All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page
@ 2018-01-30  6:42 Jia Zhang
  2018-01-30  6:42 ` [PATCH 2/2] x86/mm/64: Add vsyscall page to /proc/kcore conditionally Jia Zhang
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Jia Zhang @ 2018-01-30  6:42 UTC (permalink / raw)
  To: tglx, mingo, hpa; +Cc: x86, linux-kernel, Jia Zhang

The commit df04abfd181a
("fs/proc/kcore.c: Add bounce buffer for ktext data") introduces a
bounce buffer to work around CONFIG_HARDENED_USERCOPY=y. However,
accessing vsyscall user page will cause SMAP violation in this way.

In order to fix this issue, simply replace memcpy() with copy_from_user()
may work, but using a common way to handle this sort of user page may be
useful for future.

Currently, only vsyscall page requires KCORE_USER.

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
---
 arch/x86/mm/init_64.c | 2 +-
 fs/proc/kcore.c       | 4 ++++
 include/linux/kcore.h | 1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 4a83728..dab78f6 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -1187,7 +1187,7 @@ void __init mem_init(void)
 
 	/* Register memory areas for /proc/kcore */
 	kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
-			 PAGE_SIZE, KCORE_OTHER);
+		   PAGE_SIZE, KCORE_USER);
 
 	mem_init_print_info(NULL);
 }
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index 4bc85cb..e4b0204 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -510,6 +510,10 @@ static void elf_kcore_store_hdr(char *bufp, int nphdr, int dataoff)
 			/* we have to zero-fill user buffer even if no read */
 			if (copy_to_user(buffer, buf, tsz))
 				return -EFAULT;
+		} else if (m->type == KCORE_USER) {
+			/* user page is handled prior to normal kernel page */
+			if (copy_to_user(buffer, (char *)start, tsz))
+				return -EFAULT;
 		} else {
 			if (kern_addr_valid(start)) {
 				unsigned long n;
diff --git a/include/linux/kcore.h b/include/linux/kcore.h
index 7ff25a8..80db19d 100644
--- a/include/linux/kcore.h
+++ b/include/linux/kcore.h
@@ -10,6 +10,7 @@ enum kcore_type {
 	KCORE_VMALLOC,
 	KCORE_RAM,
 	KCORE_VMEMMAP,
+	KCORE_USER,
 	KCORE_OTHER,
 };
 
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 8+ messages in thread
* [PATCH 2/2] x86/mm/64: Add vsyscall page to /proc/kcore conditionally
  2018-01-30  6:42 [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page Jia Zhang
@ 2018-01-30  6:42 ` Jia Zhang
  2018-02-05  9:26   ` Jiri Olsa
  2018-02-01  1:03 ` [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page Jia Zhang
  2018-02-05  1:32 ` Jia Zhang
  2 siblings, 1 reply; 8+ messages in thread
From: Jia Zhang @ 2018-01-30  6:42 UTC (permalink / raw)
  To: tglx, mingo, hpa; +Cc: x86, linux-kernel, Jia Zhang

The vsyscall page should be visible only if
vsyscall=emulate/native when dumping /proc/kcore.

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
---
 arch/x86/mm/init_64.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index dab78f6..3d4cf33 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -1186,8 +1186,9 @@ void __init mem_init(void)
 	register_page_bootmem_info();
 
 	/* Register memory areas for /proc/kcore */
-	kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
-		   PAGE_SIZE, KCORE_USER);
+	if (get_gate_vma(&init_mm))
+		kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
+			   PAGE_SIZE, KCORE_USER);
 
 	mem_init_print_info(NULL);
 }
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page
  2018-01-30  6:42 [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page Jia Zhang
  2018-01-30  6:42 ` [PATCH 2/2] x86/mm/64: Add vsyscall page to /proc/kcore conditionally Jia Zhang
@ 2018-02-01  1:03 ` Jia Zhang
  2018-02-05  1:32 ` Jia Zhang
  2 siblings, 0 replies; 8+ messages in thread
From: Jia Zhang @ 2018-02-01  1:03 UTC (permalink / raw)
  To: tglx, mingo, hpa; +Cc: x86, linux-kernel

Hi,

Are there any comments here?

