From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79509C64E7A for ; Tue, 1 Dec 2020 05:36:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 131AF2168B for ; Tue, 1 Dec 2020 05:36:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726803AbgLAFds (ORCPT ); Tue, 1 Dec 2020 00:33:48 -0500 Received: from exmail.andestech.com ([60.248.187.195]:47242 "EHLO ATCSQR.andestech.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726055AbgLAFdr (ORCPT ); Tue, 1 Dec 2020 00:33:47 -0500 Received: from mail.andestech.com (atcpcs16.andestech.com [10.0.1.222]) by ATCSQR.andestech.com with ESMTP id 0B15XHn0081932; Tue, 1 Dec 2020 13:33:17 +0800 (GMT-8) (envelope-from tesheng@andestech.com) Received: from atcfdc88 (10.0.15.120) by ATCPCS16.andestech.com (10.0.1.222) with Microsoft SMTP Server id 14.3.487.0; Tue, 1 Dec 2020 13:32:56 +0800 Date: Tue, 1 Dec 2020 13:32:57 +0800 From: Eric Lin To: Pekka Enberg CC: LKML , linux-riscv , Michel Lespinasse , Daniel Jordan , Peter Xu , Andrew Morton , Albert Ou , Palmer Dabbelt , Paul Walmsley , "dslin1010@gmail.com" , "Alan Quey-Liang Kao(?????????)" Subject: Re: [PATCH] riscv/mm: Prevent kernel module access user-space memory without uaccess routines Message-ID: <20201201053257.GB7647@atcfdc88> References: <20201130053037.27006-1-tesheng@andestech.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-Originating-IP: [10.0.15.120] X-DNSRBL: X-MAIL: ATCSQR.andestech.com 0B15XHn0081932 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 30, 2020 at 04:07:03PM +0800, Pekka Enberg wrote: Hi Pekka, > On Mon, Nov 30, 2020 at 7:33 AM Eric Lin wrote: > > > > In the page fault handler, an access to user-space memory > > without get/put_user() or copy_from/to_user() routines is > > not resolved properly. Like arm and other architectures, > > we need to let it die earlier in page fault handler. > > Fix looks good to me. Can you elaborate on how you found the issue and > how the bug manifests itself? OK, I'll elaborate more on the commit message. > > > > > Signed-off-by: Eric Lin > > Cc: Alan Kao > > --- > > arch/riscv/mm/fault.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c > > index 3c8b9e433c67..a452cfa266a2 100644 > > --- a/arch/riscv/mm/fault.c > > +++ b/arch/riscv/mm/fault.c > > @@ -232,6 +232,9 @@ asmlinkage void do_page_fault(struct pt_regs *regs) > > if (user_mode(regs)) > > flags |= FAULT_FLAG_USER; > > > > + if (!user_mode(regs) && addr < TASK_SIZE && unlikely(!(regs->status & SR_SUM))) > > + die(regs, "Accessing user space memory without uaccess routines\n"); > > Let's introduce a die_kernel_fault() helper (similar to arm64, for > example) to ensure same semantics for the different kernel faults. You > can extract the helper from no_context(). OK, I'll add a die_kernel_fault() helper function in v2. Thanks for your review. > > > + > > perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr); > > > > if (cause == EXC_STORE_PAGE_FAULT) > > -- > > 2.17.0 > > > > > > _______________________________________________ > > linux-riscv mailing list > > linux-riscv@lists.infradead.org > > http://lists.infradead.org/mailman/listinfo/linux-riscv