Re: [PATCH] x86: Allow user accesses to the base of the guard page

From: Mikel Rychliski
Date: Sat Nov 23 2024 - 19:31:48 EST

Next message: pr-tracker-bot: "Re: [GIT PULL] First batch of KVM changes for Linux 6.13 merge window"
Previous message: Linus Torvalds: "Re: [PATCH] x86: Allow user accesses to the base of the guard page"
In reply to: Linus Torvalds: "Re: [PATCH] x86: Allow user accesses to the base of the guard page"
Next in thread: Linus Torvalds: "Re: [PATCH] x86: Allow user accesses to the base of the guard page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Saturday, November 23, 2024 6:44:34 P.M. EST you wrote:
> There's a difference between "valid" and "we care".
>
> This is way past that case. The only possible reason for that
> zero-byte thing at the end of the address space is somebody actively
> looking for some edge case, not a real use.

access_ok() for x86_64 checks the validity of the byte one past the end of the
requested buffer, even if that buffer is non-zero.

I ran into this in kernels that include 86e6b1547b3d0 with a BPF program that
grabs the bottom of the user stack in PAGE_SIZE chunks. Reading the final page
of user space returns -EFAULT now because the access_ok() check fails.

I've been working around with this:
https://lore.kernel.org/lkml/20241109210313.440495-1-mikel@xxxxxxxxxx/

Next message: pr-tracker-bot: "Re: [GIT PULL] First batch of KVM changes for Linux 6.13 merge window"
Previous message: Linus Torvalds: "Re: [PATCH] x86: Allow user accesses to the base of the guard page"
In reply to: Linus Torvalds: "Re: [PATCH] x86: Allow user accesses to the base of the guard page"
Next in thread: Linus Torvalds: "Re: [PATCH] x86: Allow user accesses to the base of the guard page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]