[PATCH v3] powerpc/uaccess: evaluate macro arguments once, before user access is allowed

Michael Ellerman patch-notifications at ellerman.id.au
Fri May 29 14:24:15 AEST 2020

On Tue, 2020-04-07 at 04:12:45 UTC, Nicholas Piggin wrote:
> get/put_user can be called with nontrivial arguments. fs/proc/page.c
> has a good example:
>     if (put_user(stable_page_flags(ppage), out)) {
> stable_page_flags is quite a lot of code, including spin locks in the
> page allocator.
> Ensure these arguments are evaluated before user access is allowed.
> This improves security by reducing code with access to userspace, but
> it also fixes a PREEMPT bug with KUAP on powerpc/64s:
> stable_page_flags is currently called with AMR set to allow writes,
> it ends up calling spin_unlock(), which can call preempt_schedule. But
> the task switch code can not be called with AMR set (it relies on
> interrupts saving the register), so this blows up.
> It's fine if the code inside allow_user_access is preemptible, because
> a timer or IPI will save the AMR, but it's not okay to explicitly
> cause a reschedule.
> Signed-off-by: Nicholas Piggin <npiggin at gmail.com>

Applied to powerpc topic/uaccess-ppc, thanks.



More information about the Linuxppc-dev mailing list