[PATCH v3 01/12] powerpc: mm/fault: Fix kfence page fault reporting
Michael Ellerman
mpe at ellerman.id.au
Tue Oct 22 13:42:29 AEDT 2024
Hi Ritesh,
"Ritesh Harjani (IBM)" <ritesh.list at gmail.com> writes:
> copy_from_kernel_nofault() can be called when doing read of /proc/kcore.
> /proc/kcore can have some unmapped kfence objects which when read via
> copy_from_kernel_nofault() can cause page faults. Since *_nofault()
> functions define their own fixup table for handling fault, use that
> instead of asking kfence to handle such faults.
>
> Hence we search the exception tables for the nip which generated the
> fault. If there is an entry then we let the fixup table handler handle the
> page fault by returning an error from within ___do_page_fault().
>
> This can be easily triggered if someone tries to do dd from /proc/kcore.
> dd if=/proc/kcore of=/dev/null bs=1M
>
> <some example false negatives>
> ===============================
> BUG: KFENCE: invalid read in copy_from_kernel_nofault+0xb0/0x1c8
> Invalid read at 0x000000004f749d2e:
> copy_from_kernel_nofault+0xb0/0x1c8
> 0xc0000000057f7950
> read_kcore_iter+0x41c/0x9ac
> proc_reg_read_iter+0xe4/0x16c
> vfs_read+0x2e4/0x3b0
> ksys_read+0x88/0x154
> system_call_exception+0x124/0x340
> system_call_common+0x160/0x2c4
I haven't been able to reproduce this. Can you give some more details on
the exact machine/kernel-config/setup where you saw this?
cheers
More information about the Linuxppc-dev
mailing list