[PATCH 1/2] net: ethernet: Fix typo of 'network' in comment
Signed-off-by: Eric Lin Reported-by: Gustavo A. R. Silva --- drivers/net/ethernet/via/via-velocity.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/via/via-velocity.c b/drivers/net/ethernet/via/via-velocity.c index b65767f9e499..fecc4d7b00b0 100644 --- a/drivers/net/ethernet/via/via-velocity.c +++ b/drivers/net/ethernet/via/via-velocity.c @@ -2525,7 +2525,7 @@ static int velocity_close(struct net_device *dev) * @skb: buffer to transmit * @dev: network device * - * Called by the networ layer to request a packet is queued to + * Called by the network layer to request a packet is queued to * the velocity. Returns zero on success. */ static netdev_tx_t velocity_xmit(struct sk_buff *skb, -- 2.25.1
[PATCH 2/2] net: wireless: Fix typo of 'Networks' in comment
Signed-off-by: Eric Lin
Reported-by: Gustavo A. R. Silva
---
drivers/net/wireless/wl3501.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/wl3501.h b/drivers/net/wireless/wl3501.h
index e98e04ee9a2c..5779ffbe5d0f 100644
--- a/drivers/net/wireless/wl3501.h
+++ b/drivers/net/wireless/wl3501.h
@@ -240,7 +240,7 @@ struct iw_mgmt_essid_pset {
} __packed;
/*
- * According to 802.11 Wireless Netowors, the definitive guide - O'Reilly
+ * According to 802.11 Wireless Networks, the definitive guide - O'Reilly
* Pg 75
*/
#define IW_DATA_RATE_MAX_LABELS 8
--
2.25.1
Re: [PATCH] riscv/mm: Prevent kernel module access user-space memory without uaccess routines
On Mon, Nov 30, 2020 at 04:30:15PM +0800, Christoph Hellwig wrote: Hi Christoph, > > + if (!user_mode(regs) && addr < TASK_SIZE && unlikely(!(regs->status & > > SR_SUM))) > > Please avoid the overly long line. OK, I'll modify it in v2. Thanks for your review.
Re: [PATCH] riscv/mm: Prevent kernel module access user-space memory without uaccess routines
On Mon, Nov 30, 2020 at 04:07:03PM +0800, Pekka Enberg wrote: Hi Pekka, > On Mon, Nov 30, 2020 at 7:33 AM Eric Lin wrote: > > > > In the page fault handler, an access to user-space memory > > without get/put_user() or copy_from/to_user() routines is > > not resolved properly. Like arm and other architectures, > > we need to let it die earlier in page fault handler. > > Fix looks good to me. Can you elaborate on how you found the issue and > how the bug manifests itself? OK, I'll elaborate more on the commit message. > > > > > Signed-off-by: Eric Lin > > Cc: Alan Kao > > --- > > arch/riscv/mm/fault.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c > > index 3c8b9e433c67..a452cfa266a2 100644 > > --- a/arch/riscv/mm/fault.c > > +++ b/arch/riscv/mm/fault.c > > @@ -232,6 +232,9 @@ asmlinkage void do_page_fault(struct pt_regs *regs) > > if (user_mode(regs)) > > flags |= FAULT_FLAG_USER; > > > > + if (!user_mode(regs) && addr < TASK_SIZE && unlikely(!(regs->status > > & SR_SUM))) > > + die(regs, "Accessing user space memory without uaccess > > routines\n"); > > Let's introduce a die_kernel_fault() helper (similar to arm64, for > example) to ensure same semantics for the different kernel faults. You > can extract the helper from no_context(). OK, I'll add a die_kernel_fault() helper function in v2. Thanks for your review. > > > + > > perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr); > > > > if (cause == EXC_STORE_PAGE_FAULT) > > -- > > 2.17.0 > > > > > > ___ > > linux-riscv mailing list > > linux-ri...@lists.infradead.org > > http://lists.infradead.org/mailman/listinfo/linux-riscv
[PATCH v3 2/2] riscv/mm: Prevent kernel module to access user memory without uaccess routines
We found this issue in an legacy out-of-tree kernel module
which didn't properly access user space pointer by get/put_user().
