On Sat, 30 Oct 2021 at 05:51, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
>
> Liao Chang <liaochang1@xxxxxxxxxx> writes:
>
> > The pointer to buffer loading kernel binaries is in kernel space for
> > kexec_fil mode, When copy_from_user copies data from pointer to a block
> > of memory, it checkes that the pointer is in the user space range, on
> > RISCV-V that is:
> >
> > static inline bool __access_ok(unsigned long addr, unsigned long size)
> > {
> > return size <= TASK_SIZE && addr <= TASK_SIZE - size;
> > }
> >
> > and TASK_SIZE is 0x4000000000 for 64-bits, which now causes
> > copy_from_user to reject the access of the field 'buf' of struct
> > kexec_segment that is in range [CONFIG_PAGE_OFFSET - VMALLOC_SIZE,
> > CONFIG_PAGE_OFFSET), is invalid user space pointer.
> >
> > This patch fixes this issue by skipping access_ok(), use mempcy() instead.
>
> I am a bit confused.
>
> Why is machine_kexec ever calling copy_from_user? That seems wrong in
> all cases.
>
It's not machine_kexec -- it's machine_kexec_prepare, which pulls out
the FDT from the image. It looks like MIPS does it similarly.
(Caveat: I might be confused as well! ;-))
Björn
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
