kernel virtual memory access (from app) does not generatesegfault

Jamie Lokier jamie at shareable.org
Wed Apr 21 15:16:00 EDT 2010


Dave P. Martin wrote:
>  
> 
> > -----Original Message-----
> > From: anfei [mailto:anfei.zhou at gmail.com] 
> > Sent: 21 April 2010 13:43
> > To: Dave P Martin
> > Cc: 'Russell King - ARM Linux'; Jamie Lokier; Ben Dooks; 
> > linux-arm-kernel at lists.infradead.org
> > Subject: Re: kernel virtual memory access (from app) does not 
> > generatesegfault
> 
> [...]
> 
> > > > The difference between instruction faults and data faults 
> > is that we 
> > > > always interpret instruction faults on pre-ARMv6 CPUs as a 
> > > > 'translation fault' rather than a permission fault since 
> > they can't 
> > > > tell us what the problem was.
> > > 
> > > Note that my observations were on an armv7 kernel.  Should we still 
> > > hit the same bit of code in this case, or have I 
> > misdiagnosed the problem?
> > > 
> > You said your kernel is .28, so it seems too old and this 
> > commit may fix
> > it: 
> > commit d25ef8b86e6a58f5476bf6e4a8da730b335f68fa
> > 	ARM: 5728/1: Proper prefetch abort handling on ARMv6 and ARMv7
> > 
> 
> Just to clarify, this problem was not specific to 2.6.28.  I also see the
> same issue on the 2.6.31 Ubuntu lucid kernel.
> 
> So I guess I did misdiagnose the problem, though the affected code did look
> worth tweaking anyway--- the suggested fixes looked sensible to me.
> 
> I see this patch didn't hit mainline before 2.6.32; I'll suggest to the
> Ubuntu folks that they merge this, but I guess it's not critical for them
> --- I don't think they've seen any real-life instances of this problem yet.

The two-liner proposed earlier should fix all ARMs doing userspace
execution > TASK_SIZE - the problem which started this thread.  But
not kernel space accidentally executing an NX page > TASK_SIZE due to
some bug, which can only occur on ARMv6/v7 due to NX.

The above patch addresses ARMv6/v7 with NX mappings - and probably
only those > TASK_SIZE; NX mappings < TASK_SIZE should have been
caught by the PROT_EXEC check already in fault.c.

If I'm right, the NX one is more serious if you can trip a kernel bug
into doing this, because it'll result in an unkillable process, stuck
in kernel mode and spinning.  But only if you trip a kernel bug.

So both patches look useful.

-- Jamie



More information about the linux-arm-kernel mailing list