Such an illegal access loops in the page fault handler.
To resolve this, let it die here.
Signed-off-by: Eric Lin
Cc: Alan Kao
Reviewed-by: Pekka Enberg
---
arch/riscv/mm/fault.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index 0d5f06d6e3c7..33d284188f9a 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -243,6 +243,11 @@ asmlinkage void do_page_fault(struct pt_regs *regs)
if (user_mode(regs))
flags |= FAULT_FLAG_USER;
+ if (!user_mode(regs) && addr < TASK_SIZE &&
+ unlikely(!(regs->status & SR_SUM)))
+ die_kernel_fault("access to user memory without uaccess
routines",
+ addr, regs);
+
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr);
if (cause == EXC_STORE_PAGE_FAULT)
--
2.17.0
[PATCH v3 0/2] Let illegal access to user-space memory die
Accesses to user-space memory without calling uaccess routine leads to hanging in page fault handler. Like arm64, we let it die earlier in page fault handler. Changes in v3: -Let no_context() use die_kernel_fault() helper Changes in v2: -Add a die_kernel_fault() helper -Split one long line code into two Eric Lin (2): riscv/mm: Introduce a die_kernel_fault() helper function riscv/mm: Prevent kernel module to access user memory without uaccess routines arch/riscv/mm/fault.c | 28 ++-- 1 file changed, 22 insertions(+), 6 deletions(-) -- 2.17.0
[PATCH v3 1/2] riscv/mm: Introduce a die_kernel_fault() helper function
Like arm64, this patch adds a die_kernel_fault() helper
to ensure the same semantics for the different kernel faults.
Signed-off-by: Eric Lin
Cc: Alan Kao
Reviewed-by: Pekka Enberg
---
arch/riscv/mm/fault.c | 23 +--
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index 3c8b9e433c67..0d5f06d6e3c7 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -19,8 +19,23 @@
#include "../kernel/head.h"
+static void die_kernel_fault(const char *msg, unsigned long addr,
+ struct pt_regs *regs)
+{
+ bust_spinlocks(1);
+
+ pr_alert("Unable to handle kernel %s at virtual address " REG_FMT "\n",
msg,
+ addr);
+
+ bust_spinlocks(0);
+ die(regs, "Oops");
+ do_exit(SIGKILL);
+}
+
static inline void no_context(struct pt_regs *regs, unsigned long addr)
{
+ const char *msg;
+
/* Are we prepared to handle this kernel fault? */
if (fixup_exception(regs))
return;
@@ -29,12 +44,8 @@ static inline void no_context(struct pt_regs *regs, unsigned
long addr)
* Oops. The kernel tried to access some bad page. We'll have to
* terminate things with extreme prejudice.
*/
- bust_spinlocks(1);
- pr_alert("Unable to handle kernel %s at virtual address " REG_FMT "\n",
- (addr < PAGE_SIZE) ? "NULL pointer dereference" :
- "paging request", addr);
- die(regs, "Oops");
- do_exit(SIGKILL);
+ msg = (addr < PAGE_SIZE) ? "NULL pointer dereference" : "paging
request";
+ die_kernel_fault(msg, addr, regs);
}
static inline void mm_fault_error(struct pt_regs *regs, unsigned long addr,
vm_fault_t fault)
--
2.17.0
[PATCH v2 0/2] Let illegal access to user-space memory die
Accesses to user-space memory without calling uaccess routine leads to hanging in page fault handler. Like arm64, we let it die earlier in page fault handler. Changes in v2: -Add a die_kernel_fault() helper -Split one long line code into two Eric Lin (2): riscv/mm: Introduce a die_kernel_fault() helper function riscv/mm: Prevent kernel module to access user memory without uaccess routines arch/riscv/mm/fault.c | 18 ++ 1 file changed, 18 insertions(+) -- 2.17.0
[PATCH v2 2/2] riscv/mm: Prevent kernel module to access user memory without uaccess routines
We found this issue in an legacy out-of-tree kernel module
which didn't properly access user space pointer by get/put_user().
