From: Mateusz Guzik <mjguzik@gmail.com>
To: torvalds@linux-foundation.org
Cc: brauner@kernel.org, viro@zeniv.linux.org.uk, jack@suse.cz,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
tglx@linutronix.de, pfalcato@suse.de,
Mateusz Guzik <mjguzik@gmail.com>
Subject: [PATCH 1/3] x86: fix access_ok() and valid_user_address() using wrong USER_PTR_MAX in modules
Date: Fri, 31 Oct 2025 18:42:18 +0100 [thread overview]
Message-ID: <20251031174220.43458-2-mjguzik@gmail.com> (raw)
In-Reply-To: <20251031174220.43458-1-mjguzik@gmail.com>
[real commit message will land here later]
---
arch/x86/include/asm/uaccess_64.h | 17 +++++++++--------
arch/x86/kernel/cpu/common.c | 8 +++++---
2 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h
index c8a5ae35c871..f60c0ed147c3 100644
--- a/arch/x86/include/asm/uaccess_64.h
+++ b/arch/x86/include/asm/uaccess_64.h
@@ -12,13 +12,14 @@
#include <asm/cpufeatures.h>
#include <asm/page.h>
#include <asm/percpu.h>
-#include <asm/runtime-const.h>
-/*
- * Virtual variable: there's no actual backing store for this,
- * it can purely be used as 'runtime_const_ptr(USER_PTR_MAX)'
- */
-extern unsigned long USER_PTR_MAX;
+extern unsigned long user_ptr_max;
+#ifdef MODULE
+#define __user_ptr_max_accessor user_ptr_max
+#else
+#include <asm/runtime-const.h>
+#define __user_ptr_max_accessor runtime_const_ptr(user_ptr_max)
+#endif
#ifdef CONFIG_ADDRESS_MASKING
/*
@@ -54,7 +55,7 @@ static inline unsigned long __untagged_addr_remote(struct mm_struct *mm,
#endif
#define valid_user_address(x) \
- likely((__force unsigned long)(x) <= runtime_const_ptr(USER_PTR_MAX))
+ likely((__force unsigned long)(x) <= __user_ptr_max_accessor)
/*
* Masking the user address is an alternative to a conditional
@@ -67,7 +68,7 @@ static inline void __user *mask_user_address(const void __user *ptr)
asm("cmp %1,%0\n\t"
"cmova %1,%0"
:"=r" (ret)
- :"r" (runtime_const_ptr(USER_PTR_MAX)),
+ :"r" (__user_ptr_max_accessor),
"0" (ptr));
return ret;
}
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index 3ff9682d8bc4..f338f5e9adfc 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -78,6 +78,9 @@
DEFINE_PER_CPU_READ_MOSTLY(struct cpuinfo_x86, cpu_info);
EXPORT_PER_CPU_SYMBOL(cpu_info);
+unsigned long user_ptr_max __ro_after_init;
+EXPORT_SYMBOL(user_ptr_max);
+
u32 elf_hwcap2 __read_mostly;
/* Number of siblings per CPU package */
@@ -2575,14 +2578,13 @@ void __init arch_cpu_finalize_init(void)
alternative_instructions();
if (IS_ENABLED(CONFIG_X86_64)) {
- unsigned long USER_PTR_MAX = TASK_SIZE_MAX;
-
+ user_ptr_max = TASK_SIZE_MAX;
/*
* Enable this when LAM is gated on LASS support
if (cpu_feature_enabled(X86_FEATURE_LAM))
USER_PTR_MAX = (1ul << 63) - PAGE_SIZE;
*/
- runtime_const_init(ptr, USER_PTR_MAX);
+ runtime_const_init(ptr, user_ptr_max);
/*
* Make sure the first 2MB area is not mapped by huge pages
--
2.34.1
next prev parent reply other threads:[~2025-10-31 17:42 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-30 10:52 [PATCH v4] fs: hide names_cachep behind runtime access machinery Mateusz Guzik
2025-10-30 13:13 ` kernel test robot
2025-10-30 13:19 ` Mateusz Guzik
2025-10-30 16:15 ` Linus Torvalds
2025-10-30 16:35 ` Mateusz Guzik
2025-10-30 18:07 ` Linus Torvalds
2025-10-30 18:25 ` Linus Torvalds
2025-10-30 21:39 ` Mateusz Guzik
2025-10-30 22:06 ` Mateusz Guzik
2025-10-31 12:08 ` Christian Brauner
2025-10-31 15:13 ` Mateusz Guzik
2025-10-31 16:04 ` Linus Torvalds
2025-10-31 16:25 ` Mateusz Guzik
2025-10-31 16:31 ` Linus Torvalds
2025-10-31 17:42 ` [WIP RFC PATCH 0/3] runtime-const header split and whatnot Mateusz Guzik
2025-10-31 17:42 ` Mateusz Guzik [this message]
2025-10-31 21:46 ` [PATCH 1/3] x86: fix access_ok() and valid_user_address() using wrong USER_PTR_MAX in modules Linus Torvalds
2025-10-31 22:01 ` Mateusz Guzik
2025-11-01 11:26 ` David Laight
2025-11-04 6:25 ` Linus Torvalds
2025-11-04 8:56 ` Mateusz Guzik
2025-11-04 9:37 ` Linus Torvalds
2025-11-04 10:25 ` Borislav Petkov
2025-11-04 16:13 ` Borislav Petkov
2025-11-05 1:50 ` Linus Torvalds
2025-11-05 11:37 ` Borislav Petkov
2025-11-05 20:50 ` Mateusz Guzik
2025-11-06 11:14 ` Borislav Petkov
2025-11-06 12:06 ` Mateusz Guzik
2025-11-06 13:10 ` Borislav Petkov
2025-11-06 13:19 ` Mateusz Guzik
2025-11-06 13:36 ` Borislav Petkov
2025-11-06 14:49 ` Mateusz Guzik
2025-11-06 19:26 ` David Laight
2025-11-06 19:49 ` Linus Torvalds
2025-11-04 17:09 ` Sean Christopherson
2025-11-04 19:07 ` Linus Torvalds
2025-11-04 19:34 ` Linus Torvalds
2025-11-04 21:53 ` Sean Christopherson
2025-11-04 20:17 ` Borislav Petkov
2025-11-04 22:06 ` Linus Torvalds
2025-11-05 11:49 ` Borislav Petkov
2025-10-31 17:42 ` [PATCH 2/3] runtime-const: split headers between accessors and fixup; disable for modules Mateusz Guzik
2025-10-31 17:42 ` [PATCH 3/3] fs: hide names_cachep behind runtime access machinery Mateusz Guzik
2025-10-31 23:30 ` kernel test robot
2025-10-31 23:30 ` kernel test robot
2025-10-31 23:41 ` kernel test robot
2025-11-01 17:49 ` kernel test robot
2025-10-31 13:30 ` [PATCH v4] " kernel test robot
2025-10-31 22:43 ` kernel test robot
2025-11-01 23:06 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251031174220.43458-2-mjguzik@gmail.com \
--to=mjguzik@gmail.com \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pfalcato@suse.de \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).