From: Catalin Marinas <catalin.marinas@arm.com>
To: Liam Howlett <liam.howlett@oracle.com>
Cc: Andre Przywara <andre.przywara@arm.com>,
Will Deacon <will@kernel.org>,
Peter Collingbourne <pcc@google.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Amit Daniel Kachhap <amit.kachhap@arm.com>
Subject: Re: [PATCH] arch/arm64/kernel/traps: Use find_vma_intersection() in traps for setting si_code
Date: Mon, 12 Apr 2021 18:43:44 +0100 [thread overview]
Message-ID: <20210412174343.GG2060@arm.com> (raw)
In-Reply-To: <20210407150940.542103-1-Liam.Howlett@Oracle.com>
On Wed, Apr 07, 2021 at 03:11:06PM +0000, Liam Howlett wrote:
> find_vma() will continue to search upwards until the end of the virtual
> memory space. This means the si_code would almost never be set to
> SEGV_MAPERR even when the address falls outside of any VMA. The result
> is that the si_code is not reliable as it may or may not be set to the
> correct result, depending on where the address falls in the address
> space.
>
> Using find_vma_intersection() allows for what is intended by only
> returning a VMA if it falls within the range provided, in this case a
> window of 1.
>
> Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
> ---
> arch/arm64/kernel/traps.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
> index a05d34f0e82a..a44007904a64 100644
> --- a/arch/arm64/kernel/traps.c
> +++ b/arch/arm64/kernel/traps.c
> @@ -383,9 +383,10 @@ void force_signal_inject(int signal, int code, unsigned long address, unsigned i
> void arm64_notify_segfault(unsigned long addr)
> {
> int code;
> + unsigned long ut_addr = untagged_addr(addr);
>
> mmap_read_lock(current->mm);
> - if (find_vma(current->mm, untagged_addr(addr)) == NULL)
> + if (find_vma_intersection(current->mm, ut_addr, ut_addr + 1) == NULL)
> code = SEGV_MAPERR;
> else
> code = SEGV_ACCERR;
I don't think your change is entirely correct either. We can have a
fault below the vma of a stack (with VM_GROWSDOWN) and
find_vma_intersection() would return NULL but it should be a SEGV_ACCERR
instead.
Maybe this should employ similar checks as __do_page_fault() (with
expand_stack() and VM_GROWSDOWN).
--
Catalin
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: Liam Howlett <liam.howlett@oracle.com>
Cc: Andre Przywara <andre.przywara@arm.com>,
Will Deacon <will@kernel.org>,
Peter Collingbourne <pcc@google.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"bpf@vger.kernel.org" <bpf@vger.kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Amit Daniel Kachhap <amit.kachhap@arm.com>
Subject: Re: [PATCH] arch/arm64/kernel/traps: Use find_vma_intersection() in traps for setting si_code
Date: Mon, 12 Apr 2021 18:43:44 +0100 [thread overview]
Message-ID: <20210412174343.GG2060@arm.com> (raw)
In-Reply-To: <20210407150940.542103-1-Liam.Howlett@Oracle.com>
On Wed, Apr 07, 2021 at 03:11:06PM +0000, Liam Howlett wrote:
> find_vma() will continue to search upwards until the end of the virtual
> memory space. This means the si_code would almost never be set to
> SEGV_MAPERR even when the address falls outside of any VMA. The result
> is that the si_code is not reliable as it may or may not be set to the
> correct result, depending on where the address falls in the address
> space.
>
> Using find_vma_intersection() allows for what is intended by only
> returning a VMA if it falls within the range provided, in this case a
> window of 1.
>
> Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com>
> ---
> arch/arm64/kernel/traps.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
> index a05d34f0e82a..a44007904a64 100644
> --- a/arch/arm64/kernel/traps.c
> +++ b/arch/arm64/kernel/traps.c
> @@ -383,9 +383,10 @@ void force_signal_inject(int signal, int code, unsigned long address, unsigned i
> void arm64_notify_segfault(unsigned long addr)
> {
> int code;
> + unsigned long ut_addr = untagged_addr(addr);
>
> mmap_read_lock(current->mm);
> - if (find_vma(current->mm, untagged_addr(addr)) == NULL)
> + if (find_vma_intersection(current->mm, ut_addr, ut_addr + 1) == NULL)
> code = SEGV_MAPERR;
> else
> code = SEGV_ACCERR;
I don't think your change is entirely correct either. We can have a
fault below the vma of a stack (with VM_GROWSDOWN) and
find_vma_intersection() would return NULL but it should be a SEGV_ACCERR
instead.
Maybe this should employ similar checks as __do_page_fault() (with
expand_stack() and VM_GROWSDOWN).
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2021-04-12 17:43 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-07 15:11 [PATCH] arch/arm64/kernel/traps: Use find_vma_intersection() in traps for setting si_code Liam Howlett
2021-04-07 15:11 ` Liam Howlett
2021-04-12 17:43 ` Catalin Marinas [this message]
2021-04-12 17:43 ` Catalin Marinas
2021-04-13 16:52 ` Liam Howlett
2021-04-13 16:52 ` Liam Howlett
2021-04-13 18:00 ` Catalin Marinas
2021-04-13 18:00 ` Catalin Marinas
2021-04-14 16:30 ` Liam Howlett
2021-04-14 16:30 ` Liam Howlett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210412174343.GG2060@arm.com \
--to=catalin.marinas@arm.com \
--cc=amit.kachhap@arm.com \
--cc=andre.przywara@arm.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=liam.howlett@oracle.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pcc@google.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.