Thanks,
Jia

On 2018/1/30 下午2:42, Jia Zhang wrote:
> The commit df04abfd181a
> ("fs/proc/kcore.c: Add bounce buffer for ktext data") introduces a
> bounce buffer to work around CONFIG_HARDENED_USERCOPY=y. However,
> accessing vsyscall user page will cause SMAP violation in this way.
> 
> In order to fix this issue, simply replace memcpy() with copy_from_user()
> may work, but using a common way to handle this sort of user page may be
> useful for future.
> 
> Currently, only vsyscall page requires KCORE_USER.
> 
> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
> ---
>  arch/x86/mm/init_64.c | 2 +-
>  fs/proc/kcore.c       | 4 ++++
>  include/linux/kcore.h | 1 +
>  3 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
> index 4a83728..dab78f6 100644
> --- a/arch/x86/mm/init_64.c
> +++ b/arch/x86/mm/init_64.c
> @@ -1187,7 +1187,7 @@ void __init mem_init(void)
>  
>  	/* Register memory areas for /proc/kcore */
>  	kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
> -			 PAGE_SIZE, KCORE_OTHER);
> +		   PAGE_SIZE, KCORE_USER);
>  
>  	mem_init_print_info(NULL);
>  }
> diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
> index 4bc85cb..e4b0204 100644
> --- a/fs/proc/kcore.c
> +++ b/fs/proc/kcore.c
> @@ -510,6 +510,10 @@ static void elf_kcore_store_hdr(char *bufp, int nphdr, int dataoff)
>  			/* we have to zero-fill user buffer even if no read */
>  			if (copy_to_user(buffer, buf, tsz))
>  				return -EFAULT;
> +		} else if (m->type == KCORE_USER) {
> +			/* user page is handled prior to normal kernel page */
> +			if (copy_to_user(buffer, (char *)start, tsz))
> +				return -EFAULT;
>  		} else {
>  			if (kern_addr_valid(start)) {
>  				unsigned long n;
> diff --git a/include/linux/kcore.h b/include/linux/kcore.h
> index 7ff25a8..80db19d 100644
> --- a/include/linux/kcore.h
> +++ b/include/linux/kcore.h
> @@ -10,6 +10,7 @@ enum kcore_type {
>  	KCORE_VMALLOC,
>  	KCORE_RAM,
>  	KCORE_VMEMMAP,
> +	KCORE_USER,
>  	KCORE_OTHER,
>  };
>  
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page
  2018-01-30  6:42 [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page Jia Zhang
  2018-01-30  6:42 ` [PATCH 2/2] x86/mm/64: Add vsyscall page to /proc/kcore conditionally Jia Zhang
  2018-02-01  1:03 ` [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page Jia Zhang
@ 2018-02-05  1:32 ` Jia Zhang
  2 siblings, 0 replies; 8+ messages in thread
From: Jia Zhang @ 2018-02-05  1:32 UTC (permalink / raw)
  To: tglx, mingo, hpa, jolsa; +Cc: x86, linux-kernel

Hi Jiri,

The maintainers are too busy to review this patchset. You are the author
of the commit df04abfd181a. Please help to review this patchset.

