From: Mateusz Guzik <mjguzik@gmail.com>
To: torvalds@linux-foundation.org
Cc: brauner@kernel.org, viro@zeniv.linux.org.uk, jack@suse.cz,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
tglx@linutronix.de, pfalcato@suse.de,
Mateusz Guzik <mjguzik@gmail.com>
Subject: [PATCH 1/3] x86: fix access_ok() and valid_user_address() using wrong USER_PTR_MAX in modules
Date: Fri, 31 Oct 2025 18:42:18 +0100 [thread overview]
Message-ID: <20251031174220.43458-2-mjguzik@gmail.com> (raw)
In-Reply-To: <20251031174220.43458-1-mjguzik@gmail.com>
[real commit message will land here later]
---
arch/x86/include/asm/uaccess_64.h | 17 +++++++++--------
arch/x86/kernel/cpu/common.c | 8 +++++---
2 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index c8a5ae35c871..f60c0ed147c3 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -12,13 +12,14 @@
#include <asm/cpufeatures.h>
#include <asm/page.h>
#include <asm/percpu.h>
-#include <asm/runtime-const.h>
-/*
- * Virtual variable: there's no actual backing store for this,
- * it can purely be used as 'runtime_const_ptr(USER_PTR_MAX)'
- */
-extern unsigned long USER_PTR_MAX;
+extern unsigned long user_ptr_max;
+#ifdef MODULE
+#define __user_ptr_max_accessor user_ptr_max
+#else
+#include <asm/runtime-const.h>
+#define __user_ptr_max_accessor runtime_const_ptr(user_ptr_max)
+#endif
#ifdef CONFIG_ADDRESS_MASKING
/*
@@ -54,7 +55,7 @@ static inline unsigned long __untagged_addr_remote(struct mm_struct *mm,
#endif
#define valid_user_address(x) \
- likely((__force unsigned long)(x) <= runtime_const_ptr(USER_PTR_MAX))
+ likely((__force unsigned long)(x) <= __user_ptr_max_accessor)
/*
* Masking the user address is an alternative to a conditional
@@ -67,7 +68,7 @@ static inline void __user *mask_user_address(const void __user *ptr)
asm("cmp %1,%0\n\t"
"cmova %1,%0"
:"=r" (ret)
- :"r" (runtime_const_ptr(USER_PTR_MAX)),
+ :"r" (__user_ptr_max_accessor),
"0" (ptr));
return ret;
}
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 3ff9682d8bc4..f338f5e9adfc 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -78,6 +78,9 @@
DEFINE_PER_CPU_READ_MOSTLY(struct cpuinfo_x86, cpu_info);
EXPORT_PER_CPU_SYMBOL(cpu_info);
+unsigned long user_ptr_max __ro_after_init;
+EXPORT_SYMBOL(user_ptr_max);
+
u32 elf_hwcap2 __read_mostly;
/* Number of siblings per CPU package */
@@ -2575,14 +2578,13 @@ void __init arch_cpu_finalize_init(void)
alternative_instructions();
if (IS_ENABLED(CONFIG_X86_64)) {
- unsigned long USER_PTR_MAX = TASK_SIZE_MAX;
-
+ user_ptr_max = TASK_SIZE_MAX;
/*
* Enable this when LAM is gated on LASS support
if (cpu_feature_enabled(X86_FEATURE_LAM))
USER_PTR_MAX = (1ul << 63) - PAGE_SIZE;
*/
- runtime_const_init(ptr, USER_PTR_MAX);
+ runtime_const_init(ptr, user_ptr_max);
/*
* Make sure the first 2MB area is not mapped by huge pages
--
2.34.1
next prev parent reply other threads:[~2025-10-31 17:42 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-30 10:52 [PATCH v4] fs: hide names_cachep behind runtime access machinery Mateusz Guzik
2025-10-30 13:13 ` kernel test robot
2025-10-30 13:19 ` Mateusz Guzik
2025-10-30 16:15 ` Linus Torvalds
2025-10-30 16:35 ` Mateusz Guzik
2025-10-30 18:07 ` Linus Torvalds
2025-10-30 18:25 ` Linus Torvalds
2025-10-30 21:39 ` Mateusz Guzik
2025-10-30 22:06 ` Mateusz Guzik
2025-10-31 12:08 ` Christian Brauner
2025-10-31 15:13 ` Mateusz Guzik
2025-10-31 16:04 ` Linus Torvalds
2025-10-31 16:25 ` Mateusz Guzik
2025-10-31 16:31 ` Linus Torvalds
2025-10-31 17:42 ` [WIP RFC PATCH 0/3] runtime-const header split and whatnot Mateusz Guzik
2025-10-31 17:42 ` Mateusz Guzik [this message]
2025-10-31 21:46 ` [PATCH 1/3] x86: fix access_ok() and valid_user_address() using wrong USER_PTR_MAX in modules Linus Torvalds
2025-10-31 22:01 ` Mateusz Guzik
2025-11-01 11:26 ` David Laight
2025-11-04 6:25 ` Linus Torvalds
2025-11-04 8:56 ` Mateusz Guzik
2025-11-04 9:37 ` Linus Torvalds
2025-11-04 10:25 ` Borislav Petkov
2025-11-04 16:13 ` Borislav Petkov
2025-11-05 1:50 ` Linus Torvalds
2025-11-05 11:37 ` Borislav Petkov
2025-11-05 20:50 ` Mateusz Guzik
2025-11-06 11:14 ` Borislav Petkov
2025-11-06 12:06 ` Mateusz Guzik
2025-11-06 13:10 ` Borislav Petkov
2025-11-06 13:19 ` Mateusz Guzik
2025-11-06 13:36 ` Borislav Petkov
2025-11-06 14:49 ` Mateusz Guzik
2025-11-06 19:26 ` David Laight
2025-11-06 19:49 ` Linus Torvalds
2025-11-04 17:09 ` Sean Christopherson
2025-11-04 19:07 ` Linus Torvalds
2025-11-04 19:34 ` Linus Torvalds
2025-11-04 21:53 ` Sean Christopherson
2025-11-04 20:17 ` Borislav Petkov
2025-11-04 22:06 ` Linus Torvalds
2025-11-05 11:49 ` Borislav Petkov
2025-10-31 17:42 ` [PATCH 2/3] runtime-const: split headers between accessors and fixup; disable for modules Mateusz Guzik
2025-10-31 17:42 ` [PATCH 3/3] fs: hide names_cachep behind runtime access machinery Mateusz Guzik
2025-10-31 23:30 ` kernel test robot
2025-10-31 23:30 ` kernel test robot
2025-10-31 23:41 ` kernel test robot
2025-11-01 17:49 ` kernel test robot
2025-10-31 13:30 ` [PATCH v4] " kernel test robot
2025-10-31 22:43 ` kernel test robot
2025-11-01 23:06 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251031174220.43458-2-mjguzik@gmail.com \
--to=mjguzik@gmail.com \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pfalcato@suse.de \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.