lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 3 Jul 2018 10:47:54 -0600
From:   Ross Zwisler <ross.zwisler@...ux.intel.com>
To:     Dan Williams <dan.j.williams@...el.com>
Cc:     mingo@...nel.org, Al Viro <viro@...iv.linux.org.uk>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Andy Lutomirski <luto@...capital.net>,
        Borislav Petkov <bp@...en8.de>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Tony Luck <tony.luck@...el.com>,
        Ross Zwisler <ross.zwisler@...ux.intel.com>,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        x86@...nel.org
Subject: Re: [PATCH] x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe()
 exception handling

On Mon, Jul 02, 2018 at 02:16:10PM -0700, Dan Williams wrote:
> All copy_to_user() implementations need to be prepared to handle faults
> accessing userspace. The __memcpy_mcsafe() implementation handles both
> mmu-faults on the user destination and machine-check-exceptions on the
> source buffer. However, the memcpy_mcsafe() wrapper may silently
> fallback to memcpy() depending on build options and cpu-capabilities.
> 
> Force copy_to_user_mcsafe() to always use __memcpy_mcsafe() when
> available, and otherwise disable all of the copy_to_user_mcsafe()
> infrastructure when __memcpy_mcsafe() is not available, i.e.
> CONFIG_X86_MCE=n.
> 
> This fixes crashes of the form:
>     run fstests generic/323 at 2018-07-02 12:46:23
>     BUG: unable to handle kernel paging request at 00007f0d50001000
>     RIP: 0010:__memcpy+0x12/0x20
>     [..]
>     Call Trace:
>      copyout_mcsafe+0x3a/0x50
>      _copy_to_iter_mcsafe+0xa1/0x4a0
>      ? dax_alive+0x30/0x50
>      dax_iomap_actor+0x1f9/0x280
>      ? dax_iomap_rw+0x100/0x100
>      iomap_apply+0xba/0x130
>      ? dax_iomap_rw+0x100/0x100
>      dax_iomap_rw+0x95/0x100
>      ? dax_iomap_rw+0x100/0x100
>      xfs_file_dax_read+0x7b/0x1d0 [xfs]
>      xfs_file_read_iter+0xa7/0xc0 [xfs]
>      aio_read+0x11c/0x1a0
> 
> Fixes: 8780356ef630 ("x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe()")
> Cc: Al Viro <viro@...iv.linux.org.uk>
> Cc: Andrew Morton <akpm@...ux-foundation.org>
> Cc: Andy Lutomirski <luto@...capital.net>
> Cc: Borislav Petkov <bp@...en8.de>
> Cc: Linus Torvalds <torvalds@...ux-foundation.org>
> Cc: Peter Zijlstra <peterz@...radead.org>
> Cc: Thomas Gleixner <tglx@...utronix.de>
> Cc: Tony Luck <tony.luck@...el.com>
> Reported-by: Ross Zwisler <ross.zwisler@...ux.intel.com>
> Signed-off-by: Dan Williams <dan.j.williams@...el.com>

Tested-by: Ross Zwisler <ross.zwisler@...ux.intel.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