| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f4be063b-f321-45d4-9891-b50f30beb1ef@rivosinc.com>
Date: Fri, 11 Apr 2025 10:38:17 +0200
From: Clément Léger <cleger@...osinc.com>
To: Alexandre Ghiti <alex@...ti.fr>, Nylon Chen <nylon.chen@...ive.com>,
linux-kernel@...r.kernel.org
Cc: linux-riscv@...ts.infradead.org, paul.walmsley@...ive.com,
palmer@...belt.com, aou@...s.berkeley.edu, charlie@...osinc.com,
jesse@...osinc.com, evan@...osinc.com, zhangchunyan@...as.ac.cn,
samuel.holland@...ive.com, zong.li@...ive.com
Subject: Re: [PATCH 2/2] riscv: misaligned: fix sleeping function called
during misaligned access handling
On 11/04/2025 10:35, Alexandre Ghiti wrote:
> Hi Clément,
>
> On 11/04/2025 09:36, Clément Léger wrote:
>> Hi Nylon,
>>
>> I already have a pending fix for that bug which is to reenable
>> interrupts while handling misaligned faults. Please see:
>> https://lore.kernel.org/linux-riscv/20250317170625.1142870-12-
>> cleger@...osinc.com/
>
>
> Can you extract this fix from the series so that it can be merged in 6.15?
Hi Alex,
Yes sure, I can send a small series as well. However, I'd like the
associated kselftest to be reviewed since it would allow to catch such
behavior (there is no test for misaligned delegation yet).
Thanks,
Clément
>
> Thanks,
>
> Alex
>
>
>>
>> Thanks,
>>
>> Clément
>>
>> On 11/04/2025 09:38, Nylon Chen wrote:
>>> Use copy_from_user_nofault() and copy_to_user_nofault() instead of
>>> copy_from/to_user functions in the misaligned access trap handlers.
>>>
>>> The following bug report was found when executing misaligned memory
>>> accesses:
>>>
>>> BUG: sleeping function called from invalid context at ./include/
>>> linux/uaccess.h:162
>>> in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 115, name: two
>>> preempt_count: 0, expected: 0
>>> CPU: 0 UID: 0 PID: 115 Comm: two Not tainted 6.14.0-rc5 #24
>>> Hardware name: riscv-virtio,qemu (DT)
>>> Call Trace:
>>> [<ffffffff800160ea>] dump_backtrace+0x1c/0x24
>>> [<ffffffff80002304>] show_stack+0x28/0x34
>>> [<ffffffff80010fae>] dump_stack_lvl+0x4a/0x68
>>> [<ffffffff80010fe0>] dump_stack+0x14/0x1c
>>> [<ffffffff8004e44e>] __might_resched+0xfa/0x104
>>> [<ffffffff8004e496>] __might_sleep+0x3e/0x62
>>> [<ffffffff801963c4>] __might_fault+0x1c/0x24
>>> [<ffffffff80425352>] _copy_from_user+0x28/0xaa
>>> [<ffffffff8000296c>] handle_misaligned_store+0x204/0x254
>>> [<ffffffff809eae82>] do_trap_store_misaligned+0x24/0xee
>>> [<ffffffff809f4f1a>] handle_exception+0x146/0x152
>>>
>>> Fixes: b686ecdeacf6 ("riscv: misaligned: Restrict user access to
>>> kernel memory")
>>> Fixes: 441381506ba7 ("riscv: misaligned: remove CONFIG_RISCV_M_MODE
>>> specific code")
>>>
>>> Signed-off-by: Zong Li <zong.li@...ive.com>
>>> Signed-off-by: Nylon Chen <nylon.chen@...ive.com>
>>> ---
>>> arch/riscv/kernel/traps_misaligned.c | 4 ++--
>>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/
>>> kernel/traps_misaligned.c
>>> index d7275dfb6b7e..563f73f88fa8 100644
>>> --- a/arch/riscv/kernel/traps_misaligned.c
>>> +++ b/arch/riscv/kernel/traps_misaligned.c
>>> @@ -455,7 +455,7 @@ static int handle_scalar_misaligned_load(struct
>>> pt_regs *regs)
>>> val.data_u64 = 0;
>>> if (user_mode(regs)) {
>>> - if (copy_from_user(&val, (u8 __user *)addr, len))
>>> + if (copy_from_user_nofault(&val, (u8 __user *)addr, len))
>>> return -1;
>>> } else {
>>> memcpy(&val, (u8 *)addr, len);
>>> @@ -556,7 +556,7 @@ static int handle_scalar_misaligned_store(struct
>>> pt_regs *regs)
>>> return -EOPNOTSUPP;
>>> if (user_mode(regs)) {
>>> - if (copy_to_user((u8 __user *)addr, &val, len))
>>> + if (copy_to_user_nofault((u8 __user *)addr, &val, len))
>>> return -1;
>>> } else {
>>> memcpy((u8 *)addr, &val, len);
>>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@...ts.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv
Powered by blists - more mailing lists