Re: [PATCHv14 01/17] x86/mm: Rework address range check in get_user() and put_user()
From: Linus Torvalds
Date: Wed Jan 18 2023 - 11:04:19 EST
On Wed, Jan 18, 2023 at 7:50 AM Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
> On Wed, Jan 11, 2023 at 03:37:20PM +0300, Kirill A. Shutemov wrote:
>
> > If an address with bit 63 set is passed down, it will trigger a #GP
> > exception. _ASM_EXTABLE_UA() complains about this. Replace it with
> > plain _ASM_EXTABLE() as it is expected behaviour now.
>
> here I don't. The new logic basically squishes every kernel address to
> -1L -- a known unmapped address, but getting that address in
> {get,put}_user() is still a fail, right?
>
> We used to manually branch to bad_get_user when outside TASK_SIZE_MAX,
> now we rely on #GP.
>
> So why silence it?
We don't silence it - for a kernel address that turns into an all-ones
address, the the _ASM_EXTABLE() will still cause the -EFAULT due to
the page fault.
But it's not the high bit set case that is the problem here.
The problem is a "positive" address that is non-canonical.
Testing against TASK_SIZE_MAX would catch non-canonical addresses
before the access, and we'd return -EFAULT.
But now that we don't test against TASK_SIZE_MAX any more,
non-canonical accesses will cause a GP fault, and *that* message is
what we want to silence.
We'll still return -EFAULT, of course, we're just getting rid of the
WARN_ONCE(trapnr == X86_TRAP_GP,
"General protection fault in user access.
Non-canonical address?");
issue that comes from not being so exact about the address limit any more.
Linus