From: Christoph Hellwig <hch@lst.de>
To: Guenter Roeck <linux@roeck-us.net>
Cc: Christoph Hellwig <hch@lst.de>, Nick Hu <nickhu@andestech.com>,
Greentime Hu <green.hu@gmail.com>,
Vincent Chen <deanbo422@gmail.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-riscv@lists.infradead.org, linux-arch@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 1/6] syscalls: use uaccess_kernel in addr_limit_user_check
Date: Tue, 21 Jul 2020 06:58:34 +0200 [thread overview]
Message-ID: <20200721045834.GA9613@lst.de> (raw)
In-Reply-To: <20200720221046.GA86726@roeck-us.net>
On Mon, Jul 20, 2020 at 03:10:46PM -0700, Guenter Roeck wrote:
> I had another look into the code. Right after this patch, I see
>
> #define uaccess_kernel() segment_eq(get_fs(), KERNEL_DS)
>
> Yet, this patch is:
>
> - if (CHECK_DATA_CORRUPTION(!segment_eq(get_fs(), USER_DS),
> + if (CHECK_DATA_CORRUPTION(uaccess_kernel(),
>
> So there is a negation in the condition. Indeed, the following change
> on top of next-20200720 fixes the problem for mps2-an385.
>
> - if (CHECK_DATA_CORRUPTION(uaccess_kernel(),
> + if (CHECK_DATA_CORRUPTION(!uaccess_kernel(),
>
> How does this work anywhere ?
No, that is the wrong check - we want to make sure the address
space override doesn't leak to userspace. The problem is that
armnommu (and m68knommu, but that doesn't call the offending
function) pretends to not have a kernel address space, which doesn't
really work. Here is the fix I sent out yesterday, which I should
have Cc'ed you on, sorry:
---
From 2bb889b2d99a2d978e90640ade8fe02359287092 Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch@lst.de>
Date: Mon, 20 Jul 2020 17:46:50 +0200
Subject: arm: don't call addr_limit_user_check for nommu
On arm nommu kernel use the same constant for USER_DS and KERNEL_DS,
and seqment_eq always returns false. With the current check in
addr_limit_user_check that works by accident, but when replacing
seqment_eq with uaccess_kerne it will fail. Just remove the not
needed check entirely.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Guenter Roeck <linux@roeck-us.net>
---
arch/arm/kernel/signal.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
index ab2568996ddb0c..c9dc912b83f012 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -713,7 +713,9 @@ struct page *get_signal_page(void)
/* Defer to generic check */
asmlinkage void addr_limit_check_failed(void)
{
+#ifdef CONFIG_MMU
addr_limit_user_check();
+#endif
}
#ifdef CONFIG_DEBUG_RSEQ
--
2.27.0
WARNING: multiple messages have this Message-ID (diff)
From: Christoph Hellwig <hch@lst.de>
To: Guenter Roeck <linux@roeck-us.net>
Cc: linux-arch@vger.kernel.org, Nick Hu <nickhu@andestech.com>,
linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org,
Palmer Dabbelt <palmer@dabbelt.com>,
Greentime Hu <green.hu@gmail.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Andrew Morton <akpm@linux-foundation.org>,
Vincent Chen <deanbo422@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Christoph Hellwig <hch@lst.de>
Subject: Re: [PATCH 1/6] syscalls: use uaccess_kernel in addr_limit_user_check
Date: Tue, 21 Jul 2020 06:58:34 +0200 [thread overview]
Message-ID: <20200721045834.GA9613@lst.de> (raw)
In-Reply-To: <20200720221046.GA86726@roeck-us.net>
On Mon, Jul 20, 2020 at 03:10:46PM -0700, Guenter Roeck wrote:
> I had another look into the code. Right after this patch, I see
>
> #define uaccess_kernel() segment_eq(get_fs(), KERNEL_DS)
>
> Yet, this patch is:
>
> - if (CHECK_DATA_CORRUPTION(!segment_eq(get_fs(), USER_DS),
> + if (CHECK_DATA_CORRUPTION(uaccess_kernel(),
>
> So there is a negation in the condition. Indeed, the following change
> on top of next-20200720 fixes the problem for mps2-an385.
>
> - if (CHECK_DATA_CORRUPTION(uaccess_kernel(),
> + if (CHECK_DATA_CORRUPTION(!uaccess_kernel(),
>
> How does this work anywhere ?
