diff mbox series

[2/2] riscv: misaligned: fix sleeping function called during misaligned access handling

Message ID 20250411073850.3699180-3-nylon.chen@sifive.com (mailing list archive)
State New
Headers show
Series riscv: misaligned: Add ZCB handling and fix sleeping function | expand

Checks

Context Check Description
bjorn/pre-ci_am success Success
bjorn/build-rv32-defconfig success build-rv32-defconfig
bjorn/build-rv64-clang-allmodconfig success build-rv64-clang-allmodconfig
bjorn/build-rv64-gcc-allmodconfig success build-rv64-gcc-allmodconfig
bjorn/build-rv64-nommu-k210-defconfig success build-rv64-nommu-k210-defconfig
bjorn/build-rv64-nommu-k210-virt success build-rv64-nommu-k210-virt
bjorn/checkpatch success checkpatch
bjorn/dtb-warn-rv64 success dtb-warn-rv64
bjorn/header-inline success header-inline
bjorn/kdoc success kdoc
bjorn/module-param success module-param
bjorn/verify-fixes success verify-fixes
bjorn/verify-signedoff success verify-signedoff

Commit Message

Nylon Chen April 11, 2025, 7:38 a.m. UTC 
Use copy_from_user_nofault() and copy_to_user_nofault() instead of
copy_from/to_user functions in the misaligned access trap handlers.

The following bug report was found when executing misaligned memory
accesses:

BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:162
in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 115, name: two
preempt_count: 0, expected: 0
CPU: 0 UID: 0 PID: 115 Comm: two Not tainted 6.14.0-rc5 #24
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
 [<ffffffff800160ea>] dump_backtrace+0x1c/0x24
 [<ffffffff80002304>] show_stack+0x28/0x34
 [<ffffffff80010fae>] dump_stack_lvl+0x4a/0x68
 [<ffffffff80010fe0>] dump_stack+0x14/0x1c
 [<ffffffff8004e44e>] __might_resched+0xfa/0x104
 [<ffffffff8004e496>] __might_sleep+0x3e/0x62
 [<ffffffff801963c4>] __might_fault+0x1c/0x24
 [<ffffffff80425352>] _copy_from_user+0x28/0xaa
 [<ffffffff8000296c>] handle_misaligned_store+0x204/0x254
 [<ffffffff809eae82>] do_trap_store_misaligned+0x24/0xee
 [<ffffffff809f4f1a>] handle_exception+0x146/0x152

Fixes: b686ecdeacf6 ("riscv: misaligned: Restrict user access to kernel memory")
Fixes: 441381506ba7 ("riscv: misaligned: remove CONFIG_RISCV_M_MODE specific code")

Signed-off-by: Zong Li <zong.li@sifive.com>
Signed-off-by: Nylon Chen <nylon.chen@sifive.com>
---
 arch/riscv/kernel/traps_misaligned.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Clément Léger April 11, 2025, 7:36 a.m. UTC | #1 
Hi Nylon,

I already have a pending fix for that bug which is to reenable
interrupts while handling misaligned faults. Please see:
https://lore.kernel.org/linux-riscv/20250317170625.1142870-12-cleger@rivosinc.com/

Thanks,

Clément

On 11/04/2025 09:38, Nylon Chen wrote:
> Use copy_from_user_nofault() and copy_to_user_nofault() instead of
> copy_from/to_user functions in the misaligned access trap handlers.
> 
> The following bug report was found when executing misaligned memory
> accesses:
> 
> BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:162
> in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 115, name: two
> preempt_count: 0, expected: 0
> CPU: 0 UID: 0 PID: 115 Comm: two Not tainted 6.14.0-rc5 #24
> Hardware name: riscv-virtio,qemu (DT)
> Call Trace:
>  [<ffffffff800160ea>] dump_backtrace+0x1c/0x24
>  [<ffffffff80002304>] show_stack+0x28/0x34
>  [<ffffffff80010fae>] dump_stack_lvl+0x4a/0x68
>  [<ffffffff80010fe0>] dump_stack+0x14/0x1c
>  [<ffffffff8004e44e>] __might_resched+0xfa/0x104
>  [<ffffffff8004e496>] __might_sleep+0x3e/0x62
>  [<ffffffff801963c4>] __might_fault+0x1c/0x24
>  [<ffffffff80425352>] _copy_from_user+0x28/0xaa
>  [<ffffffff8000296c>] handle_misaligned_store+0x204/0x254
>  [<ffffffff809eae82>] do_trap_store_misaligned+0x24/0xee
>  [<ffffffff809f4f1a>] handle_exception+0x146/0x152
> 
> Fixes: b686ecdeacf6 ("riscv: misaligned: Restrict user access to kernel memory")
> Fixes: 441381506ba7 ("riscv: misaligned: remove CONFIG_RISCV_M_MODE specific code")
> 
> Signed-off-by: Zong Li <zong.li@sifive.com>
> Signed-off-by: Nylon Chen <nylon.chen@sifive.com>
> ---
>  arch/riscv/kernel/traps_misaligned.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c
> index d7275dfb6b7e..563f73f88fa8 100644
> --- a/arch/riscv/kernel/traps_misaligned.c
> +++ b/arch/riscv/kernel/traps_misaligned.c
> @@ -455,7 +455,7 @@ static int handle_scalar_misaligned_load(struct pt_regs *regs)
>  
>  	val.data_u64 = 0;
>  	if (user_mode(regs)) {
> -		if (copy_from_user(&val, (u8 __user *)addr, len))
> +		if (copy_from_user_nofault(&val, (u8 __user *)addr, len))
>  			return -1;
>  	} else {
>  		memcpy(&val, (u8 *)addr, len);
> @@ -556,7 +556,7 @@ static int handle_scalar_misaligned_store(struct pt_regs *regs)
>  		return -EOPNOTSUPP;
>  
>  	if (user_mode(regs)) {
> -		if (copy_to_user((u8 __user *)addr, &val, len))
> +		if (copy_to_user_nofault((u8 __user *)addr, &val, len))
>  			return -1;
>  	} else {
>  		memcpy((u8 *)addr, &val, len);
Nylon Chen April 11, 2025, 8:04 a.m. UTC | #2 
Hi Clément,

