kernel virtual memory access (from app) does not generatesegfault
Jamie Lokier
jamie at shareable.org
Wed Apr 21 17:00:13 EDT 2010
Russell King - ARM Linux wrote:
> On Wed, Apr 21, 2010 at 08:16:00PM +0100, Jamie Lokier wrote:
> > The two-liner proposed earlier should fix all ARMs doing userspace
> > execution > TASK_SIZE - the problem which started this thread. But
> > not kernel space accidentally executing an NX page > TASK_SIZE due to
> > some bug, which can only occur on ARMv6/v7 due to NX.
>
> Sorry James, that's wrong.
It's Jamie, btw. Always has been.
> ARMv6 and ARMv7 use the IFSR, which gives us the error code - and
> that distinguishes between a translation fault and a permission
> fault. An attempt to execute a NX page generates a permission
> fault, and therefore we end up calling do_page_fault() rather than
> indirecting via do_translation_fault().
That's a fine explanation, but I'd already grokked it, thanks to your
earlier hint. So what's wrong about what I said above? Rephrased as:
Kernel executes NX page > TASK_SIZE:
Without patch, loops calling do_translation_fault() which
just returns because the pte is already mapped and valid.
With patch, goes to do_page_fault().
-> Fixed by the IFSR patch.
User executes NX page > TASK_SIZE
-> Fixed by the two-liner or IFSR patch, it doesn't matter.
Either one directs these to do_page_fault().
Kernel executes NX page < TASK_SIZE:
-> Already caught by PROT_EXEC + FSR_LNF_PX check in
do_translation_fault -> do_page-fault -> access_error.
User executes NX page < TASK_SIZE:
-> Already caught by PROT_EXEC + FSR_LNF_PX check in
do_translation_fault -> do_page-fault -> access_error.
-- Jamie
More information about the linux-arm-kernel
mailing list