From: Mikel Rychliski <mikel@mikelr.com>
To: David Laight <David.Laight@aculab.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
"bp@alien8.de" <bp@alien8.de>,
Josh Poimboeuf <jpoimboe@kernel.org>,
"x86@kernel.org" <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Arnd Bergmann <arnd@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH] x86: Allow user accesses to the base of the guard page
Date: Sat, 23 Nov 2024 19:24:21 -0500 [thread overview]
Message-ID: <2195976.7Z3S40VBb9@basin> (raw)
In-Reply-To: <CAHk-=whsUQMM-FszR-D+myn9-B2pDidXG9DQWGKfAhU3azX==g@mail.gmail.com>
On Saturday, November 23, 2024 6:44:34 P.M. EST you wrote:
> There's a difference between "valid" and "we care".
>
> This is way past that case. The only possible reason for that
> zero-byte thing at the end of the address space is somebody actively
> looking for some edge case, not a real use.
access_ok() for x86_64 checks the validity of the byte one past the end of the
requested buffer, even if that buffer is non-zero.
I ran into this in kernels that include 86e6b1547b3d0 with a BPF program that
grabs the bottom of the user stack in PAGE_SIZE chunks. Reading the final page
of user space returns -EFAULT now because the access_ok() check fails.
I've been working around with this:
https://lore.kernel.org/lkml/20241109210313.440495-1-mikel@mikelr.com/
next prev parent reply other threads:[~2024-11-24 0:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-23 18:48 [PATCH] x86: Allow user accesses to the base of the guard page David Laight
2024-11-23 19:02 ` Linus Torvalds
2024-11-23 22:36 ` David Laight
2024-11-23 23:44 ` Linus Torvalds
2024-11-24 0:24 ` Mikel Rychliski [this message]
2024-11-24 0:30 ` Linus Torvalds
2024-11-24 3:10 ` Mikel Rychliski
2024-11-24 10:28 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2195976.7Z3S40VBb9@basin \
--to=mikel@mikelr.com \
--cc=David.Laight@aculab.com \
--cc=andrew.cooper3@citrix.com \
--cc=arnd@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox