[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <161297915451.23325.5119224707479092069.tip-bot2@tip-bot2>
Date: Wed, 10 Feb 2021 17:45:54 -0000
From: "tip-bot2 for Andy Lutomirski" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Andy Lutomirski <luto@...nel.org>, Borislav Petkov <bp@...e.de>,
x86@...nel.org, linux-kernel@...r.kernel.org
Subject: [tip: x86/mm] x86/fault: Don't run fixups for SMAP violations
The following commit has been merged into the x86/mm branch of tip:
Commit-ID: ca247283781d754216395a41c5e8be8ec79a5f1c
Gitweb: https://git.kernel.org/tip/ca247283781d754216395a41c5e8be8ec79a5f1c
Author: Andy Lutomirski <luto@...nel.org>
AuthorDate: Tue, 09 Feb 2021 18:33:45 -08:00
Committer: Borislav Petkov <bp@...e.de>
CommitterDate: Wed, 10 Feb 2021 16:27:57 +01:00
x86/fault: Don't run fixups for SMAP violations
A SMAP-violating kernel access is not a recoverable condition. Imagine
kernel code that, outside of a uaccess region, dereferences a pointer to
the user range by accident. If SMAP is on, this will reliably generate
as an intentional user access. This makes it easy for bugs to be
overlooked if code is inadequately tested both with and without SMAP.
This was discovered because BPF can generate invalid accesses to user
memory, but those warnings only got printed if SMAP was off. Make it so
that this type of error will be discovered with SMAP on as well.
[ bp: Massage commit message. ]
Signed-off-by: Andy Lutomirski <luto@...nel.org>
Signed-off-by: Borislav Petkov <bp@...e.de>
Link: https://lkml.kernel.org/r/66a02343624b1ff46f02a838c497fc05c1a871b3.1612924255.git.luto@kernel.org
---
arch/x86/mm/fault.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 1a0cfed..1c3054b 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -1279,9 +1279,12 @@ void do_user_addr_fault(struct pt_regs *regs,
*/
if (unlikely(cpu_feature_enabled(X86_FEATURE_SMAP) &&
!(error_code & X86_PF_USER) &&
- !(regs->flags & X86_EFLAGS_AC)))
- {
- bad_area_nosemaphore(regs, error_code, address);
+ !(regs->flags & X86_EFLAGS_AC))) {
+ /*
+ * No extable entry here. This was a kernel access to an
+ * invalid pointer. get_kernel_nofault() will not get here.
+ */
+ page_fault_oops(regs, error_code, address);
return;
}
Powered by blists - more mailing lists