Thanks for your information

I will test your patch as well, and if no other issues arise,
I'll remove this change from the patchset in the next version

Thanks

Nylon
Clément Léger <cleger@rivosinc.com> 於 2025年4月11日 週五 下午3:37寫道:
>
> Hi Nylon,
>
> I already have a pending fix for that bug which is to reenable
> interrupts while handling misaligned faults. Please see:
> https://lore.kernel.org/linux-riscv/20250317170625.1142870-12-cleger@rivosinc.com/
>
> Thanks,
>
> Clément
>
> On 11/04/2025 09:38, Nylon Chen wrote:
> > Use copy_from_user_nofault() and copy_to_user_nofault() instead of
> > copy_from/to_user functions in the misaligned access trap handlers.
> >
> > The following bug report was found when executing misaligned memory
> > accesses:
> >
> > BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:162
> > in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 115, name: two
> > preempt_count: 0, expected: 0
> > CPU: 0 UID: 0 PID: 115 Comm: two Not tainted 6.14.0-rc5 #24
> > Hardware name: riscv-virtio,qemu (DT)
> > Call Trace:
> >  [<ffffffff800160ea>] dump_backtrace+0x1c/0x24
> >  [<ffffffff80002304>] show_stack+0x28/0x34
> >  [<ffffffff80010fae>] dump_stack_lvl+0x4a/0x68
> >  [<ffffffff80010fe0>] dump_stack+0x14/0x1c
> >  [<ffffffff8004e44e>] __might_resched+0xfa/0x104
> >  [<ffffffff8004e496>] __might_sleep+0x3e/0x62
> >  [<ffffffff801963c4>] __might_fault+0x1c/0x24
> >  [<ffffffff80425352>] _copy_from_user+0x28/0xaa
> >  [<ffffffff8000296c>] handle_misaligned_store+0x204/0x254
> >  [<ffffffff809eae82>] do_trap_store_misaligned+0x24/0xee
> >  [<ffffffff809f4f1a>] handle_exception+0x146/0x152
> >
> > Fixes: b686ecdeacf6 ("riscv: misaligned: Restrict user access to kernel memory")
> > Fixes: 441381506ba7 ("riscv: misaligned: remove CONFIG_RISCV_M_MODE specific code")
> >
> > Signed-off-by: Zong Li <zong.li@sifive.com>
> > Signed-off-by: Nylon Chen <nylon.chen@sifive.com>
> > ---
> >  arch/riscv/kernel/traps_misaligned.c | 4 ++--
> >  1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c
> > index d7275dfb6b7e..563f73f88fa8 100644
> > --- a/arch/riscv/kernel/traps_misaligned.c
> > +++ b/arch/riscv/kernel/traps_misaligned.c
> > @@ -455,7 +455,7 @@ static int handle_scalar_misaligned_load(struct pt_regs *regs)
> >
> >       val.data_u64 = 0;
> >       if (user_mode(regs)) {
> > -             if (copy_from_user(&val, (u8 __user *)addr, len))
> > +             if (copy_from_user_nofault(&val, (u8 __user *)addr, len))
> >                       return -1;
> >       } else {
> >               memcpy(&val, (u8 *)addr, len);
> > @@ -556,7 +556,7 @@ static int handle_scalar_misaligned_store(struct pt_regs *regs)
> >               return -EOPNOTSUPP;
> >
> >       if (user_mode(regs)) {
> > -             if (copy_to_user((u8 __user *)addr, &val, len))
> > +             if (copy_to_user_nofault((u8 __user *)addr, &val, len))
> >                       return -1;
> >       } else {
> >               memcpy((u8 *)addr, &val, len);
>
Alexandre Ghiti April 11, 2025, 8:35 a.m. UTC | #3 
Hi Clément,

