Commit d2313084 authored by Richard Weinberger's avatar Richard Weinberger
Browse files

um: Catch unprotected user memory access 



If the kernel tries to access user memory without copy_from_user()
a trap will happen as kernel and userspace run in different processes
on the host side. Currently this special page fault cannot be resolved
and will happen over and over again. As result UML will lockup.
This patch allows the page fault code to detect that situation and
causes a panic() such that the root cause of the unprotected memory
access can be found and fixed.

Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
parent 6c684465

arch/um/kernel/trap.c

+5 −0
Original line number Diff line number Diff line
@@ -219,6 +219,11 @@ unsigned long segv(struct faultinfo fi, unsigned long ip, int is_user, 
		show_regs(container_of(regs, struct pt_regs, regs));

		panic("Segfault with no mm");

	}

	else if (!is_user && address < TASK_SIZE) {

		show_regs(container_of(regs, struct pt_regs, regs));

		panic("Kernel tried to access user memory at addr 0x%lx, ip 0x%lx",

		       address, ip);

	}



	if (SEGV_IS_FIXABLE(&fi))

		err = handle_page_fault(address, ip, is_write, is_user,

CRA Git | Maintained and supported by SUSTech CRA and CCSE