccess.h instead of asm/uaccess.h 2017-12-12 11:53:26 +00:00
hyp-stub.S arm64: hyp-stub: Zero x0 on successful stub handling 2017-04-09 07:49:35 -07:00
image.h arm64 updates for 4.7: 2016-05-16 17:17:24 -07:00
insn.c arm64 updates for 4.13: 2017-07-05 17:09:27 -07:00
io.c arm64: Avoid aligning normal memory pointers in __memcpy_{to,from}io 2017-10-24 16:23:07 +01:00
irq.c arm64: Add vmap_stack header file 2018-01-13 10:45:03 +00:00
jump_label.c jump_label: Rename JUMP_LABEL_{EN,DIS}ABLE to JUMP_LABEL_{JMP,NOP} 2015-08-03 11:34:12 +02:00
kaslr.c arm64/kernel: kaslr: reduce module randomization range to 4 GB 2018-03-08 13:49:26 +00:00
kgdb.c arm64/debug: Fix registers on sleeping tasks 2018-03-06 18:52:34 +00:00
kuser32.S
machine_kexec.c arm64: explicitly mask all exceptions 2017-11-02 15:55:40 +00:00
Makefile arm64: kernel: Add arch-specific SDEI entry code and CPU masking 2018-01-13 10:45:17 +00:00
module-plts.c arm64/kernel: enable A53 erratum #8434319 handling at runtime 2018-03-09 13:23:09 +00:00
module.c arm64/kernel: enable A53 erratum #8434319 handling at runtime 2018-03-09 13:23:09 +00:00
module.lds arm64: ftrace: emit ftrace-mod.o contents through code 2017-12-01 13:04:59 +00:00
paravirt.c arm64: introduce CONFIG_PARAVIRT, PARAVIRT_TIME_ACCOUNTING and pv_time_ops 2015-12-21 14:40:54 +00:00
pci.c PCI: Add a generic weak pcibios_align_resource() 2017-08-02 14:53:16 -05:00
perf_callchain.c arm64: unwind: remove sp from struct stackframe 2017-08-09 14:10:29 +01:00
perf_event.c arm64: perf: correct PMUVer probing 2018-02-20 11:34:54 +00:00
perf_regs.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
process.c arm64: __show_regs: Only resolve kernel symbols when running at EL1 2018-02-19 17:07:12 +00:00
psci.c arm64: Use __pa_symbol for kernel symbols 2017-01-12 15:05:39 +00:00
ptrace.c arm64: Use arm64_force_sig_info instead of force_sig_info 2018-03-06 18:52:32 +00:00
reloc_test_core.c arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419 2018-03-09 13:21:53 +00:00
reloc_test_syms.S arm64/kernel: don't ban ADRP to work around Cortex-A53 erratum #843419 2018-03-09 13:21:53 +00:00
relocate_kernel.S arm64: Add software workaround for Falkor erratum 1041 2018-02-06 22:53:13 +00:00
return_address.c arm64: unwind: remove sp from struct stackframe 2017-08-09 14:10:29 +01:00
sdei.c arm64: sdei: Add trampoline code for remapping the kernel 2018-01-14 18:49:50 +00:00
setup.c arm64: Move the async/fiq helpers to explicitly set process context flags 2017-11-02 15:55:41 +00:00
signal32.c arm64: signal: Call arm64_notify_segfault when failing to deliver signal 2018-03-06 18:52:25 +00:00
signal.c arm64: signal: Call arm64_notify_segfault when failing to deliver signal 2018-03-06 18:52:25 +00:00
sleep.S arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives 2018-02-06 22:53:27 +00:00
smccc-call.S firmware: qcom: scm: Fix interrupted SCM calls 2017-02-03 18:46:33 +00:00
smp_spin_table.c arm64: Use __pa_symbol for kernel symbols 2017-01-12 15:05:39 +00:00
smp.c arm64: kernel: Add arch-specific SDEI entry code and CPU masking 2018-01-13 10:45:17 +00:00
stacktrace.c arm64: fix unwind_frame() for filtered out fn for function graph tracing 2018-02-23 13:46:38 +00:00
suspend.c arm64: uaccess: Add PAN helper 2018-01-13 10:45:10 +00:00
sys32.c arm64: fix implementation of mmap2 compat syscall 2015-03-19 10:43:51 +00:00
sys_compat.c arm64: Mirror arm for unimplemented compat syscalls 2018-03-05 12:06:43 +00:00
sys.c arm64: compat: Check for AArch32 state 2016-04-20 12:22:42 +01:00
time.c arm64: fix unwind_frame() for filtered out fn for function graph tracing 2018-02-23 13:46:38 +00:00
topology.c arm64: Use of_cpu_node_to_id helper for CPU topology parsing 2018-01-02 16:43:12 +00:00
trace-events-emulation.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
traps.c arm64: Use arm64_force_sig_info instead of force_sig_info 2018-03-06 18:52:32 +00:00
vdso.c arm64/vdso: Support mremap() for vDSO 2017-08-09 12:16:28 +01:00
vmlinux.lds.S arm64: Extend early page table code to allow for larger kernels 2018-01-14 18:49:52 +00:00