summaryrefslogtreecommitdiffstats
path: root/arch/um
diff options
context:
space:
mode:
authorRichard Weinberger <richard@nod.at>2015-05-31 19:21:51 +0200
committerRichard Weinberger <richard@nod.at>2015-05-31 19:21:51 +0200
commitd2313084e2c3488e254796617fcda45d69731b21 (patch)
tree3e1a011f87f645cfc5c09330d8a56741d8f019d1 /arch/um
parentum: Fix warning in setup_signal_stack_si() (diff)
downloadlinux-d2313084e2c3488e254796617fcda45d69731b21.tar.xz
linux-d2313084e2c3488e254796617fcda45d69731b21.zip
um: Catch unprotected user memory access
If the kernel tries to access user memory without copy_from_user() a trap will happen as kernel and userspace run in different processes on the host side. Currently this special page fault cannot be resolved and will happen over and over again. As result UML will lockup. This patch allows the page fault code to detect that situation and causes a panic() such that the root cause of the unprotected memory access can be found and fixed. Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'arch/um')
-rw-r--r--arch/um/kernel/trap.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c
index 8e4daf44e980..34b633ec852f 100644
--- a/arch/um/kernel/trap.c
+++ b/arch/um/kernel/trap.c
@@ -219,6 +219,11 @@ unsigned long segv(struct faultinfo fi, unsigned long ip, int is_user,
show_regs(container_of(regs, struct pt_regs, regs));
panic("Segfault with no mm");
}
+ else if (!is_user && address < TASK_SIZE) {
+ show_regs(container_of(regs, struct pt_regs, regs));
+ panic("Kernel tried to access user memory at addr 0x%lx, ip 0x%lx",
+ address, ip);
+ }
if (SEGV_IS_FIXABLE(&fi))
err = handle_page_fault(address, ip, is_write, is_user,