Received: by 2002:a05:7412:b101:b0:e2:908c:2ebd with SMTP id az1csp3046208rdb; Wed, 15 Nov 2023 20:32:38 -0800 (PST) X-Google-Smtp-Source: AGHT+IGghDS6LgNzRWwcU9Wuw0BeY0L3F7DIW1oubXKbLxfbhMEatUt9K5gsRPraTeuMGnmOH1Gd X-Received: by 2002:a05:6358:8814:b0:16b:858c:1ee4 with SMTP id hv20-20020a056358881400b0016b858c1ee4mr9744451rwb.1.1700109158620; Wed, 15 Nov 2023 20:32:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700109158; cv=none; d=google.com; s=arc-20160816; b=mEGPI36Ga8zDG2N3W+lCTYpCX+lH+EKdeTmCCEO4rX15HnJsNKU6rICsp+wtIFY3TJ 5cAdcOMcfn38UeaTYr8Dcx3sWRaecFAgdlOfGYLVLWlSR9kX5c03WbfMOTMXVyDO8/lq NOJNsxjY53TC+ovSpwxIWOJpoMpwgJXOhTseFS/IwCMK/znj0CzkKpO43tacKXTOjtEL sSJErY4cXKTSuxpL02WTSGFw2qrTQrkLtj1x2SIou66rAzcTbbP/SOLw8eyi4aWLi30L 7il/g4beaodYV31fefZomdYl02U19bFCNzyZTi9yqjtdoM6R29Xj3T9Mcu15aVb1KYwZ DpgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:dkim-signature:dkim-filter; bh=s/zc25Nr5QbueNJaf+sZQ9pbEgcMzpQLK03GqPB48eY=; fh=wWHZnSYM/4NVDTiJHGG389JkbG5faazAbt+aTZXQV0Y=; b=DxZxDcnnXLGfZXCyC5uT43inKY7SH3JhBp1MbBkSrgc2SBRsOeMu8lpx2U4LpHxJPq Kid9RfnaZfcdt0Di3iZ2ZNjimTkm02SgumoBBapHzzwrP5JBvC3L2m+jF0z5hg8sy3x+ A0CKEXb1/fUq8bTRNaCtSjswUt8FqMyuj4AJwdE7g6C256Byfajn1PTP+iu91OvH3w70 9GxMetqp6J/0+DW5Ogu3ZMGFFMZM8dR5azSounyFWv0EVUjHxEARU9dxx0EtamHAMq2w R2PvQBXYIcPQp00gUYyT5XiL5+wv0t/JMyWbocnPGHHA5O2tJyLnmzrn5Zp7zkMp9WzR 24gA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zytor.com header.s=2023111101 header.b=Z0uD5qx8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id bv65-20020a632e44000000b0058bfcc0f4b7si11078488pgb.473.2023.11.15.20.32.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Nov 2023 20:32:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@zytor.com header.s=2023111101 header.b=Z0uD5qx8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 3505B8027871; Wed, 15 Nov 2023 20:32:36 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230247AbjKPEca (ORCPT + 99 others); Wed, 15 Nov 2023 23:32:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229786AbjKPEc3 (ORCPT ); Wed, 15 Nov 2023 23:32:29 -0500 Received: from mail.zytor.com (unknown [IPv6:2607:7c80:54:3::138]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5476D193 for ; Wed, 15 Nov 2023 20:32:26 -0800 (PST) Received: from [172.20.3.153] ([12.191.197.195]) (authenticated bits=0) by mail.zytor.com (8.17.1/8.17.1) with ESMTPSA id 3AG4VTsl3874940 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Wed, 15 Nov 2023 20:31:31 -0800 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 3AG4VTsl3874940 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2023111101; t=1700109095; bh=s/zc25Nr5QbueNJaf+sZQ9pbEgcMzpQLK03GqPB48eY=; h=Date:Subject:To:References:From:In-Reply-To:From; b=Z0uD5qx8lamvhd/sckdPSTVRsFUBAmvUyeXdiMXPI1zWKR4kTndBfAXaXXdwgvdOl OVpdbCqMdw0FaaFewKAt01UYpNQi7d0XxIZSh/khCjWVmB3ZcX8M756n3+w//zKHvO x9B3rMVwkG0NctcIzOo1XIutAWcj8vs099Sw3mcnD8C4KNI8j3Fau6kaCQ9CoAWX2w iNpqlc5g2lJty8MK5a6FhqGGIDfHF2W0LGbc92UbiujDF8l4R7JLLx6bwK+o4V9P8v OXeH8+jncH4lHWzwrDR8xWpSyKyrcwMGL5mpdaBv/e0UFO0z7LPw6mR09+gE3reVWT 2hlQP7TWCGRBg== Message-ID: <76da1bcd-0d00-4701-8f6f-cc28b5184bce@zytor.com> Date: Wed, 15 Nov 2023 20:31:20 -0800 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] x86: Fix 32-bit compatible userspace write size overflow error To: Jinjie Ruan , linux-kernel@vger.kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org References: <20231115105626.953273-1-ruanjinjie@huawei.com> Content-Language: en-US From: "H. Peter Anvin" In-Reply-To: <20231115105626.953273-1-ruanjinjie@huawei.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 15 Nov 2023 20:32:36 -0800 (PST) It's not clear to me that this is actually the correct behavior; the important thing is that it faults (as nothing is mapped above 4 GB anyway.) -hpa On 11/15/23 02:56, Jinjie Ruan wrote: > For 32-bit compatible userspace program, write with size = -1 return not > -1 but unexpected other values, which is due to the __access_ok() check is > insufficient. The specified "ptr + size" is greater than 32-bit limit and > should return -EFAULT, but it is not checked and can not catch the overflow > error. > > Fix above error by checking 32-bit limit if it is 32-bit compatible > userspace program. -hpa