On Mon, 2018-11-26 at 14:35:04 UTC, "Aneesh Kumar K.V" wrote:
> With commit 2865d08dd9ea ("powerpc/mm: Move the DSISR_PROTFAULT sanity check")
> we moved the protection fault access check before vma lookup. That means we
> hit that WARN_ON when user space access a kernel address. Before the commit
> this was handled by find_vma() not finding vma for the kernel address and
> considering that access as bad area access.
>
> Avoid the confusing WARN_ON and convert that to a ratelimited printk.
> With the patch we now get
>
> for load:
> [ 187.700294] a.out[5997]: User access of kernel address (c00000000000dea0)
> - exploit attempt? (uid: 1000)
> [ 187.700344] a.out[5997]: segfault (11) at c00000000000dea0 nip 1317c0798
> lr 7fff80d6441c code 1 in a.out[1317c0000+10000]
> [ 187.700429] a.out[5997]: code: 60000000 60420000 3c4c0002 38427790
> 4bffff20 3c4c0002 38427784 fbe1fff8
> [ 187.700435] a.out[5997]: code: f821ffc1 7c3f0b78 60000000 e9228030
> <89290000> 993f002f 60000000 383f0040
>
> for exec:
> [ 225.100903] a.out[6067]: User access of kernel address (c00000000000dea0)
> - exploit attempt? (uid: 1000)
> [ 225.100938] a.out[6067]: segfault (11) at c00000000000dea0 nip
> c00000000000dea0 lr 129d507b0 code 1
> [ 225.100943] a.out[6067]: Bad NIP, not dumping instructions.
>
> Fixes: 2865d08dd9ea ("powerpc/mm: Move the DSISR_PROTFAULT sanity check")
> Signed-off-by: Aneesh Kumar K.V <aneesh.ku...@linux.ibm.com>
> Tested-by: Breno Leitao <lei...@debian.org>
Applied to powerpc next, thanks.
https://git.kernel.org/powerpc/c/374f3f5979f9b28bfb5b5799208d82
cheers
