futex(0x1ffffff81300000) on risc-v -> mm panic
Nam Cao
namcao at linutronix.de
Thu Jun 19 09:02:14 PDT 2025
On Thu, Jun 19, 2025 at 02:35:21PM +0200, Alexandre Ghiti wrote:
> On 6/18/25 12:10, rtm at csail.mit.edu wrote:
> > This program on risc-v:
> >
> > main(){
> > futex((void*) 0x1ffffff81300000, FUTEX_WAIT, 0, 0, 0, 0);
>
>
> This address is far beyond what userspace is supposed to be able to access,
> even in sv57, see Documentation/arch/riscv/vm-layout.rst.
>
> The problem is that access_ok() lets it go through and then gup returns a
> kernel mapping, which isn't good at all.
>
> I can't reproduce the issue, but it seems like commit ad5643cf2f69 ("riscv:
> Define TASK_SIZE_MAX for __access_ok()") is the culprit, can you try
> reverting it?
Yeah my git bisect said the same thing. At first I thought that commit just
uncovered some deeper problem; but staring at it, I think that is the bug.
Just send a patch.
Best regards,
Nam
More information about the linux-riscv
mailing list