Re: [PATCH] x86: Fix off-by-one error in __access_ok

From: Tingmao Wang
Date: Mon Nov 25 2024 - 20:10:17 EST


Hi,

I hit an issue with using gdb (and eventually more) on a system with 9p as rootfs which I eventually root-caused to this, so I'm just posting here for reference / another testing datapoint, since I couldn't find any other mentions of this error elsewhere and this is in the latest stable kernel (6.12 / 6.12.1). Apologies in advance that I might not be offering much else useful, but I can confirm that applying this patch fixes it.

I'm running a development VM where the rootfs is a 9p mount, and from 6.12 I get this if I try to debug anything with gdb:

[ 6.258525][ T88] netfs: Couldn't get user pages (rc=-14)
[ 6.259414][ T88] netfs: Zero-sized read [R=1ff3]
/bin/sh: error while loading shared libraries: /lib/x86_64-linux-gnu/libc.so.6: cannot read file data: Input/output error
During startup program exited with code 127.

After some further testing I realized that basically *everything* was broken (e.g. /bin/sh) if I disable ASLR (via /proc/sys/kernel/randomize_va_space), with the same messages printed. The user-space is a Debian distribution.

Basically I think the user-space initialisation tries to call read with (for example) buf=0x7fffffffdfc8 and count=832, so it spans the last two valid user-space pages, and the access_ok in gup_fast_fallback eventually fails (because somewhere above it rounds to whole pages).

I think this doesn't happen with a "normal" ext4 root (otherwise I would be surprised if nobody else has reported it yet) - it might just have been surfaced by recent v9fs changes.