>>> On 23.04.15 at 17:33, <torva...@linux-foundation.org> wrote: > On Tue, Apr 21, 2015 at 11:33 PM, Jan Beulich <jbeul...@suse.com> wrote: >> >> while the description of commit cae2a173fe certainly makes sense, the >> change itself ignores the __probe_kernel_write() code path, for which >> the destination address is expected to be in kernel space but accesses >> may still fault. I.e. the use of plain memset() causes >> __probe_kernel_write() to oops rather than return an error. Shouldn't >> the "(unsigned long)to >= TASK_SIZE_MAX" be relaxed to take the >> effect of set_fs() into account? > > Hmm. I think you're right. So something like > > --- a/arch/x86/lib/usercopy_64.c > +++ b/arch/x86/lib/usercopy_64.c > @@ -82,7 +82,7 @@ copy_user_handle_tail(char *to, char *from, unsigned > len) > clac(); > > /* If the destination is a kernel buffer, we always clear the end > */ > - if ((unsigned long)to >= TASK_SIZE_MAX) > + if (!__addr_ok(to)) > memset(to, 0, len); > return len; > } > > which will effectively say "only if we copy from user mode to kernel > mode" because if we use "set_fs(KERNEL_DS)" then kernel addresses will > also be __addr_ok.. > > Did you have a test-case for this? I guess we're talking odd ftrace > uses or kgdb?
So I thought you meant something you could try. The above fixes the issue for me, i.e. Tested-by: Jan Beulich <jbeul...@suse.com> Thanks, Jan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
