Excerpts from Christophe Leroy's message of August 7, 2020 3:15 am:
> Check address earlier to simplify the following test.
Good logic reduction.
Reviewed-by: Nicholas Piggin
> Signed-off-by: Christophe Leroy
> ---
> arch/powerpc/mm/fault.c | 10 +-
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
> index 9ef9ee244f72..525e0c2b5406 100644
> --- a/arch/powerpc/mm/fault.c
> +++ b/arch/powerpc/mm/fault.c
> @@ -210,17 +210,17 @@ static bool bad_kernel_fault(struct pt_regs *regs,
> unsigned long error_code,
> return true;
> }
>
> - if (!is_exec && address < TASK_SIZE && (error_code & DSISR_PROTFAULT) &&
> + // Kernel fault on kernel address is bad
> + if (address >= TASK_SIZE)
> + return true;
> +
> + if (!is_exec && (error_code & DSISR_PROTFAULT) &&
> !search_exception_tables(regs->nip)) {
> pr_crit_ratelimited("Kernel attempted to access user page (%lx)
> - exploit attempt? (uid: %d)\n",
> address,
> from_kuid(&init_user_ns, current_uid()));
> }
>
> - // Kernel fault on kernel address is bad
> - if (address >= TASK_SIZE)
> - return true;
> -
> // Fault on user outside of certain regions (eg. copy_tofrom_user()) is
> bad
> if (!search_exception_tables(regs->nip))
> return true;
> --
> 2.25.0
>
>