git.kernel.dk Git - linux-2.6-block.git/commit

author	Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
	Mon, 26 Nov 2018 14:35:04 +0000 (20:05 +0530)
committer	Michael Ellerman <mpe@ellerman.id.au>
	Thu, 20 Dec 2018 09:52:54 +0000 (20:52 +1100)
commit	374f3f5979f9b28bfb5b5799208d82d08ef518a7
tree	6daac701c11e18908347be618977837b0ee21a7a	tree \| snapshot
parent	385e89d5b20f5a7c33fd7c1904da0e6a8e1b366f	commit \| diff

powerpc/mm/hash: Handle user access of kernel address gracefully

In commit 2865d08dd9ea ("powerpc/mm: Move the DSISR_PROTFAULT sanity
check") we moved the protection fault access check before the vma
lookup. That means we hit that WARN_ON when user space accesses a
kernel address. Before that commit this was handled by find_vma() not
finding vma for the kernel address and considering that access as bad
area access.

Avoid the confusing WARN_ON and convert that to a ratelimited printk.

With the patch we now get:

for load:
  a.out[5997]: User access of kernel address (c00000000000dea0) - exploit attempt? (uid: 1000)
  a.out[5997]: segfault (11) at c00000000000dea0 nip 1317c0798 lr 7fff80d6441c code 1 in a.out[1317c0000+10000]
  a.out[5997]: code: 60000000 60420000 3c4c0002 38427790 4bffff20 3c4c0002 38427784 fbe1fff8
  a.out[5997]: code: f821ffc1 7c3f0b78 60000000 e9228030 <89290000> 993f002f 60000000 383f0040

for exec:
  a.out[6067]: User access of kernel address (c00000000000dea0) - exploit attempt? (uid: 1000)
  a.out[6067]: segfault (11) at c00000000000dea0 nip c00000000000dea0 lr 129d507b0 code 1
  a.out[6067]: Bad NIP, not dumping instructions.

Fixes: 2865d08dd9ea ("powerpc/mm: Move the DSISR_PROTFAULT sanity check")
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Tested-by: Breno Leitao <leitao@debian.org>
[mpe: Don't split printk() string across lines]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>