Such an illegal access loops in the page fault handler.
To resolve this, let it die here.
Signed-off-by: Eric Lin
Cc: Alan Kao
---
arch/riscv/mm/fault.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index 0bcfd0e1b39e..00884c1bac28 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -245,6 +245,11 @@ asmlinkage void do_page_fault(struct pt_regs *regs)
if (user_mode(regs))
flags |= FAULT_FLAG_USER;
+ if (!user_mode(regs) && addr < TASK_SIZE &&
+ unlikely(!(regs->status & SR_SUM)))
+ die_kernel_fault("access to user memory without uaccess
routines",
+ addr, regs);
+
perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr);
if (cause == EXC_STORE_PAGE_FAULT)
--
2.17.0
[PATCH v2 1/2] riscv/mm: Introduce a die_kernel_fault() helper function
Like arm64, this patch adds a die_kernel_fault() helper
to ensure the same semantics for the different kernel faults.
Signed-off-by: Eric Lin
Cc: Alan Kao
---
arch/riscv/mm/fault.c | 13 +
1 file changed, 13 insertions(+)
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index 3c8b9e433c67..0bcfd0e1b39e 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -19,6 +19,19 @@
#include "../kernel/head.h"
+static void die_kernel_fault(const char *msg, unsigned long addr,
+ struct pt_regs *regs)
+{
+ bust_spinlocks(1);
+
+ pr_alert("Unable to handle kernel %s at virtual address " REG_FMT "\n",
msg,
+ addr);
+
+ bust_spinlocks(0);
+ die(regs, "Oops");
+ do_exit(SIGKILL);
+}
+
static inline void no_context(struct pt_regs *regs, unsigned long addr)
{
/* Are we prepared to handle this kernel fault? */
--
2.17.0
Re: [PATCH v2 0/2] Let illegal access to user-space memory die
On Thu, Dec 03, 2020 at 03:29:57PM +0800, Pekka Enberg wrote: Hi Pekka, > Hi Eric, > > On Thu, Dec 3, 2020 at 8:51 AM Eric Lin wrote: > > > > Accesses to user-space memory without calling uaccess routine > > leads to hanging in page fault handler. Like arm64, we let it > > die earlier in page fault handler. > > > > Changes in v2: > > -Add a die_kernel_fault() helper > > -Split one long line code into two > > Please also make no_context() use the new helper. Other than that: > OK, I'll make no_context() use the new helper in v3. Thanks for your review. > Reviewed-by: Pekka Enberg
[PATCH] riscv/mm: Prevent kernel module access user-space memory without uaccess routines
In the page fault handler, an access to user-space memory without get/put_user() or copy_from/to_user() routines is not resolved properly. Like arm and other architectures, we need to let it die earlier in page fault handler. Signed-off-by: Eric Lin Cc: Alan Kao --- arch/riscv/mm/fault.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c index 3c8b9e433c67..a452cfa266a2 100644 --- a/arch/riscv/mm/fault.c +++ b/arch/riscv/mm/fault.c @@ -232,6 +232,9 @@ asmlinkage void do_page_fault(struct pt_regs *regs) if (user_mode(regs)) flags |= FAULT_FLAG_USER; + if (!user_mode(regs) && addr < TASK_SIZE && unlikely(!(regs->status & SR_SUM))) + die(regs, "Accessing user space memory without uaccess routines\n"); + perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr); if (cause == EXC_STORE_PAGE_FAULT) -- 2.17.0