No, that is the wrong check - we want to make sure the address
space override doesn't leak to userspace. The problem is that
armnommu (and m68knommu, but that doesn't call the offending
function) pretends to not have a kernel address space, which doesn't
really work. Here is the fix I sent out yesterday, which I should
have Cc'ed you on, sorry:
---
From 2bb889b2d99a2d978e90640ade8fe02359287092 Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch@lst.de>
Date: Mon, 20 Jul 2020 17:46:50 +0200
Subject: arm: don't call addr_limit_user_check for nommu
On arm nommu kernel use the same constant for USER_DS and KERNEL_DS,
and seqment_eq always returns false. With the current check in
addr_limit_user_check that works by accident, but when replacing
seqment_eq with uaccess_kerne it will fail. Just remove the not
needed check entirely.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Guenter Roeck <linux@roeck-us.net>
---
arch/arm/kernel/signal.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
index ab2568996ddb0c..c9dc912b83f012 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -713,7 +713,9 @@ struct page *get_signal_page(void)
/* Defer to generic check */
asmlinkage void addr_limit_check_failed(void)
{
+#ifdef CONFIG_MMU
addr_limit_user_check();
+#endif
}
#ifdef CONFIG_DEBUG_RSEQ
--
2.27.0
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2020-07-21 4:58 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-14 10:54 clean up address limit helpers v2 Christoph Hellwig
2020-07-14 10:54 ` Christoph Hellwig
2020-07-14 10:55 ` [PATCH 1/6] syscalls: use uaccess_kernel in addr_limit_user_check Christoph Hellwig
2020-07-14 10:55 ` Christoph Hellwig
2020-07-18 1:38 ` Guenter Roeck
2020-07-18 1:38 ` Guenter Roeck
2020-07-18 9:48 ` Christoph Hellwig
2020-07-18 9:48 ` Christoph Hellwig
2020-07-18 14:54 ` Guenter Roeck
2020-07-18 14:54 ` Guenter Roeck
2020-07-20 10:01 ` Christoph Hellwig
2020-07-20 10:01 ` Christoph Hellwig
2020-07-20 14:55 ` Guenter Roeck
2020-07-20 14:55 ` Guenter Roeck
2020-07-20 15:28 ` Peter Maydell
2020-07-20 15:28 ` Peter Maydell
2020-07-20 22:10 ` Guenter Roeck
2020-07-20 22:10 ` Guenter Roeck
2020-07-21 4:58 ` Christoph Hellwig [this message]
2020-07-21 4:58 ` Christoph Hellwig
2020-07-21 5:15 ` Guenter Roeck
2020-07-21 5:15 ` Guenter Roeck
2020-07-21 5:20 ` Christoph Hellwig
2020-07-21 5:20 ` Christoph Hellwig
2020-07-21 5:30 ` Guenter Roeck
2020-07-21 5:30 ` Guenter Roeck
2020-07-21 5:35 ` Christoph Hellwig
2020-07-21 5:35 ` Christoph Hellwig
2020-07-14 10:55 ` [PATCH 2/6] nds32: use uaccess_kernel in show_regs Christoph Hellwig
2020-07-14 10:55 ` Christoph Hellwig
2020-07-14 10:55 ` [PATCH 3/6] riscv: include <asm/pgtable.h> in <asm/uaccess.h> Christoph Hellwig
2020-07-14 10:55 ` Christoph Hellwig
2020-07-14 10:55 ` [PATCH 4/6] uaccess: remove segment_eq Christoph Hellwig
2020-07-14 10:55 ` Christoph Hellwig
2020-07-14 15:27 ` Linus Torvalds
2020-07-14 15:27 ` Linus Torvalds
2020-07-14 10:55 ` [PATCH 5/6] uaccess: add force_uaccess_{begin,end} helpers Christoph Hellwig
2020-07-14 10:55 ` Christoph Hellwig
2020-07-14 15:29 ` Linus Torvalds
2020-07-14 15:29 ` Linus Torvalds
2020-07-14 10:55 ` [PATCH 6/6] exec: use force_uaccess_begin during exec and exit Christoph Hellwig
2020-07-14 10:55 ` Christoph Hellwig
2020-07-15 3:33 ` Eric W. Biederman
2020-07-15 3:33 ` Eric W. Biederman
2020-07-15 6:06 ` Christoph Hellwig
2020-07-15 6:06 ` Christoph Hellwig
2020-07-16 23:49 ` clean up address limit helpers v2 Andrew Morton
2020-07-16 23:49 ` Andrew Morton
2020-07-17 6:06 ` Christoph Hellwig
2020-07-17 6:06 ` Christoph Hellwig
2020-07-20 15:54 ` [PATCH 0/6] arm: don't call addr_limit_user_check for nommu Christoph Hellwig
2020-07-20 15:54 ` Christoph Hellwig
-- strict thread matches above, loose matches on Subject: below --
2020-07-10 13:57 clean up address limit helpers Christoph Hellwig
2020-07-10 13:57 ` [PATCH 1/6] syscalls: use uaccess_kernel in addr_limit_user_check Christoph Hellwig
2020-07-10 13:57 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200721045834.GA9613@lst.de \
--to=hch@lst.de \
--cc=akpm@linux-foundation.org \
--cc=deanbo422@gmail.com \
--cc=green.hu@gmail.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux@roeck-us.net \
--cc=nickhu@andestech.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.