On 11/04/2025 09:36, Clément Léger wrote:
> Hi Nylon,
>
> I already have a pending fix for that bug which is to reenable
> interrupts while handling misaligned faults. Please see:
> https://lore.kernel.org/linux-riscv/20250317170625.1142870-12-cleger@rivosinc.com/


Can you extract this fix from the series so that it can be merged in 6.15?

Thanks,

Alex


>
> Thanks,
>
> Clément
>
> On 11/04/2025 09:38, Nylon Chen wrote:
>> Use copy_from_user_nofault() and copy_to_user_nofault() instead of
>> copy_from/to_user functions in the misaligned access trap handlers.
>>
>> The following bug report was found when executing misaligned memory
>> accesses:
>>
>> BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:162
>> in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 115, name: two
>> preempt_count: 0, expected: 0
>> CPU: 0 UID: 0 PID: 115 Comm: two Not tainted 6.14.0-rc5 #24
>> Hardware name: riscv-virtio,qemu (DT)
>> Call Trace:
>>   [<ffffffff800160ea>] dump_backtrace+0x1c/0x24
>>   [<ffffffff80002304>] show_stack+0x28/0x34
>>   [<ffffffff80010fae>] dump_stack_lvl+0x4a/0x68
>>   [<ffffffff80010fe0>] dump_stack+0x14/0x1c
>>   [<ffffffff8004e44e>] __might_resched+0xfa/0x104
>>   [<ffffffff8004e496>] __might_sleep+0x3e/0x62
>>   [<ffffffff801963c4>] __might_fault+0x1c/0x24
>>   [<ffffffff80425352>] _copy_from_user+0x28/0xaa
>>   [<ffffffff8000296c>] handle_misaligned_store+0x204/0x254
>>   [<ffffffff809eae82>] do_trap_store_misaligned+0x24/0xee
>>   [<ffffffff809f4f1a>] handle_exception+0x146/0x152
>>
>> Fixes: b686ecdeacf6 ("riscv: misaligned: Restrict user access to kernel memory")
>> Fixes: 441381506ba7 ("riscv: misaligned: remove CONFIG_RISCV_M_MODE specific code")
>>
>> Signed-off-by: Zong Li <zong.li@sifive.com>
>> Signed-off-by: Nylon Chen <nylon.chen@sifive.com>
>> ---
>>   arch/riscv/kernel/traps_misaligned.c | 4 ++--
>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c
>> index d7275dfb6b7e..563f73f88fa8 100644
>> --- a/arch/riscv/kernel/traps_misaligned.c
>> +++ b/arch/riscv/kernel/traps_misaligned.c
>> @@ -455,7 +455,7 @@ static int handle_scalar_misaligned_load(struct pt_regs *regs)
>>   
>>   	val.data_u64 = 0;
>>   	if (user_mode(regs)) {
>> -		if (copy_from_user(&val, (u8 __user *)addr, len))
>> +		if (copy_from_user_nofault(&val, (u8 __user *)addr, len))
>>   			return -1;
>>   	} else {
>>   		memcpy(&val, (u8 *)addr, len);
>> @@ -556,7 +556,7 @@ static int handle_scalar_misaligned_store(struct pt_regs *regs)
>>   		return -EOPNOTSUPP;
>>   
>>   	if (user_mode(regs)) {
>> -		if (copy_to_user((u8 __user *)addr, &val, len))
>> +		if (copy_to_user_nofault((u8 __user *)addr, &val, len))
>>   			return -1;
>>   	} else {
>>   		memcpy((u8 *)addr, &val, len);
>
> _______________________________________________
> linux-riscv mailing list
> linux-riscv@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-riscv
Clément Léger April 11, 2025, 8:38 a.m. UTC | #4 
On 11/04/2025 10:35, Alexandre Ghiti wrote:
> Hi Clément,
> 
> On 11/04/2025 09:36, Clément Léger wrote:
>> Hi Nylon,
>>
>> I already have a pending fix for that bug which is to reenable
>> interrupts while handling misaligned faults. Please see:
>> https://lore.kernel.org/linux-riscv/20250317170625.1142870-12-
>> cleger@rivosinc.com/
> 
> 
> Can you extract this fix from the series so that it can be merged in 6.15?

Hi Alex,

Yes sure, I can send a small series as well. However, I'd like the
associated kselftest to be reviewed since it would allow to catch such
behavior (there is no test for misaligned delegation yet).

