From: Thomas Gleixner <tglx@linutronix.de>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
David Smith <dsmith@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Frank Ch. Eigler" <fche@redhat.com>
Subject: Re: [RFC][PATCH] x86: Verify access_ok() context
Date: Fri, 20 Jan 2017 09:50:00 +0100 (CET) [thread overview]
Message-ID: <alpine.DEB.2.20.1701200936260.3602@nanos> (raw)
In-Reply-To: <20170120082406.GJ6515@twins.programming.kicks-ass.net>
On Fri, 20 Jan 2017, Peter Zijlstra wrote:
> On Wed, Jan 18, 2017 at 04:19:47PM -0800, Andy Lutomirski wrote:
> > ISTM even with pagefault_disable() in play, using access_ok() from,
> > say, interrupt context is dangerous unless you've first checked that
> > you're in a task. But I guess that in_task() would still return
> > false, e.g. in perf.
>
> The test was created exactly because perf was using access_ok()
> _wrongly_. See commit: ae31fe51a3cc ("perf/x86: Restore TASK_SIZE check
> on frame pointer").
If you validate a user space address against current outside the task
context, then what guarantees that this user space address belongs to
current? Nothing!
Sure, there are interrupts like breakpoints, etc. where we exactly know
that the address which we are looking at belongs to current, because the
code accesses soemthing which belongs exactly to that breakpoint. And in
these cases we need a check which is designed specifically for that case.
Thanks,
tglx
next prev parent reply other threads:[~2017-01-20 8:50 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-22 9:57 [RFC][PATCH] x86: Verify access_ok() context Peter Zijlstra
2016-11-22 17:28 ` Andy Lutomirski
2016-11-22 19:37 ` Peter Zijlstra
2016-11-22 19:42 ` Linus Torvalds
2016-12-05 10:27 ` Peter Zijlstra
2017-01-16 20:27 ` David Smith
2017-01-16 21:14 ` Thomas Gleixner
2017-01-18 22:16 ` David Smith
2017-01-19 0:19 ` Andy Lutomirski
2017-01-19 15:37 ` David Smith
2017-01-20 8:24 ` Peter Zijlstra
2017-01-20 8:50 ` Thomas Gleixner [this message]
2017-01-19 18:12 ` Thomas Gleixner
2017-01-19 20:22 ` Frank Ch. Eigler
2017-01-19 20:50 ` Thomas Gleixner
2017-01-19 21:27 ` Frank Ch. Eigler
2017-01-19 22:20 ` Peter Zijlstra
2017-01-19 23:04 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.20.1701200936260.3602@nanos \
--to=tglx@linutronix.de \
--cc=dsmith@redhat.com \
--cc=fche@redhat.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@kernel.org \
--cc=peterz@infradead.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).