On 15.11.21 23:04, Andrew Morton wrote: > On Fri, 12 Nov 2021 10:27:50 +0100 David Hildenbrand <david@xxxxxxxxxx> wrote: > >> To clear a user buffer we cannot simply use memset, we have to use >> clear_user(). With a virtio-mem device that registers a vmcore_cb and has >> some logically unplugged memory inside an added Linux memory block, I can >> easily trigger a BUG by copying the vmcore via "cp": >> >> ... >> >> Some x86-64 CPUs have a CPU feature called "Supervisor Mode Access >> Prevention (SMAP)", which is used to detect wrong access from the kernel to >> user buffers like this: SMAP triggers a permissions violation on wrong >> access. In the x86-64 variant of clear_user(), SMAP is properly >> handled via clac()+stac(). >> >> To fix, properly use clear_user() when we're dealing with a user buffer. >> > > I added cc:stable, OK? > I was a bit hesitant because this would (beofe the virtio-mem changes) only trigger under XEN and I was wondering why nobody notices under XEN so far. But yes, even though it only applies to the kdump kernel, cc:stable sounds like the right think to do! Thanks Andrew! -- Thanks, David / dhildenb _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec
