[PATCH v4 1/3] x86/mce: Use is_copy_from_user() to determine copy-from-user context

From: Shuai Xue
Date: Fri Mar 07 2025 - 00:49:41 EST

Next message: Dmitry Baryshkov: "Re: [PATCH 10/11] arm64: dts: qcom: x1e80100-romulus: Drop clock-names from PS8830"
Previous message: Dmitry Baryshkov: "Re: [PATCH 08/11] arm64: dts: qcom: sc8180x: Rename AOSS_QMP to power-management"
In reply to: Shuai Xue: "[PATCH v4 2/3] mm/hwpoison: Do not send SIGBUS to processes with recovered clean pages"
Next in thread: Borislav Petkov: "Re: [PATCH v4 1/3] x86/mce: Use is_copy_from_user() to determine copy-from-user context"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Commit 4c132d1d844a ("x86/futex: Remove .fixup usage") introduced a new
extable fixup type, EX_TYPE_EFAULT_REG, and commit 4c132d1d844a
("x86/futex: Remove .fixup usage") updated the extable fixup type for
copy-from-user operations, changing it from EX_TYPE_UACCESS to
EX_TYPE_EFAULT_REG. The error context for copy-from-user operations no
longer functions as an in-kernel recovery context. Consequently, the error
context for copy-from-user operations no longer functions as an in-kernel
recovery context, resulting in kernel panics with the message: "Machine
check: Data load in unrecoverable area of kernel."

The critical aspect is identifying whether the error context involves a
read from user memory. We do not care about the ex-type if we know its a
MOV reading from userspace. is_copy_from_user() return true when both of
the following conditions are met:

- the current instruction is copy
- source address is user memory

So, use is_copy_from_user() to determin if a context is copy user directly.

Fixes: 4c132d1d844a ("x86/futex: Remove .fixup usage")
Suggested-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Shuai Xue <xueshuai@xxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/mce/severity.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kernel/cpu/mce/severity.c b/arch/x86/kernel/cpu/mce/severity.c
index dac4d64dfb2a..2235a7477436 100644
--- a/arch/x86/kernel/cpu/mce/severity.c
+++ b/arch/x86/kernel/cpu/mce/severity.c
@@ -300,13 +300,12 @@ static noinstr int error_context(struct mce *m, struct pt_regs *regs)
copy_user = is_copy_from_user(regs);
instrumentation_end();

- switch (fixup_type) {
- case EX_TYPE_UACCESS:
- if (!copy_user)
- return IN_KERNEL;
- m->kflags |= MCE_IN_KERNEL_COPYIN;
- fallthrough;
+ if (copy_user) {
+ m->kflags |= MCE_IN_KERNEL_COPYIN | MCE_IN_KERNEL_RECOV;
+ return IN_KERNEL_RECOV;
+ }

+ switch (fixup_type) {
case EX_TYPE_FAULT_MCE_SAFE:
case EX_TYPE_DEFAULT_MCE_SAFE:
m->kflags |= MCE_IN_KERNEL_RECOV;
--
2.39.3

Next message: Dmitry Baryshkov: "Re: [PATCH 10/11] arm64: dts: qcom: x1e80100-romulus: Drop clock-names from PS8830"
Previous message: Dmitry Baryshkov: "Re: [PATCH 08/11] arm64: dts: qcom: sc8180x: Rename AOSS_QMP to power-management"
In reply to: Shuai Xue: "[PATCH v4 2/3] mm/hwpoison: Do not send SIGBUS to processes with recovered clean pages"
Next in thread: Borislav Petkov: "Re: [PATCH v4 1/3] x86/mce: Use is_copy_from_user() to determine copy-from-user context"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]