Thanks,
Jia

On 2018/1/30 下午2:42, Jia Zhang wrote:
> The commit df04abfd181a
> ("fs/proc/kcore.c: Add bounce buffer for ktext data") introduces a
> bounce buffer to work around CONFIG_HARDENED_USERCOPY=y. However,
> accessing vsyscall user page will cause SMAP violation in this way.
> 
> In order to fix this issue, simply replace memcpy() with copy_from_user()
> may work, but using a common way to handle this sort of user page may be
> useful for future.
> 
> Currently, only vsyscall page requires KCORE_USER.
> 
> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
> ---
>  arch/x86/mm/init_64.c | 2 +-
>  fs/proc/kcore.c       | 4 ++++
>  include/linux/kcore.h | 1 +
>  3 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
> index 4a83728..dab78f6 100644
> --- a/arch/x86/mm/init_64.c
> +++ b/arch/x86/mm/init_64.c
> @@ -1187,7 +1187,7 @@ void __init mem_init(void)
>  
>  	/* Register memory areas for /proc/kcore */
>  	kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
> -			 PAGE_SIZE, KCORE_OTHER);
> +		   PAGE_SIZE, KCORE_USER);
>  
>  	mem_init_print_info(NULL);
>  }
> diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
> index 4bc85cb..e4b0204 100644
> --- a/fs/proc/kcore.c
> +++ b/fs/proc/kcore.c
> @@ -510,6 +510,10 @@ static void elf_kcore_store_hdr(char *bufp, int nphdr, int dataoff)
>  			/* we have to zero-fill user buffer even if no read */
>  			if (copy_to_user(buffer, buf, tsz))
>  				return -EFAULT;
> +		} else if (m->type == KCORE_USER) {
> +			/* user page is handled prior to normal kernel page */
> +			if (copy_to_user(buffer, (char *)start, tsz))
> +				return -EFAULT;
>  		} else {
>  			if (kern_addr_valid(start)) {
>  				unsigned long n;
> diff --git a/include/linux/kcore.h b/include/linux/kcore.h
> index 7ff25a8..80db19d 100644
> --- a/include/linux/kcore.h
> +++ b/include/linux/kcore.h
> @@ -10,6 +10,7 @@ enum kcore_type {
>  	KCORE_VMALLOC,
>  	KCORE_RAM,
>  	KCORE_VMEMMAP,
> +	KCORE_USER,
>  	KCORE_OTHER,
>  };
>  
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] x86/mm/64: Add vsyscall page to /proc/kcore conditionally
  2018-01-30  6:42 ` [PATCH 2/2] x86/mm/64: Add vsyscall page to /proc/kcore conditionally Jia Zhang
@ 2018-02-05  9:26   ` Jiri Olsa
  2018-02-09  1:08     ` Jia Zhang
  0 siblings, 1 reply; 8+ messages in thread
From: Jiri Olsa @ 2018-02-05  9:26 UTC (permalink / raw)
  To: Jia Zhang; +Cc: tglx, mingo, hpa, x86, linux-kernel

On Tue, Jan 30, 2018 at 02:42:59PM +0800, Jia Zhang wrote:
> The vsyscall page should be visible only if
> vsyscall=emulate/native when dumping /proc/kcore.
> 
> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
> ---
>  arch/x86/mm/init_64.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
> index dab78f6..3d4cf33 100644
> --- a/arch/x86/mm/init_64.c
> +++ b/arch/x86/mm/init_64.c
> @@ -1186,8 +1186,9 @@ void __init mem_init(void)
>  	register_page_bootmem_info();
>  
>  	/* Register memory areas for /proc/kcore */
> -	kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
> -		   PAGE_SIZE, KCORE_USER);
> +	if (get_gate_vma(&init_mm))
> +		kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
> +			   PAGE_SIZE, KCORE_USER);

nit, we use { } when there's more than 1 line code 

anyway the approach looks ok to me

Reviewed-by: Jiri Olsa <jolsa@kernel.org>

thanks,
jirka

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] x86/mm/64: Add vsyscall page to /proc/kcore conditionally
  2018-02-05  9:26   ` Jiri Olsa
@ 2018-02-09  1:08     ` Jia Zhang
  2018-02-12  9:59       ` Thomas Gleixner
  0 siblings, 1 reply; 8+ messages in thread
From: Jia Zhang @ 2018-02-09  1:08 UTC (permalink / raw)
  To: tglx, mingo, hpa; +Cc: Jiri Olsa, x86, linux-kernel

Hi,

Anybody else here who can give an attention on this review?

Thanks,
Jia

On 2018/2/5 下午5:26, Jiri Olsa wrote:
> On Tue, Jan 30, 2018 at 02:42:59PM +0800, Jia Zhang wrote:
>> The vsyscall page should be visible only if
>> vsyscall=emulate/native when dumping /proc/kcore.
>>
>> Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
>> ---
>>  arch/x86/mm/init_64.c | 5 +++--
>>  1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
>> index dab78f6..3d4cf33 100644
>> --- a/arch/x86/mm/init_64.c
>> +++ b/arch/x86/mm/init_64.c
>> @@ -1186,8 +1186,9 @@ void __init mem_init(void)
>>  	register_page_bootmem_info();
>>  
>>  	/* Register memory areas for /proc/kcore */
>> -	kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
>> -		   PAGE_SIZE, KCORE_USER);
>> +	if (get_gate_vma(&init_mm))
>> +		kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
>> +			   PAGE_SIZE, KCORE_USER);
> 
> nit, we use { } when there's more than 1 line code 
> 
> anyway the approach looks ok to me
> 
> Reviewed-by: Jiri Olsa <jolsa@kernel.org>
> 
> thanks,
> jirka
> 

