x86/pkeys: Restore altstack access in sigreturn()

A process can disable access to the alternate signal stack by not
enabling the altstack's PKEY in the PKRU register.

Nevertheless, the kernel updates the PKRU temporarily for signal
handling. However, in sigreturn(), restore_sigcontext() will restore the
PKRU to the user-defined PKRU value.

This will cause restore_altstack() to fail with a SIGSEGV as it needs read
access to the altstack which is prohibited by the user-defined PKRU value.

Fix this by restoring altstack before restoring PKRU.

Signed-off-by: Aruna Ramakrishna <aruna.ramakrishna@oracle.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/all/20240802061318.2140081-5-aruna.ramakrishna@oracle.com

diff --git a/arch/x86/kernel/signal_64.c b/arch/x86/kernel/signal_64.c
index 8a94053c5444659123f07e680700d9096defa4bc..ee9453891901b71d6958b135848dc9cdeff0e364 100644 (file)
--- a/arch/x86/kernel/signal_64.c
+++ b/arch/x86/kernel/signal_64.c
@@ -260,13 +260,13 @@ SYSCALL_DEFINE0(rt_sigreturn)
 
        set_current_blocked(&set);
 
-       if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
+       if (restore_altstack(&frame->uc.uc_stack))
                goto badframe;
 
-       if (restore_signal_shadow_stack())
+       if (!restore_sigcontext(regs, &frame->uc.uc_mcontext, uc_flags))
                goto badframe;
 
-       if (restore_altstack(&frame->uc.uc_stack))
+       if (restore_signal_shadow_stack())
                goto badframe;
 
        return regs->ax;