diff options
author | Alexei Starovoitov <ast@kernel.org> | 2023-04-10 19:43:44 +0200 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2023-04-13 02:36:23 +0200 |
commit | d319f344561de23e810515d109c7278919bff7b0 (patch) | |
tree | dcf462af3e03dbdc495b91ba633a4b9214e54dbb /mm/kasan/Makefile | |
parent | Merge branch 'Add FOU support for externally controlled ipip devices' (diff) | |
download | linux-d319f344561de23e810515d109c7278919bff7b0.tar.xz linux-d319f344561de23e810515d109c7278919bff7b0.zip |
mm: Fix copy_from_user_nofault().
There are several issues with copy_from_user_nofault():
- access_ok() is designed for user context only and for that reason
it has WARN_ON_IN_IRQ() which triggers when bpf, kprobe, eprobe
and perf on ppc are calling it from irq.
- it's missing nmi_uaccess_okay() which is a nop on all architectures
except x86 where it's required.
The comment in arch/x86/mm/tlb.c explains the details why it's necessary.
Calling copy_from_user_nofault() from bpf, [ke]probe without this check is not safe.
- __copy_from_user_inatomic() under CONFIG_HARDENED_USERCOPY is calling
check_object_size()->__check_object_size()->check_heap_object()->find_vmap_area()->spin_lock()
which is not safe to do from bpf, [ke]probe and perf due to potential deadlock.
Fix all three issues. At the end the copy_from_user_nofault() becomes
equivalent to copy_from_user_nmi() from safety point of view with
a difference in the return value.
Reported-by: Hsin-Wei Hung <hsinweih@uci.edu>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Florian Lehner <dev@der-flo.net>
Tested-by: Hsin-Wei Hung <hsinweih@uci.edu>
Tested-by: Florian Lehner <dev@der-flo.net>
Link: https://lore.kernel.org/r/20230410174345.4376-2-dev@der-flo.net
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'mm/kasan/Makefile')
0 files changed, 0 insertions, 0 deletions