From: chenlifu <chenlifu@huawei.com>
To: <paul.walmsley@sifive.com>, <palmer@dabbelt.com>,
<aou@eecs.berkeley.edu>, <akira.tsukamoto@gmail.com>,
<jszhang@kernel.org>, <wangkefeng.wang@huawei.com>,
<linux-riscv@lists.infradead.org>, <linux-kernel@vger.kernel.org>,
<alankao@andestech.com>
Subject: Re: [PATCH -next] riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit
Date: Tue, 9 Aug 2022 19:01:49 +0800 [thread overview]
Message-ID: <dda3f0c3-a5ee-e648-fac1-d484e475634c@huawei.com> (raw)
In-Reply-To: <606b1f5a-ea1e-f756-a00b-6b622238b453@huawei.com>
在 2022/7/15 11:47, chenlifu 写道:
>>> Since commit 5d8544e2d007 ("RISC-V: Generic library routines and
>>> assembly")
>>> and commit ebcbd75e3962 ("riscv: Fix the bug in memory access fixup
>>> code"),
>>> if __clear_user and __copy_user return from an fixup branch,
>>> CSR_STATUS SR_SUM bit will be set, it is a vulnerability, so that
>>> S-mode memory accesses to pages that are accessible by U-mode will
>>> success.
>>> Disable S-mode access to U-mode memory should clear SR_SUM bit.
>>>
>>> Fixes: 5d8544e2d007 ("RISC-V: Generic library routines and assembly")
>>> Fixes: ebcbd75e3962 ("riscv: Fix the bug in memory access fixup code")
>>>
>>> Signed-off-by: Chen Lifu <chenlifu@huawei.com>
>>> ---
>>> arch/riscv/lib/uaccess.S | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/riscv/lib/uaccess.S b/arch/riscv/lib/uaccess.S
>>> index 8c475f4da308..ec486e5369d9 100644
>>> --- a/arch/riscv/lib/uaccess.S
>>> +++ b/arch/riscv/lib/uaccess.S
>>> @@ -173,11 +173,11 @@ ENTRY(__asm_copy_from_user)
>>> ret
>>> /* Exception fixup code */
>>> 10:
>>> /* Disable access to user memory */
>>> - csrs CSR_STATUS, t6
>>> + csrc CSR_STATUS, t6
>>> mv a0, t5
>>> ret
>>> ENDPROC(__asm_copy_to_user)
>>> ENDPROC(__asm_copy_from_user)
>>> EXPORT_SYMBOL(__asm_copy_to_user)
>>> @@ -225,10 +225,10 @@ ENTRY(__clear_user)
>>> j 3b
>>> /* Exception fixup code */
>>> 11:
>>> /* Disable access to user memory */
>>> - csrs CSR_STATUS, t6
>>> + csrc CSR_STATUS, t6
>>> mv a0, a1
>>> ret
>>> ENDPROC(__clear_user)
>>> EXPORT_SYMBOL(__clear_user)
>>>
>>
>> friendly ping ...
>>
>
> friendly ping ...
>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv
>> .
> .
friendly ping ...
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2022-08-09 11:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-15 1:47 [PATCH -next] riscv: lib: uaccess: fix CSR_STATUS SR_SUM bit Chen Lifu
2022-06-28 12:58 ` chenlifu
2022-07-15 3:47 ` chenlifu
2022-08-09 11:01 ` chenlifu [this message]
2022-07-18 15:10 ` Ben Dooks
2022-08-10 22:01 ` Palmer Dabbelt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dda3f0c3-a5ee-e648-fac1-d484e475634c@huawei.com \
--to=chenlifu@huawei.com \
--cc=akira.tsukamoto@gmail.com \
--cc=alankao@andestech.com \
--cc=aou@eecs.berkeley.edu \
--cc=jszhang@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=wangkefeng.wang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox