* [PATCH v2 0/2] Let illegal access to user-space memory die
@ 2020-12-03 6:48 Eric Lin
2020-12-03 6:48 ` [PATCH v2 1/2] riscv/mm: Introduce a die_kernel_fault() helper function Eric Lin
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Eric Lin @ 2020-12-03 6:48 UTC (permalink / raw)
To: linux-kernel, linux-riscv, walken, vbabka, peterx, akpm, penberg,
aou, palmer, paul.walmsley, hch
Cc: Eric Lin
Accesses to user-space memory without calling uaccess routine
leads to hanging in page fault handler. Like arm64, we let it
die earlier in page fault handler.
Changes in v2:
-Add a die_kernel_fault() helper
-Split one long line code into two
Eric Lin (2):
riscv/mm: Introduce a die_kernel_fault() helper function
riscv/mm: Prevent kernel module to access user memory without uaccess
routines
arch/riscv/mm/fault.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
--
2.17.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2 1/2] riscv/mm: Introduce a die_kernel_fault() helper function
2020-12-03 6:48 [PATCH v2 0/2] Let illegal access to user-space memory die Eric Lin
@ 2020-12-03 6:48 ` Eric Lin
2020-12-03 6:48 ` [PATCH v2 2/2] riscv/mm: Prevent kernel module to access user memory without uaccess routines Eric Lin
2020-12-03 7:29 ` [PATCH v2 0/2] Let illegal access to user-space memory die Pekka Enberg
2 siblings, 0 replies; 5+ messages in thread
From: Eric Lin @ 2020-12-03 6:48 UTC (permalink / raw)
To: linux-kernel, linux-riscv, walken, vbabka, peterx, akpm, penberg,
aou, palmer, paul.walmsley, hch
Cc: Eric Lin, Alan Kao
Like arm64, this patch adds a die_kernel_fault() helper
to ensure the same semantics for the different kernel faults.
Signed-off-by: Eric Lin <tesheng@andestech.com>
Cc: Alan Kao <alankao@andestech.com>
---
arch/riscv/mm/fault.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index 3c8b9e433c67..0bcfd0e1b39e 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -19,6 +19,19 @@
#include "../kernel/head.h"
+static void die_kernel_fault(const char *msg, unsigned long addr,
+ struct pt_regs *regs)
+{
+ bust_spinlocks(1);
+
+ pr_alert("Unable to handle kernel %s at virtual address " REG_FMT "\n", msg,
+ addr);
+
+ bust_spinlocks(0);
+ die(regs, "Oops");
+ do_exit(SIGKILL);
+}
+
static inline void no_context(struct pt_regs *regs, unsigned long addr)
{
/* Are we prepared to handle this kernel fault? */
--
2.17.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2 2/2] riscv/mm: Prevent kernel module to access user memory without uaccess routines
2020-12-03 6:48 [PATCH v2 0/2] Let illegal access to user-space memory die Eric Lin
2020-12-03 6:48 ` [PATCH v2 1/2] riscv/mm: Introduce a die_kernel_fault() helper function Eric Lin
@ 2020-12-03 6:48 ` Eric Lin
2020-12-03 7:29 ` [PATCH v2 0/2] Let illegal access to user-space memory die Pekka Enberg
2 siblings, 0 replies; 5+ messages in thread
From: Eric Lin @ 2020-12-03 6:48 UTC (permalink / raw)
To: linux-kernel, linux-riscv, walken, vbabka, peterx, akpm, penberg,
aou, palmer, paul.walmsley, hch
Cc: Eric Lin, Alan Kao
We found this issue in an legacy out-of-tree kernel module
which didn't properly access user space pointer by get/put_user().
Such an illegal access loops in the page fault handler.
To resolve this, let it die here.
