Re: [PATCH] x86: Allow user accesses to the base of the guard page
From: Mikel Rychliski
Date: Sat Nov 23 2024 - 19:31:48 EST
On Saturday, November 23, 2024 6:44:34 P.M. EST you wrote:
> There's a difference between "valid" and "we care".
>
> This is way past that case. The only possible reason for that
> zero-byte thing at the end of the address space is somebody actively
> looking for some edge case, not a real use.
access_ok() for x86_64 checks the validity of the byte one past the end of the
requested buffer, even if that buffer is non-zero.
I ran into this in kernels that include 86e6b1547b3d0 with a BPF program that
grabs the bottom of the user stack in PAGE_SIZE chunks. Reading the final page
of user space returns -EFAULT now because the access_ok() check fails.
I've been working around with this:
https://lore.kernel.org/lkml/20241109210313.440495-1-mikel@xxxxxxxxxx/