diff options
| author | Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com> | 2020-12-08 08:45:39 +0530 |
|---|---|---|
| committer | Michael Ellerman <mpe@ellerman.id.au> | 2020-12-08 21:40:54 +1100 |
| commit | 475c8749d9542392d7e0855097d29ed14877ad0a (patch) | |
| tree | 2a9b9e131fb1f2d29d220d9f95de5742634765ad /arch/powerpc/mm | |
| parent | 250ad7a45b1e58d580decfb935fc063c4cf56f91 (diff) | |
| download | linux-475c8749d9542392d7e0855097d29ed14877ad0a.tar.bz2 | |
powerpc/book3s64/kuap: Improve error reporting with KUAP
This partially reverts commit eb232b162446 ("powerpc/book3s64/kuap: Improve
error reporting with KUAP") and update the fault handler to print
[ 55.022514] Kernel attempted to access user page (7e6725b70000) - exploit attempt? (uid: 0)
[ 55.022528] BUG: Unable to handle kernel data access on read at 0x7e6725b70000
[ 55.022533] Faulting instruction address: 0xc000000000e8b9bc
[ 55.022540] Oops: Kernel access of bad area, sig: 11 [#1]
....
when the kernel access userspace address without unlocking AMR.
bad_kuap_fault() is added as part of commit 5e5be3aed230 ("powerpc/mm: Detect
bad KUAP faults") to catch userspace access incorrectly blocked by AMR. Hence
retain the full stack dump there even with hash translation. Also, add a comment
explaining the difference between hash and radix.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201208031539.84878-1-aneesh.kumar@linux.ibm.com
Diffstat (limited to 'arch/powerpc/mm')
| -rw-r--r-- | arch/powerpc/mm/fault.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index c91621df0c61..b12595102525 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -210,7 +210,7 @@ static bool bad_kernel_fault(struct pt_regs *regs, unsigned long error_code, return true; } - if (!is_exec && address < TASK_SIZE && (error_code & DSISR_PROTFAULT) && + if (!is_exec && address < TASK_SIZE && (error_code & (DSISR_PROTFAULT | DSISR_KEYFAULT)) && !search_exception_tables(regs->nip)) { pr_crit_ratelimited("Kernel attempted to access user page (%lx) - exploit attempt? (uid: %d)\n", address, @@ -227,7 +227,7 @@ static bool bad_kernel_fault(struct pt_regs *regs, unsigned long error_code, // Read/write fault in a valid region (the exception table search passed // above), but blocked by KUAP is bad, it can never succeed. - if (bad_kuap_fault(regs, address, is_write, error_code)) + if (bad_kuap_fault(regs, address, is_write)) return true; // What's left? Kernel fault on user in well defined regions (extable |