From patchwork Tue Feb 14 16:25:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 13140495 X-Patchwork-Delegate: palmer@dabbelt.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3B843C05027 for ; Tue, 14 Feb 2023 16:25:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=4RBaLimeYanrbh8NKBS9ncF4Y89Wpa2vTOMBKyJmiMg=; b=BCPs0TISZeqh0+ 3YdHELCLqEJPHCMzQiroKhw53UWIajPlLodp1fco9texnLwJBWcRG3XTSyPD9CZ1OpMR80OYH1gRM k33ah+ugV7wK7LzpWrh2fI/Qer7Ajy4T0l63usxhVI3iib+ROWUBD2YklYpRFYym9sgx3hJwBazmg ztDSrw9rDk42a6ZKyZWpeEfZYUZQ171vgc6YNa85QiI43tyPowO1EqId73bkvBsg07ywBHR8OjnkJ iWsYkUAiAqZF6iY1IiaG12xevg6clPvKrgNrK6ZLBI40PlLFB4cIJZpRU+v6HK/BzQ4U0qeefniIA yZQ59piY8BDK970JLIpQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1pRy7T-002no7-1J; Tue, 14 Feb 2023 16:25:27 +0000 Received: from ams.source.kernel.org ([145.40.68.75]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1pRy7Q-002nnX-1q for linux-riscv@lists.infradead.org; Tue, 14 Feb 2023 16:25:25 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E5700B81CCB; Tue, 14 Feb 2023 16:25:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5084DC4339B; Tue, 14 Feb 2023 16:25:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1676391920; bh=LuWURY4FFKeKIoza3eLnRgl1jiOEIpdGZG7bWday3lQ=; h=From:To:Cc:Subject:Date:From; b=cd0pCB93jtXrpx96m2wkGNutsKDwf2F+zq4ZVhUc+B4RHfuZQ5EkUTerejBJzln+Z DLx9UhdDb0znIJmWADwgoVkzz3om2KlqnSZ/bLG7Vr1xsiSgYaPLpoh7tbA+2OHZ4y O6FJ64O2SRPGOQve4QpVRZqJJXIYnWAQ65Ovvdb3WtbZqZHlfvv39NjzzD6fzwRrRZ 3lI4AyH4LrHocUsXzIEBDkQDMmVDn6ndyKKc4PV8RvnG/945LLOw3mGD60pSQuRDNO TevFehVYvo6e6ZC+iFmADq3Azi7+dtl8ZtoV4Coc1QG3qew7ha4KcdW+dSFqQkAPEl mD3l4ttDKl8ag== From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: Paul Walmsley , Palmer Dabbelt , Albert Ou , linux-riscv@lists.infradead.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , bpf@vger.kernel.org Subject: [PATCH] riscv, mm: Perform BPF exhandler fixup on page fault Date: Tue, 14 Feb 2023 17:25:15 +0100 Message-Id: <20230214162515.184827-1-bjorn@kernel.org> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230214_082524_284692_87F669CD X-CRM114-Status: GOOD ( 14.64 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org From: Björn Töpel Commit 21855cac82d3 ("riscv/mm: Prevent kernel module to access user memory without uaccess routines") added early exits/deaths for page faults stemming from accesses to user-space without using proper uaccess routines (where sstatus.SUM is set). Unfortunatly, this is too strict for some BPF programs, which relies on BPF exhandler fixups. These BPF programs loads "BTF pointers". A BTF pointers could either be a valid kernel pointer or NULL, but not a userspace address. Resolve the problem by calling the fixup handler in the early exit path. Fixes: 21855cac82d3 ("riscv/mm: Prevent kernel module to access user memory without uaccess routines") Signed-off-by: Björn Töpel --- Palmer, This is a fix for BPF on riscv, but I'd still like to take it via the RISC-V tree, given the mm changes. BPF/BTF is a special snowflake, and needs special care. ;-) If BPF_PROBE_MEM is ever to be used for usermode pointers in the future, then the fixup call can be removed, in favor of setting sstatus.SUM from the BPF jitted code. Björn --- arch/riscv/mm/fault.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) base-commit: 950b879b7f0251317d26bae0687e72592d607532 diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c index d86f7cebd4a7..eb0774d9c03b 100644 --- a/arch/riscv/mm/fault.c +++ b/arch/riscv/mm/fault.c @@ -267,10 +267,12 @@ asmlinkage void do_page_fault(struct pt_regs *regs) if (user_mode(regs)) flags |= FAULT_FLAG_USER; - if (!user_mode(regs) && addr < TASK_SIZE && - unlikely(!(regs->status & SR_SUM))) - die_kernel_fault("access to user memory without uaccess routines", - addr, regs); + if (!user_mode(regs) && addr < TASK_SIZE && unlikely(!(regs->status & SR_SUM))) { + if (fixup_exception(regs)) + return; + + die_kernel_fault("access to user memory without uaccess routines", addr, regs); + } perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr);