[PATCH v2] proc/vmcore: fix clearing user buffer by properly using clear_user()

Andrew Morton akpm at linux-foundation.org
Mon Nov 15 14:04:44 PST 2021


On Fri, 12 Nov 2021 10:27:50 +0100 David Hildenbrand <david at redhat.com> wrote:

> To clear a user buffer we cannot simply use memset, we have to use
> clear_user(). With a virtio-mem device that registers a vmcore_cb and has
> some logically unplugged memory inside an added Linux memory block, I can
> easily trigger a BUG by copying the vmcore via "cp":
> 
> ...
>
> Some x86-64 CPUs have a CPU feature called "Supervisor Mode Access
> Prevention (SMAP)", which is used to detect wrong access from the kernel to
> user buffers like this: SMAP triggers a permissions violation on wrong
> access. In the x86-64 variant of clear_user(), SMAP is properly
> handled via clac()+stac().
> 
> To fix, properly use clear_user() when we're dealing with a user buffer.
> 

I added cc:stable, OK?



More information about the kexec mailing list