On Thu, 30 Aug 2018, Andy Lutomirski wrote:
On Aug 30, 2018, at 6:36 AM, Thomas Gleixner tglx@linutronix.de wrote:
On Wed, 29 Aug 2018, Nadav Amit wrote: at 8:47 AM, Andy Lutomirski luto@kernel.org wrote:
In NMI context, we might be in the middle of context switching or in the middle of switch_mm_irqs_off(). In either case, CR3 might not match current->mm, which could cause copy_from_user_nmi() and friends to read the wrong memory.
Fix it by adding a new nmi_uaccess_okay() helper and checking it in copy_from_user_nmi() and in __copy_from_user_nmi()'s callers.
Cc: stable@vger.kernel.org Cc: Peter Zijlstra peterz@infradead.org Cc: Nadav Amit nadav.amit@gmail.com Signed-off-by: Andy Lutomirski luto@kernel.org
Nadav, this is intended for your series. Want to add it right before the use_temporary_mm() stuff?
Sure. Thanks! I will apply the following small fix:
+#ifdef CONFIG_DEBUG_VM
- WARN_ON_ONCE(!loaded_mm);
+#endif
Will be changed to VM_WARN_ON_ONCE() in the two instances.
Unless I'm completely lost, this can just be applied to tip right away. It's not depending on anything else.
Fine with me. Do you want to do the VM_WARN_ON cleanup yourself or should I send a v3?
I think, I'll manage