On Wed, Aug 12, 2015 at 2:50 PM, Stas Sergeev <stsp@xxxxxxx> wrote:Unfortunately, this doesn't help.
13.08.2015 00:37, Andy Lutomirski ÐÐÑÐÑ:That feature is so specialized that I think you should just probe it.
On Wed, Aug 12, 2015 at 1:55 PM, Stas Sergeev <stsp@xxxxxxx> wrote:OK.
12.08.2015 23:47, Andy Lutomirski ÐÐÑÐÑ:I think these things shouldn't be conflated. If we can fix it
On Wed, Aug 12, 2015 at 1:45 PM, Stas Sergeev <stsp@xxxxxxx> wrote:But I mean also fs/TLS.
12.08.2015 23:28, Andy Lutomirski ÐÐÑÐÑ:I think that, with my patch, we get the best of both worlds. We keep
On Wed, Aug 12, 2015 at 1:14 PM, Stas Sergeev <stsp@xxxxxxx> wrote:Yes, but that's why I was talking about some new
12.08.2015 23:01, Andy Lutomirski ÐÐÑÐÑ:Maybe, except that doing this might break existing code (Wine and Java
On Wed, Aug 12, 2015 at 12:55 PM, Stas Sergeev <stsp@xxxxxxx> wrote:Assuming the bases are made the part of a sigcontext,
12.08.2015 22:20, Andy Lutomirski ÐÐÑÐÑ:Any of the above. What do you want the kernel to do, and how does
current kernels, it stays switched. If we change this, it won'tThere can be the following cases:
stay
switched. Even ignoring old ABI, it's not really clear to me what
the
right thing to do is.
- switch_userspace_thread() switches fs to non-zero selector
- switch_userspace_thread() switches the fs base via syscall
- switch_userspace_thread() switches fs in sigcontext
- switch_userspace_thread() switches fs_base in sigcontext (???)
What exactly case do you have in mind?
I'd say, the way x86_32 is doing things - is good, but the
bases... perhaps, in ideal world, they should be a part of
the sigcontext as well?
the
kernel know you want to do that? The kernel has to pick *some*
semantics here.
I'd say there would be no ambiguities remained at all:
whatever you change in a sigcontext, will be "applied" by
the sigreturn(). Whatever you put in the registers
(either segregs or MSRs), is valid until sigreturn(), then
forgotten forever.
The mess only comes in when some things are part of
sigcontext and some are not. But if you have _all_ things
accessable in sigcontext, then the user has a way of expressing
his needs very clearly: he'll either touch sigcontext or direct
values, depending on what he need.
Is this right?
come to mind). I'm not really sure.
flag. Maybe a new sigaction() flag? Or something else that
will allow the user to request explicitly the new handling
where the things are all switched by the kernel. Then
the old programs that don't use that flag, will remain
unaffected. I realize this may be a lot of work... But please
note that there will be no more a chance like this one,
when things are already badly broken. :)
the old behavior in cases where it would work, and we switch to the
new behavior in cases where the old behavior would result in killing
the task.
There is a chance now to fix things for good, all at once. :)
With such an ss patch applied to stable, there will be no more
such a chance ever. What's your opinion on the possibility of
fixing the TLS problem?
Also I am not sure about the sigreturn()'s detection: is it
a subject of the subsequent patch, or you dropped an idea?
transparently (i.e. if my patch works), then I think we should do
something like my patch.
I'll try to test the patch tomorrow, but I think the sigreturn()'s
capability detection is still needed to easily replace the iret trampoline
in userspace (without generating a signal and testing by hands).
Can of course be done with a run-time kernel version check...
void foo(...) {
sigcontext->ss = 7;
}
modify_ldt(initialize descriptor 0);
sigaction(SIGUSR1, foo, SA_SIGINFO);
if (ss == 7)
yay;
Fortunately, all kernels that restore ss also have espfix64, so you
don't need to worry about esp[31:16] corruption on those kernels
either.