From: Christoph Hellwig <hch@lst.de> To: Guenter Roeck <linux@roeck-us.net> Cc: Christoph Hellwig <hch@lst.de>, Nick Hu <nickhu@andestech.com>, Greentime Hu <green.hu@gmail.com>, Vincent Chen <deanbo422@gmail.com>, Paul Walmsley <paul.walmsley@sifive.com>, Palmer Dabbelt <palmer@dabbelt.com>, Andrew Morton <akpm@linux-foundation.org>, Linus Torvalds <torvalds@linux-foundation.org>, linux-riscv@lists.infradead.org, linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/6] syscalls: use uaccess_kernel in addr_limit_user_check Date: Tue, 21 Jul 2020 06:58:34 +0200 [thread overview] Message-ID: <20200721045834.GA9613@lst.de> (raw) In-Reply-To: <20200720221046.GA86726@roeck-us.net> On Mon, Jul 20, 2020 at 03:10:46PM -0700, Guenter Roeck wrote: > I had another look into the code. Right after this patch, I see > > #define uaccess_kernel() segment_eq(get_fs(), KERNEL_DS) > > Yet, this patch is: > > - if (CHECK_DATA_CORRUPTION(!segment_eq(get_fs(), USER_DS), > + if (CHECK_DATA_CORRUPTION(uaccess_kernel(), > > So there is a negation in the condition. Indeed, the following change > on top of next-20200720 fixes the problem for mps2-an385. > > - if (CHECK_DATA_CORRUPTION(uaccess_kernel(), > + if (CHECK_DATA_CORRUPTION(!uaccess_kernel(), > > How does this work anywhere ? No, that is the wrong check - we want to make sure the address space override doesn't leak to userspace. The problem is that armnommu (and m68knommu, but that doesn't call the offending function) pretends to not have a kernel address space, which doesn't really work. Here is the fix I sent out yesterday, which I should have Cc'ed you on, sorry: --- From 2bb889b2d99a2d978e90640ade8fe02359287092 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig <hch@lst.de> Date: Mon, 20 Jul 2020 17:46:50 +0200 Subject: arm: don't call addr_limit_user_check for nommu On arm nommu kernel use the same constant for USER_DS and KERNEL_DS, and seqment_eq always returns false. With the current check in addr_limit_user_check that works by accident, but when replacing seqment_eq with uaccess_kerne it will fail. Just remove the not needed check entirely. Signed-off-by: Christoph Hellwig <hch@lst.de> Reported-by: Guenter Roeck <linux@roeck-us.net> --- arch/arm/kernel/signal.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index ab2568996ddb0c..c9dc912b83f012 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -713,7 +713,9 @@ struct page *get_signal_page(void) /* Defer to generic check */ asmlinkage void addr_limit_check_failed(void) { +#ifdef CONFIG_MMU addr_limit_user_check(); +#endif } #ifdef CONFIG_DEBUG_RSEQ -- 2.27.0
WARNING: multiple messages have this Message-ID (diff)
From: Christoph Hellwig <hch@lst.de> To: Guenter Roeck <linux@roeck-us.net> Cc: linux-arch@vger.kernel.org, Nick Hu <nickhu@andestech.com>, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Palmer Dabbelt <palmer@dabbelt.com>, Greentime Hu <green.hu@gmail.com>, Paul Walmsley <paul.walmsley@sifive.com>, Andrew Morton <akpm@linux-foundation.org>, Vincent Chen <deanbo422@gmail.com>, Linus Torvalds <torvalds@linux-foundation.org>, Christoph Hellwig <hch@lst.de> Subject: Re: [PATCH 1/6] syscalls: use uaccess_kernel in addr_limit_user_check Date: Tue, 21 Jul 2020 06:58:34 +0200 [thread overview] Message-ID: <20200721045834.GA9613@lst.de> (raw) In-Reply-To: <20200720221046.GA86726@roeck-us.net> On Mon, Jul 20, 2020 at 03:10:46PM -0700, Guenter Roeck wrote: > I had another look into the code. Right after this patch, I see > > #define uaccess_kernel() segment_eq(get_fs(), KERNEL_DS) > > Yet, this patch is: > > - if (CHECK_DATA_CORRUPTION(!segment_eq(get_fs(), USER_DS), > + if (CHECK_DATA_CORRUPTION(uaccess_kernel(), > > So there is a negation in the condition. Indeed, the following change > on top of next-20200720 fixes the problem for mps2-an385. > > - if (CHECK_DATA_CORRUPTION(uaccess_kernel(), > + if (CHECK_DATA_CORRUPTION(!uaccess_kernel(), > > How does this work anywhere ? No, that is the wrong check - we want to make sure the address space override doesn't leak to userspace. The problem is that armnommu (and m68knommu, but that doesn't call the offending function) pretends to not have a kernel address space, which doesn't really work. Here is the