On Mon, Nov 30, 2020 at 7:33 AM Eric Lin <tesh...@andestech.com> wrote: > > In the page fault handler, an access to user-space memory > without get/put_user() or copy_from/to_user() routines is > not resolved properly. Like arm and other architectures, > we need to let it die earlier in page fault handler.
Fix looks good to me. Can you elaborate on how you found the issue and how the bug manifests itself? > > Signed-off-by: Eric Lin <tesh...@andestech.com> > Cc: Alan Kao <alan...@andestech.com> > --- > arch/riscv/mm/fault.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c > index 3c8b9e433c67..a452cfa266a2 100644 > --- a/arch/riscv/mm/fault.c > +++ b/arch/riscv/mm/fault.c > @@ -232,6 +232,9 @@ asmlinkage void do_page_fault(struct pt_regs *regs) > if (user_mode(regs)) > flags |= FAULT_FLAG_USER; > > + if (!user_mode(regs) && addr < TASK_SIZE && unlikely(!(regs->status & > SR_SUM))) > + die(regs, "Accessing user space memory without uaccess > routines\n"); Let's introduce a die_kernel_fault() helper (similar to arm64, for example) to ensure same semantics for the different kernel faults. You can extract the helper from no_context(). > + > perf_sw_event(PERF_COUNT_SW_PAGE_FAULTS, 1, regs, addr); > > if (cause == EXC_STORE_PAGE_FAULT) > -- > 2.17.0 > > > _______________________________________________ > linux-riscv mailing list > linux-ri...@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-riscv