Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp5436940yba; Mon, 13 May 2019 10:48:14 -0700 (PDT) X-Google-Smtp-Source: APXvYqwyPA8z2THSX1aQmoH3VS5uoRzds9PUIPX1VQmbWxWcXHrLMJFTk42bKPuwnL3rrFtkRolR X-Received: by 2002:a17:902:84:: with SMTP id a4mr32792701pla.210.1557769694045; Mon, 13 May 2019 10:48:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557769694; cv=none; d=google.com; s=arc-20160816; b=j/aArwsfV3pbAYGtMEPl6WqN9J7QzbEd1iOJr1PtSCqWoGT2PaRYmeF4YocLoZRdFI gbMBRnBzKq3cz4GNI5kMYnuZUXPiAHJaBJQrQ5i7BM+XolCpUnhDSoCYPD4s6zVRMGKc Jlf/fRUVx7Xbg7gLfERpF9wnUaKyMI0KxNN6l/sCUeuiERQvl9LB5tjfBxIgKlVR+4b8 D8N0QQJ/hmEyIygh6Afmt5vyKhmZC1Ndk+V4In+ozQJVpBwstQijJwz9Oy117cx7ohe8 YMbkTver8iafUJlnlA20Co3tYELNFlBoYMlTi28zLQRTvy8fdASz/rPsuqXBCnHnRvLK n7KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=nd8gZu+XDyiNaXYJm/LM4eDD02RWZTYe94XVwmqpNyw=; b=wipBJ25/UePmXm/BCm0Z+wNN5R+BpOSGBhaKnjwhQvds2G9ot1AcbEGSPh0jtvtsyr x266cJNtkHBT4BX4xTFqhQZJC4mKt1KItplVIAbA5Gs38h0IwROYGHHVdNYNE3Xijg2L u+OxMpUtTqy1RDe9DGr5RHwUeH5Xc+JL357E3KVsAcWbGi2uViH491gKfmF2QF632u2/ 2wBes8suq73du0T0WBbtFNPp2hB2VZTCio7ui0XiZUDYR3AELFom0f6Cqc9RYhtnVtkw kZnzYbCCrfoX8wDiGj1/g503f/Kxh7DP4cBHWlvlv8h72t51v8xpwRAVSwpcviKGuIFd HsJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@synopsys.com header.s=mail header.b="bxWpXWU/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=synopsys.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f31si18357022plf.152.2019.05.13.10.47.57; Mon, 13 May 2019 10:48:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@synopsys.com header.s=mail header.b="bxWpXWU/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=synopsys.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730782AbfEMOmB (ORCPT + 99 others); Mon, 13 May 2019 10:42:01 -0400 Received: from smtprelay-out1.synopsys.com ([198.182.61.142]:37628 "EHLO smtprelay-out1.synopsys.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1730772AbfEMOl5 (ORCPT ); Mon, 13 May 2019 10:41:57 -0400 Received: from mailhost.synopsys.com (dc8-mailhost2.synopsys.com [10.13.135.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by smtprelay-out1.synopsys.com (Postfix) with ESMTPS id 32332C0161; Mon, 13 May 2019 14:41:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=synopsys.com; s=mail; t=1557758508; bh=Q4RwNBuD8FtLCQ9UQgg0ETBjXIo13TCHbTK17grz4lY=; h=From:To:Cc:Subject:Date:From; b=bxWpXWU/MCnS+mi6hZ8O3LDVNP667dIopzjPVf22P7/Otl8C1qtBdGdadJTe9Ur38 eoT3IFkJA7d3WG6IBfB8OKHbQ84RzY4Y5YtrmLjhebvKEWEAJdlaWXsZBeZyTl2mrF KWOmN7SYBlqzZXBpjU8gLXO5X25c1U4k677uCw/jaoZm1MK0JijbxOE+V9bWUzv7qJ 6mQ0mLvbjd2PUvvxZGHG5gv3j3kG8ic+hYnEjzfBcTXCetaT5ARV9221nxnvcQyOTE 61c7NLlK6Ee3o/Xoh0oGGge7avtKuerJQWdZpei1N1giZkvju8/hwnv4jWwEuZ8skP fq+OZWHIWp2ZQ== Received: from paltsev-e7480.internal.synopsys.com (paltsev-e7480.internal.synopsys.com [10.121.8.106]) by mailhost.synopsys.com (Postfix) with ESMTP id B5A52A005A; Mon, 13 May 2019 14:41:55 +0000 (UTC) From: Eugeniy Paltsev To: linux-snps-arc@lists.infradead.org, Vineet Gupta Cc: linux-kernel@vger.kernel.org, Alexey Brodkin , Eugeniy Paltsev Subject: [PATCH] ARC: Send SIGSEGV if userspace process accesses kernel virtual memory Date: Mon, 13 May 2019 17:41:53 +0300 Message-Id: <20190513144153.6112-1-Eugeniy.Paltsev@synopsys.com> X-Mailer: git-send-email 2.14.5 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org As of today if userspace process tries to access address which belongs to kernel virtual memory area and kernel have mapping for this address that process hangs instead of receiving SIGSEGV and being killed. Steps to reproduce: Create userspace application which reads from the beginning of kernel-space virtual memory area (I.E. read from 0x7000_0000 on most of existing platforms): ------------------------>8----------------- #include #include int main(int argc, char *argv[]) { volatile uint32_t temp; temp = *(uint32_t *)(0x70000000); } ------------------------>8----------------- That application hangs after such memory access. Fix that by checking which access (user or kernel) caused the exception before handling kernel virtual address fault. Cc: # 4.20+ Signed-off-by: Eugeniy Paltsev --- arch/arc/mm/fault.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/arc/mm/fault.c b/arch/arc/mm/fault.c index 8df1638259f3..53fb4ba6cd08 100644 --- a/arch/arc/mm/fault.c +++ b/arch/arc/mm/fault.c @@ -66,7 +66,7 @@ void do_page_fault(unsigned long address, struct pt_regs *regs) struct vm_area_struct *vma = NULL; struct task_struct *tsk = current; struct mm_struct *mm = tsk->mm; - int si_code = 0; + int si_code = SEGV_ACCERR; int ret; vm_fault_t fault; int write = regs->ecr_cause & ECR_C_PROTV_STORE; /* ST/EX */ @@ -82,6 +82,10 @@ void do_page_fault(unsigned long address, struct pt_regs *regs) * nothing more. */ if (address >= VMALLOC_START) { + /* Forbid userspace to access kernel-space virtual memory */ + if (unlikely(user_mode(regs))) + goto bad_area_nosemaphore; + ret = handle_kernel_vaddr_fault(address); if (unlikely(ret)) goto bad_area_nosemaphore; -- 2.14.5