fix I sent out yesterday, which I should have Cc'ed you on, sorry: --- From 2bb889b2d99a2d978e90640ade8fe02359287092 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig <hch@lst.de> Date: Mon, 20 Jul 2020 17:46:50 +0200 Subject: arm: don't call addr_limit_user_check for nommu On arm nommu kernel use the same constant for USER_DS and KERNEL_DS, and seqment_eq always returns false. With the current check in addr_limit_user_check that works by accident, but when replacing seqment_eq with uaccess_kerne it will fail. Just remove the not needed check entirely. Signed-off-by: Christoph Hellwig <hch@lst.de> Reported-by: Guenter Roeck <linux@roeck-us.net> --- arch/arm/kernel/signal.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c index ab2568996ddb0c..c9dc912b83f012 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c @@ -713,7 +713,9 @@ struct page *get_signal_page(void) /* Defer to generic check */ asmlinkage void addr_limit_check_failed(void) { +#ifdef CONFIG_MMU addr_limit_user_check(); +#endif } #ifdef CONFIG_DEBUG_RSEQ -- 2.27.0 _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2020-07-21 4:58 UTC|newest] Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-07-14 10:54 clean up address limit helpers v2 Christoph Hellwig 2020-07-14 10:54 ` Christoph Hellwig 2020-07-14 10:55 ` [PATCH 1/6] syscalls: use uaccess_kernel in addr_limit_user_check Christoph Hellwig 2020-07-14 10:55 ` Christoph Hellwig 2020-07-18 1:38 ` Guenter Roeck 2020-07-18 1:38 ` Guenter Roeck 2020-07-18 9:48 ` Christoph Hellwig 2020-07-18 9:48 ` Christoph Hellwig 2020-07-18 14:54 ` Guenter Roeck 2020-07-18 14:54 ` Guenter Roeck 2020-07-20 10:01 ` Christoph Hellwig 2020-07-20 10:01 ` Christoph Hellwig 2020-07-20 14:55 ` Guenter Roeck 2020-07-20 14:55 ` Guenter Roeck 2020-07-20 15:28 ` Peter Maydell 2020-07-20 15:28 ` Peter Maydell 2020-07-20 22:10 ` Guenter Roeck 2020-07-20 22:10 ` Guenter Roeck 2020-07-21 4:58 ` Christoph Hellwig [this message] 2020-07-21 4:58 ` Christoph Hellwig 2020-07-21 5:15 ` Guenter Roeck 2020-07-21 5:15 ` Guenter Roeck 2020-07-21 5:20 ` Christoph Hellwig 2020-07-21 5:20 ` Christoph Hellwig 2020-07-21 5:30 ` Guenter Roeck 2020-07-21 5:30 ` Guenter Roeck 2020-07-21 5:35 ` Christoph Hellwig 2020-07-21 5:35 ` Christoph Hellwig 2020-07-14 10:55 ` [PATCH 2/6] nds32: use uaccess_kernel in show_regs Christoph Hellwig 2020-07-14 10:55 ` Christoph Hellwig 2020-07-14 10:55 ` [PATCH 3/6] riscv: include <asm/pgtable.h> in <asm/uaccess.h> Christoph Hellwig 2020-07-14 10:55 ` Christoph Hellwig 2020-07-14 10:55 ` [PATCH 4/6] uaccess: remove segment_eq Christoph Hellwig 2020-07-14 10:55 ` Christoph Hellwig 2020-07-14 15:27 ` Linus Torvalds 2020-07-14 15:27 ` Linus Torvalds 2020-07-14 10:55 ` [PATCH 5/6] uaccess: add force_uaccess_{begin,end} helpers Christoph Hellwig 2020-07-14 10:55 ` Christoph Hellwig 2020-07-14 15:29 ` Linus Torvalds 2020-07-14 15:29 ` Linus Torvalds 2020-07-14 10:55 ` [PATCH 6/6] exec: use force_uaccess_begin during exec and exit Christoph Hellwig 2020-07-14 10:55 ` Christoph Hellwig 2020-07-15 3:33 ` Eric W. Biederman 2020-07-15 3:33 ` Eric W. Biederman 2020-07-15 6:06 ` Christoph Hellwig 2020-07-15 6:06 ` Christoph Hellwig 2020-07-16 23:49 ` clean up address limit helpers v2 Andrew Morton 2020-07-16 23:49 ` Andrew Morton 2020-07-17 6:06 ` Christoph Hellwig 2020-07-17 6:06 ` Christoph Hellwig 2020-07-20 15:54 ` [PATCH 0/6] arm: don't call addr_limit_user_check for nommu Christoph Hellwig 2020-07-20 15:54 ` Christoph Hellwig -- strict thread matches above, loose matches on Subject: below -- 2020-07-10 13:57 clean up address limit helpers Christoph Hellwig 2020-07-10 13:57 ` [PATCH 1/6] syscalls: use uaccess_kernel in addr_limit_user_check Christoph Hellwig 2020-07-10 13:57 ` Christoph Hellwig
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200721045834.GA9613@lst.de \ --to=hch@lst.de \ --cc=akpm@linux-foundation.org \ --cc=deanbo422@gmail.com \ --cc=green.hu@gmail.com \ --cc=linux-arch@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-riscv@lists.infradead.org \ --cc=linux@roeck-us.net \ --cc=nickhu@andestech.com \ --cc=palmer@dabbelt.com \ --cc=paul.walmsley@sifive.com \ --cc=torvalds@linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.