Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp118158pxu; Thu, 3 Dec 2020 21:47:41 -0800 (PST) X-Google-Smtp-Source: ABdhPJxpRCfuUSLsxNkya6TI5D7a4xHqJWHdFCOe2cnfJnCAwFi/1ZwdErLcXCEuT5SA1Mpe6UYx X-Received: by 2002:a17:906:2a19:: with SMTP id j25mr5376250eje.506.1607060861624; Thu, 03 Dec 2020 21:47:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607060861; cv=none; d=google.com; s=arc-20160816; b=w1I+/cZ1jD8gzO/I1HDs8kZpIJPbTVtBJydNbrdrht5QUEk1uWLCSFdt4PX/Cp+Sq1 66rvEfwxt4SG+rdpg0MW3b3QBo/axqphiJ7ZNMSjwhwFzoh2JhSIyWJAaRLLZX12mUvK X99+q9dstFuz4fOwR/W9xUxfsEdLzMGdgJFrG9kTh20e6OeiAITB2p3FRc82Qs41Pqxl CPU5HlYmmiVfij6KiTkWlC0idlDCmV7Cbdikko4U3NONWXMl61f7Ip4mfbdu+RA4bx2i IC10wK4GTn3cd/IwvSkXGZtIh+fZdlB8oTzlW0F0W2ixnaypF1JyDLEMD3xrvV4iKUVX epZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:in-reply-to:message-id :date:subject:cc:to:from; bh=o1bJTBKipanTBsGGe7Xho7imlTENsxO1HOl4mWkibMo=; b=0SVyJaIXHhVnk8449C6u2tSR/J6PJDTozDXYh19sxZY0PpApRd6jMCnGoFDBrs+JWQ 8jbFmVaj++3qJn3jf/lHeG181IJjEHVUJd8RESd0SWR4dSlef/f8qfsf1XkferBVu6Kb fOIkpMorSD9OWn5vlO232Nt8EOIFyVkCVcu3t1tN+SQdRvoTBL6cAgA/JeUONFKQ3n1k bd0gjwmQ/VP8mPwt5fXJ1pqtH/cL7/VMPjjwpu+JxvQw32Iu+tZfWMUDHKer7ZSO6vo3 uIrYCCS4TAwC14s2NG9Arh4ckXMbzr147Q3K+mEsUl0YxilI2ZSe469Zp5OhVb8/KAgz 09XA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cf16si750262ejb.135.2020.12.03.21.47.15; Thu, 03 Dec 2020 21:47:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728020AbgLDFou (ORCPT + 99 others); Fri, 4 Dec 2020 00:44:50 -0500 Received: from atcsqr.andestech.com ([60.248.187.195]:49646 "EHLO ATCSQR.andestech.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727957AbgLDFot (ORCPT ); Fri, 4 Dec 2020 00:44:49 -0500 Received: from mail.andestech.com (atcpcs16.andestech.com [10.0.1.222]) by ATCSQR.andestech.com with ESMTP id 0B45i4bg094459; Fri, 4 Dec 2020 13:44:04 +0800 (GMT-8) (envelope-from tesheng@andestech.com) Received: from atcfdc88.andestech.com (10.0.15.120) by ATCPCS16.andestech.com (10.0.1.222) with Microsoft SMTP Server id 14.3.487.0; Fri, 4 Dec 2020 13:43:53 +0800 From: Eric Lin To: , , , , , , , , , CC: Eric Lin , Alan Kao Subject: [PATCH v3 2/2] riscv/mm: Prevent kernel module to access user memory without uaccess routines Date: Fri, 4 Dec 2020 13:42:59 +0800 Message-ID: <20201204054259.32684-3-tesheng@andestech.com> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20201204054259.32684-1-tesheng@andestech.com> References: <20201204054259.32684-1-tesheng@andestech.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.0.15.120] X-DNSRBL: X-MAIL: ATCSQR.andestech.com 0B45i4bg094459 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We found this issue in an legacy out-of-tree kernel module which didn't properly access user space pointer by get/put_user(). Such an illegal access loops in the page fault handler. To resolve this, let it die here. Signed-off-by: Eric Lin Cc: Alan Kao Reviewed-by: Pekka Enberg --- arch/riscv/mm/fault.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c index 0d5f06d6e3c7..33d284188f9a 100644 --- a/arch/riscv/mm/fault.c +++ b/arch/riscv/mm/fault.c @@ -243,6 +243,11 @@ asmlinkage void do_page_fault(struct pt_regs *regs) if (user_mode(regs)) flags |= FAULT_FLAG_USER; + if (!user_mode(regs) && addr < TASK_SIZE && + unlikely(!(regs->status & SR_SUM))) + die_kernel_fault("access to user memory without uaccess routines", + addr, regs); + perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr); if (cause == EXC_STORE_PAGE_FAULT) -- 2.17.0