On Mon, Jul 02, 2018 at 02:16:10PM -0700, Dan Williams wrote:
> All copy_to_user() implementations need to be prepared to handle faults
> accessing userspace. The __memcpy_mcsafe() implementation handles both
> mmu-faults on the user destination and machine-check-exceptions on the
> source buffer. However, the memcpy_mcsafe() wrapper may silently
> fallback to memcpy() depending on build options and cpu-capabilities.
>
> Force copy_to_user_mcsafe() to always use __memcpy_mcsafe() when
> available, and otherwise disable all of the copy_to_user_mcsafe()
> infrastructure when __memcpy_mcsafe() is not available, i.e.
> CONFIG_X86_MCE=n.
>
> This fixes crashes of the form:
> run fstests generic/323 at 2018-07-02 12:46:23
> BUG: unable to handle kernel paging request at 00007f0d50001000
> RIP: 0010:__memcpy+0x12/0x20
> [..]
> Call Trace:
> copyout_mcsafe+0x3a/0x50
> _copy_to_iter_mcsafe+0xa1/0x4a0
> ? dax_alive+0x30/0x50
> dax_iomap_actor+0x1f9/0x280
> ? dax_iomap_rw+0x100/0x100
> iomap_apply+0xba/0x130
> ? dax_iomap_rw+0x100/0x100
> dax_iomap_rw+0x95/0x100
> ? dax_iomap_rw+0x100/0x100
> xfs_file_dax_read+0x7b/0x1d0 [xfs]
> xfs_file_read_iter+0xa7/0xc0 [xfs]
> aio_read+0x11c/0x1a0
>
> Fixes: 8780356ef630 ("x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe()")
> Cc: Al Viro <v...@zeniv.linux.org.uk>
> Cc: Andrew Morton <a...@linux-foundation.org>
> Cc: Andy Lutomirski <l...@amacapital.net>
> Cc: Borislav Petkov <b...@alien8.de>
> Cc: Linus Torvalds <torva...@linux-foundation.org>
> Cc: Peter Zijlstra <pet...@infradead.org>
> Cc: Thomas Gleixner <t...@linutronix.de>
> Cc: Tony Luck <tony.l...@intel.com>
> Reported-by: Ross Zwisler <ross.zwis...@linux.intel.com>
> Signed-off-by: Dan Williams <dan.j.willi...@intel.com>
Tested-by: Ross Zwisler <ross.zwis...@linux.intel.com>
