On Sat, 30 Oct 2021 at 05:51, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > > Liao Chang <liaochang1@xxxxxxxxxx> writes: > > > The pointer to buffer loading kernel binaries is in kernel space for > > kexec_fil mode, When copy_from_user copies data from pointer to a block > > of memory, it checkes that the pointer is in the user space range, on > > RISCV-V that is: > > > > static inline bool __access_ok(unsigned long addr, unsigned long size) > > { > > return size <= TASK_SIZE && addr <= TASK_SIZE - size; > > } > > > > and TASK_SIZE is 0x4000000000 for 64-bits, which now causes > > copy_from_user to reject the access of the field 'buf' of struct > > kexec_segment that is in range [CONFIG_PAGE_OFFSET - VMALLOC_SIZE, > > CONFIG_PAGE_OFFSET), is invalid user space pointer. > > > > This patch fixes this issue by skipping access_ok(), use mempcy() instead. > > I am a bit confused. > > Why is machine_kexec ever calling copy_from_user? That seems wrong in > all cases. > It's not machine_kexec -- it's machine_kexec_prepare, which pulls out the FDT from the image. It looks like MIPS does it similarly. (Caveat: I might be confused as well! ;-)) Björn _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec