From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD234C4332F for ; Thu, 13 Jan 2022 09:47:59 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 48DF26B00A5; Thu, 13 Jan 2022 04:47:59 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 43EE86B00A7; Thu, 13 Jan 2022 04:47:59 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 306076B00A8; Thu, 13 Jan 2022 04:47:59 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 21BA86B00A5 for ; Thu, 13 Jan 2022 04:47:59 -0500 (EST) Received: from smtpin25.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id D5058918AC for ; Thu, 13 Jan 2022 09:47:58 +0000 (UTC) X-FDA: 79024787436.25.27E9AA9 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) by imf04.hostedemail.com (Postfix) with ESMTP id 7297640006 for ; Thu, 13 Jan 2022 09:47:58 +0000 (UTC) Received: by mail-wr1-f51.google.com with SMTP id r28so9049014wrc.3 for ; Thu, 13 Jan 2022 01:47:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=CX43QDixuqKZIQi1caGIH9xkhhuEjj8Yo37fB7bYrCU=; b=mS9c7WYPOjEYqY0z57OkohJfYKxS1sEbS5dh95i5/ktJjsnhE1OBl3a5empJ57Tc9+ vXCdKF1aVlgN8Ya60KTvtQP65EZshzhtsyMuurpf3VVMBT4OVClDdAkZZgBaoU3Pbn63 OQonlsVQO/NJOuw0vFQ/RM0ORIylaNF+BoErifIu6Mfl+bjdN1qCJIsj4dQBPJGCHt03 ZFZhAXiQ7hVZFVhdH0mB00lten0AvuI2nqcLRy1MGja7axieY+SWi0RKUAcDxJsDtT8W qToO9nCQSq+jcdo48D7L/ujhj6MVZKsZSk0YW5LeEZo1UEbqkFWVQcrtuPnew8DAgaOB iLNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=CX43QDixuqKZIQi1caGIH9xkhhuEjj8Yo37fB7bYrCU=; b=cqFFfeRoGpsbx5j8RKVn6UaNUhiA5svZ3jPxErEIPh8Dk3/uoWYvfQBxWLaksCQRiy BqKtiAFIT/TrEDx2JhdLyGP45L7zuU3+X7tK7bJBrFu3iyBTgxYirOy9KJGAa/Y31Iaj rBBfSGX3w5tyexCyCQGR3wDU2IzeYZaChGGN2JwYxC+DdBWNQXkB6ziYTSN6BPtxGhGf b+Nl0J8b514nTDVrHDzL0tEcHfa3pHZEXywq92f9pTzmmbYKmXnOYzuq7FEn50hROUjZ QsSS1K+eC3OMhoI/dO8VPFXMPK5efnJhRTk6RFppU1POSfs3pVApw6yp59m49bZeDIGH i5Nw== X-Gm-Message-State: AOAM5324oVEmDncAUFis9YyMWffa5NqDnMYhXFnglKBbGa/kFS46rwKO jZnYXQPKS9q+6hLaFouelLU/Jw== X-Google-Smtp-Source: ABdhPJwCxOjHGND3tEMn9aaulcJoj7F5nN7KMLPFRCkl/nTB3ab+vx5Miz06ZRUi4IOldmbTlMKmew== X-Received: by 2002:a05:6000:1a85:: with SMTP id f5mr2365884wry.463.1642067277004; Thu, 13 Jan 2022 01:47:57 -0800 (PST) Received: from maple.lan (cpc141216-aztw34-2-0-cust174.18-1.cable.virginm.net. [80.7.220.175]) by smtp.gmail.com with ESMTPSA id o11sm7519813wmq.15.2022.01.13.01.47.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Jan 2022 01:47:56 -0800 (PST) Date: Thu, 13 Jan 2022 09:47:54 +0000 From: Daniel Thompson To: "Russell King (Oracle)" Cc: Arnd Bergmann , Arnd Bergmann , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, Alexander Viro , Linus Walleij Subject: Re: [PATCH v5 08/10] ARM: uaccess: add __{get,put}_kernel_nofault Message-ID: <20220113094754.6ei6ssiqbuw7tfj7@maple.lan> References: <20210726141141.2839385-1-arnd@kernel.org> <20210726141141.2839385-9-arnd@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 7297640006 X-Stat-Signature: tqkt45mbaj8ge9j1thuogysxbfa9g1iq Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=mS9c7WYP; spf=pass (imf04.hostedemail.com: domain of daniel.thompson@linaro.org designates 209.85.221.51 as permitted sender) smtp.mailfrom=daniel.thompson@linaro.org; dmarc=pass (policy=none) header.from=linaro.org X-HE-Tag: 1642067278-153724 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Jan 