On Tue, 23 Jan 2024 at 02:12, Kees Cook <[email protected]> wrote: > > Under PAN emulation when dumping backtraces from things like the > LKDTM EXEC_USERSPACE test[1], a double fault (which would hang a CPU) > would happen because of dump_instr() attempting to read a userspace > address. Make sure copy_from_kernel_nofault() does not attempt this > any more. > > Reported-by: Mark Brown <[email protected]> > Link: https://lore.kernel.org/all/202401181125.D48DCB4C@keescook/ [1] > Suggested-by: "Russell King (Oracle)" <[email protected]> > Cc: Russell King <[email protected]> > Cc: Ard Biesheuvel <[email protected]> > Cc: Wang Kefeng <[email protected]> > Cc: Andrew Morton <[email protected]> > Cc: Ben Hutchings <[email protected]> > Cc: [email protected] > Signed-off-by: Kees Cook <[email protected]>
Reviewed-by: Ard Biesheuvel <[email protected]> > --- > arch/arm/mm/fault.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c > index e804432e905e..bc5b959b6f90 100644 > --- a/arch/arm/mm/fault.c > +++ b/arch/arm/mm/fault.c > @@ -25,6 +25,13 @@ > > #include "fault.h" > > +bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) > +{ > + unsigned long addr = (unsigned long)unsafe_src; > + > + return addr >= TASK_SIZE && ULONG_MAX - addr >= size; > +} > + > #ifdef CONFIG_MMU > > /* > -- > 2.34.1 >