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] x86/mm/64: Add vsyscall page to /proc/kcore conditionally
  2018-02-09  1:08     ` Jia Zhang
@ 2018-02-12  9:59       ` Thomas Gleixner
  0 siblings, 0 replies; 8+ messages in thread
From: Thomas Gleixner @ 2018-02-12  9:59 UTC (permalink / raw)
  To: Jia Zhang; +Cc: mingo, hpa, Jiri Olsa, x86, linux-kernel

On Fri, 9 Feb 2018, Jia Zhang wrote:
> 
> Anybody else here who can give an attention on this review?

Jiri gave you perfectly valid feedback. Please address that and repost a V2.

Thanks,

	tglx

^ permalink raw reply	[flat|nested] 8+ messages in thread
* [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page
  2018-02-12 14:44 [PATCH v2 0/2] " Jia Zhang
@ 2018-02-12 14:44 ` Jia Zhang
  0 siblings, 0 replies; 8+ messages in thread
From: Jia Zhang @ 2018-02-12 14:44 UTC (permalink / raw)
  To: tglx, jolsa, mingo, hpa; +Cc: x86, linux-kernel

The commit df04abfd181a
("fs/proc/kcore.c: Add bounce buffer for ktext data") introduces a
bounce buffer to work around CONFIG_HARDENED_USERCOPY=y. However,
accessing vsyscall user page will cause SMAP violation in this way.

In order to fix this issue, simply replace memcpy() with copy_from_user()
may work, but using a common way to handle this sort of user page may be
useful for future.

Currently, only vsyscall page requires KCORE_USER.

Signed-off-by: Jia Zhang <zhang.jia@linux.alibaba.com>
Reviewed-by: Jiri Olsa <jolsa@kernel.org>
---
 arch/x86/mm/init_64.c | 2 +-
 fs/proc/kcore.c       | 4 ++++
 include/linux/kcore.h | 1 +
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 1ab42c8..14cd7f8 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -1194,7 +1194,7 @@ void __init mem_init(void)
 
 	/* Register memory areas for /proc/kcore */
 	kclist_add(&kcore_vsyscall, (void *)VSYSCALL_ADDR,
-			 PAGE_SIZE, KCORE_OTHER);
+		   PAGE_SIZE, KCORE_USER);
 
 	mem_init_print_info(NULL);
 }
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index e8a93bc..7d8fa05 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -510,6 +510,10 @@ static void elf_kcore_store_hdr(char *bufp, int nphdr, int dataoff)
 			/* we have to zero-fill user buffer even if no read */
 			if (copy_to_user(buffer, buf, tsz))
 				return -EFAULT;
+		} else if (m->type == KCORE_USER) {
+			/* user page is handled prior to normal kernel page */
+			if (copy_to_user(buffer, (char *)start, tsz))
+				return -EFAULT;
 		} else {
 			if (kern_addr_valid(start)) {
 				/*
diff --git a/include/linux/kcore.h b/include/linux/kcore.h
index 7ff25a8..80db19d 100644
--- a/include/linux/kcore.h
+++ b/include/linux/kcore.h
@@ -10,6 +10,7 @@ enum kcore_type {
 	KCORE_VMALLOC,
 	KCORE_RAM,
 	KCORE_VMEMMAP,
+	KCORE_USER,
 	KCORE_OTHER,
 };
 
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 8+ messages in thread
end of thread, other threads:[~2018-02-12 14:45 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-30  6:42 [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page Jia Zhang
2018-01-30  6:42 ` [PATCH 2/2] x86/mm/64: Add vsyscall page to /proc/kcore conditionally Jia Zhang
2018-02-05  9:26   ` Jiri Olsa
2018-02-09  1:08     ` Jia Zhang
2018-02-12  9:59       ` Thomas Gleixner
2018-02-01  1:03 ` [PATCH 1/2] /proc/kcore: Fix SMAP violation when dumping vsyscall user page Jia Zhang
2018-02-05  1:32 ` Jia Zhang
2018-02-12 14:44 [PATCH v2 0/2] " Jia Zhang
2018-02-12 14:44 ` [PATCH 1/2] " Jia Zhang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.