12, 2022 at 06:08:17PM +0000, Russell King (Oracle) wrote: > On Wed, Jan 12, 2022 at 05:29:03PM +0000, Daniel Thompson wrote: > > On Mon, Jul 26, 2021 at 04:11:39PM +0200, Arnd Bergmann wrote: > > > From: Arnd Bergmann > > > > > > These mimic the behavior of get_user and put_user, except > > > for domain switching, address limit checking and handling > > > of mismatched sizes, none of which are relevant here. > > > > > > To work with pre-Armv6 kernels, this has to avoid TUSER() > > > inside of the new macros, the new approach passes the "t" > > > string along with the opcode, which is a bit uglier but > > > avoids duplicating more code. > > > > > > As there is no __get_user_asm_dword(), I work around it > > > by copying 32 bit at a time, which is possible because > > > the output size is known. > > > > > > Signed-off-by: Arnd Bergmann > > > > I've just been bisecting some regressions running the kgdbts tests on > > arm and this patch came up. > > So the software PAN code is working :) Interesting. I noticed it was odd that kgdbts works just fine if launched from kernel command line. I guess that runs before PAN is activated. Neat. > The kernel attempted to access an address that is in the userspace > domain (NULL pointer) and took an exception. > > I suppose we should handle a domain fault more gracefully - what are > the required semantics if the kernel attempts a userspace access > using one of the _nofault() accessors? I think the best answer might well be that, if the arch provides implementations of hooks such as copy_from_kernel_nofault_allowed() then the kernel should never attempt a userspace access using the _nofault() accessors. That means they can do whatever they like! In other words something like the patch below looks like a promising approach. Daniel. >From f66a63b504ff582f261a506c54ceab8c0e77a98c Mon Sep 17 00:00:00 2001 From: Daniel Thompson Date: Thu, 13 Jan 2022 09:34:45 +0000 Subject: [PATCH] arm: mm: Implement copy_from_kernel_nofault_allowed() Currently copy_from_kernel_nofault() can actually fault (due to software PAN) if we attempt userspace access. In any case, the documented behaviour for this function is to return -ERANGE if we attempt an access outside of kernel space. Implementing copy_from_kernel_nofault_allowed() solves both these problems. Signed-off-by: Daniel Thompson --- arch/arm/mm/Makefile | 2 +- arch/arm/mm/maccess.c | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 arch/arm/mm/maccess.c diff --git a/arch/arm/mm/Makefile b/arch/arm/mm/Makefile index 3510503bc5e6..d1c5f4f256de 100644 --- a/arch/arm/mm/Makefile +++ b/arch/arm/mm/Makefile @@ -3,7 +3,7 @@ # Makefile for the linux arm-specific parts of the memory manager. # -obj-y := extable.o fault.o init.o iomap.o +obj-y := extable.o fault.o init.o iomap.o maccess.o obj-y += dma-mapping$(MMUEXT).o obj-$(CONFIG_MMU) += fault-armv.o flush.o idmap.o ioremap.o \ mmap.o pgd.o mmu.o pageattr.o diff --git a/arch/arm/mm/maccess.c b/arch/arm/mm/maccess.c new file mode 100644 index 000000000000..0251062cb40d --- /dev/null +++ b/arch/arm/mm/maccess.c @@ -0,0 +1,9 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include + +bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) +{ + return (unsigned long)unsafe_src >= TASK_SIZE; +} -- 2.33.1