[PATCH v2] proc/vmcore: fix clearing user buffer by properly using clear_user()
Andrew Morton
akpm at linux-foundation.org
Mon Nov 15 14:04:44 PST 2021
On Fri, 12 Nov 2021 10:27:50 +0100 David Hildenbrand <david at redhat.com> wrote:
> To clear a user buffer we cannot simply use memset, we have to use
> clear_user(). With a virtio-mem device that registers a vmcore_cb and has
> some logically unplugged memory inside an added Linux memory block, I can
> easily trigger a BUG by copying the vmcore via "cp":
>
> ...
>
> Some x86-64 CPUs have a CPU feature called "Supervisor Mode Access
> Prevention (SMAP)", which is used to detect wrong access from the kernel to
> user buffers like this: SMAP triggers a permissions violation on wrong
> access. In the x86-64 variant of clear_user(), SMAP is properly
> handled via clac()+stac().
>
> To fix, properly use clear_user() when we're dealing with a user buffer.
>
I added cc:stable, OK?
More information about the kexec
mailing list