Thanks,

Clément

> 
> Thanks,
> 
> Alex
> 
> 
>>
>> Thanks,
>>
>> Clément
>>
>> On 11/04/2025 09:38, Nylon Chen wrote:
>>> Use copy_from_user_nofault() and copy_to_user_nofault() instead of
>>> copy_from/to_user functions in the misaligned access trap handlers.
>>>
>>> The following bug report was found when executing misaligned memory
>>> accesses:
>>>
>>> BUG: sleeping function called from invalid context at ./include/
>>> linux/uaccess.h:162
>>> in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 115, name: two
>>> preempt_count: 0, expected: 0
>>> CPU: 0 UID: 0 PID: 115 Comm: two Not tainted 6.14.0-rc5 #24
>>> Hardware name: riscv-virtio,qemu (DT)
>>> Call Trace:
>>>   [<ffffffff800160ea>] dump_backtrace+0x1c/0x24
>>>   [<ffffffff80002304>] show_stack+0x28/0x34
>>>   [<ffffffff80010fae>] dump_stack_lvl+0x4a/0x68
>>>   [<ffffffff80010fe0>] dump_stack+0x14/0x1c
>>>   [<ffffffff8004e44e>] __might_resched+0xfa/0x104
>>>   [<ffffffff8004e496>] __might_sleep+0x3e/0x62
>>>   [<ffffffff801963c4>] __might_fault+0x1c/0x24
>>>   [<ffffffff80425352>] _copy_from_user+0x28/0xaa
>>>   [<ffffffff8000296c>] handle_misaligned_store+0x204/0x254
>>>   [<ffffffff809eae82>] do_trap_store_misaligned+0x24/0xee
>>>   [<ffffffff809f4f1a>] handle_exception+0x146/0x152
>>>
>>> Fixes: b686ecdeacf6 ("riscv: misaligned: Restrict user access to
>>> kernel memory")
>>> Fixes: 441381506ba7 ("riscv: misaligned: remove CONFIG_RISCV_M_MODE
>>> specific code")
>>>
>>> Signed-off-by: Zong Li <zong.li@sifive.com>
>>> Signed-off-by: Nylon Chen <nylon.chen@sifive.com>
>>> ---
>>>   arch/riscv/kernel/traps_misaligned.c | 4 ++--
>>>   1 file changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/
>>> kernel/traps_misaligned.c
>>> index d7275dfb6b7e..563f73f88fa8 100644
>>> --- a/arch/riscv/kernel/traps_misaligned.c
>>> +++ b/arch/riscv/kernel/traps_misaligned.c
>>> @@ -455,7 +455,7 @@ static int handle_scalar_misaligned_load(struct
>>> pt_regs *regs)
>>>         val.data_u64 = 0;
>>>       if (user_mode(regs)) {
>>> -        if (copy_from_user(&val, (u8 __user *)addr, len))
>>> +        if (copy_from_user_nofault(&val, (u8 __user *)addr, len))
>>>               return -1;
>>>       } else {
>>>           memcpy(&val, (u8 *)addr, len);
>>> @@ -556,7 +556,7 @@ static int handle_scalar_misaligned_store(struct
>>> pt_regs *regs)
>>>           return -EOPNOTSUPP;
>>>         if (user_mode(regs)) {
>>> -        if (copy_to_user((u8 __user *)addr, &val, len))
>>> +        if (copy_to_user_nofault((u8 __user *)addr, &val, len))
>>>               return -1;
>>>       } else {
>>>           memcpy((u8 *)addr, &val, len);
>>
>> _______________________________________________
>> linux-riscv mailing list
>> linux-riscv@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/linux-riscv
diff mbox series

Patch

diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c
index d7275dfb6b7e..563f73f88fa8 100644
--- a/arch/riscv/kernel/traps_misaligned.c
+++ b/arch/riscv/kernel/traps_misaligned.c
@@ -455,7 +455,7 @@  static int handle_scalar_misaligned_load(struct pt_regs *regs)
 
 	val.data_u64 = 0;
 	if (user_mode(regs)) {
-		if (copy_from_user(&val, (u8 __user *)addr, len))
+		if (copy_from_user_nofault(&val, (u8 __user *)addr, len))
 			return -1;
 	} else {
 		memcpy(&val, (u8 *)addr, len);
@@ -556,7 +556,7 @@  static int handle_scalar_misaligned_store(struct pt_regs *regs)
 		return -EOPNOTSUPP;
 
 	if (user_mode(regs)) {
-		if (copy_to_user((u8 __user *)addr, &val, len))
+		if (copy_to_user_nofault((u8 __user *)addr, &val, len))
 			return -1;
 	} else {
 		memcpy((u8 *)addr, &val, len);