Signed-off-by: Eric Lin <tesheng@andestech.com>
Cc: Alan Kao <alankao@andestech.com>
---
arch/riscv/mm/fault.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index 0bcfd0e1b39e..00884c1bac28 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -245,6 +245,11 @@ asmlinkage void do_page_fault(struct pt_regs *regs)
if (user_mode(regs))
flags |= FAULT_FLAG_USER;
+ if (!user_mode(regs) && addr < TASK_SIZE &&
+ unlikely(!(regs->status & SR_SUM)))
+ die_kernel_fault("access to user memory without uaccess routines",
+ addr, regs);
+
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr);
if (cause == EXC_STORE_PAGE_FAULT)
--
2.17.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2 0/2] Let illegal access to user-space memory die
2020-12-03 6:48 [PATCH v2 0/2] Let illegal access to user-space memory die Eric Lin
2020-12-03 6:48 ` [PATCH v2 1/2] riscv/mm: Introduce a die_kernel_fault() helper function Eric Lin
2020-12-03 6:48 ` [PATCH v2 2/2] riscv/mm: Prevent kernel module to access user memory without uaccess routines Eric Lin
@ 2020-12-03 7:29 ` Pekka Enberg
2020-12-03 8:16 ` Eric Lin
2 siblings, 1 reply; 5+ messages in thread
From: Pekka Enberg @ 2020-12-03 7:29 UTC (permalink / raw)
To: Eric Lin
Cc: LKML, linux-riscv, Michel Lespinasse, Vlastimil Babka, Peter Xu,
Andrew Morton, Albert Ou, Palmer Dabbelt, Paul Walmsley,
Christoph Hellwig
Hi Eric,
On Thu, Dec 3, 2020 at 8:51 AM Eric Lin <tesheng@andestech.com> wrote:
>
> Accesses to user-space memory without calling uaccess routine
> leads to hanging in page fault handler. Like arm64, we let it
> die earlier in page fault handler.
>
> Changes in v2:
> -Add a die_kernel_fault() helper
> -Split one long line code into two
Please also make no_context() use the new helper. Other than that:
Reviewed-by: Pekka Enberg <penberg@kernel.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 0/2] Let illegal access to user-space memory die
2020-12-03 7:29 ` [PATCH v2 0/2] Let illegal access to user-space memory die Pekka Enberg
@ 2020-12-03 8:16 ` Eric Lin
0 siblings, 0 replies; 5+ messages in thread
From: Eric Lin @ 2020-12-03 8:16 UTC (permalink / raw)
To: Pekka Enberg
Cc: LKML, linux-riscv, Michel Lespinasse, Vlastimil Babka, Peter Xu,
Andrew Morton, Albert Ou, Palmer Dabbelt, Paul Walmsley,
Christoph Hellwig
On Thu, Dec 03, 2020 at 03:29:57PM +0800, Pekka Enberg wrote:
Hi Pekka,
> Hi Eric,
>
> On Thu, Dec 3, 2020 at 8:51 AM Eric Lin <tesheng@andestech.com> wrote:
> >
> > Accesses to user-space memory without calling uaccess routine
> > leads to hanging in page fault handler. Like arm64, we let it
> > die earlier in page fault handler.
> >
> > Changes in v2:
> > -Add a die_kernel_fault() helper
> > -Split one long line code into two
>
> Please also make no_context() use the new helper. Other than that:
>
OK, I'll make no_context() use the new helper in v3.
Thanks for your review.
> Reviewed-by: Pekka Enberg <penberg@kernel.org>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-12-03 8:18 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-03 6:48 [PATCH v2 0/2] Let illegal access to user-space memory die Eric Lin
2020-12-03 6:48 ` [PATCH v2 1/2] riscv/mm: Introduce a die_kernel_fault() helper function Eric Lin
2020-12-03 6:48 ` [PATCH v2 2/2] riscv/mm: Prevent kernel module to access user memory without uaccess routines Eric Lin
2020-12-03 7:29 ` [PATCH v2 0/2] Let illegal access to user-space memory die Pekka Enberg
2020-12-03 8:16 ` Eric Lin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).