riscv/mm: Prevent kernel module to access user memory without uaccess routines

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

We found this issue in an legacy out-of-tree kernel module
which didn't properly access user space pointer by get/put_user().
Such an illegal access loops in the page fault handler.
To resolve this, let it die here.

Signed-off-by: Eric Lin <tesheng@andestech.com>
Reviewed-by: Pekka Enberg <penberg@kernel.org>
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>

authored by

Eric Lin and committed by

Palmer Dabbelt 5 years ago 21855cac 21733cb5

1 changed file

expand all

arch

riscv

fault.c

arch/riscv/mm/fault.c

··· 243 243 if (user_mode(regs)) 244 244 flags |= FAULT_FLAG_USER; 245 245 246 + if (!user_mode(regs) && addr < TASK_SIZE && 247 + unlikely(!(regs->status & SR_SUM))) 248 + die_kernel_fault("access to user memory without uaccess routines", 249 + addr, regs); 250 + 246 251 perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr); 247 252 248 253 if (cause == EXC_STORE_PAGE_FAULT)