Re: [PATCH] x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling
From: Ross Zwisler
Date: Tue Jul 03 2018 - 12:48:04 EST
On Mon, Jul 02, 2018 at 02:16:10PM -0700, Dan Williams wrote:
> All copy_to_user() implementations need to be prepared to handle faults
> accessing userspace. The __memcpy_mcsafe() implementation handles both
> mmu-faults on the user destination and machine-check-exceptions on the
> source buffer. However, the memcpy_mcsafe() wrapper may silently
> fallback to memcpy() depending on build options and cpu-capabilities.
>
> Force copy_to_user_mcsafe() to always use __memcpy_mcsafe() when
> available, and otherwise disable all of the copy_to_user_mcsafe()
> infrastructure when __memcpy_mcsafe() is not available, i.e.
> CONFIG_X86_MCE=n.
>
> This fixes crashes of the form:
> run fstests generic/323 at 2018-07-02 12:46:23
> BUG: unable to handle kernel paging request at 00007f0d50001000
> RIP: 0010:__memcpy+0x12/0x20
> [..]
> Call Trace:
> copyout_mcsafe+0x3a/0x50
> _copy_to_iter_mcsafe+0xa1/0x4a0
> ? dax_alive+0x30/0x50
> dax_iomap_actor+0x1f9/0x280
> ? dax_iomap_rw+0x100/0x100
> iomap_apply+0xba/0x130
> ? dax_iomap_rw+0x100/0x100
> dax_iomap_rw+0x95/0x100
> ? dax_iomap_rw+0x100/0x100
> xfs_file_dax_read+0x7b/0x1d0 [xfs]
> xfs_file_read_iter+0xa7/0xc0 [xfs]
> aio_read+0x11c/0x1a0
>
> Fixes: 8780356ef630 ("x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe()")
> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> Cc: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxxxx>
> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Tony Luck <tony.luck@xxxxxxxxx>
> Reported-by: Ross Zwisler <ross.zwisler@xxxxxxxxxxxxxxx>
> Signed-off-by: Dan Williams <dan.j.williams@xxxxxxxxx>
Tested-by: Ross Zwisler <ross.zwisler@xxxxxxxxxxxxxxx>