You are correct that find_vma is insufficient for what's intended
here, and that find_vma_intersection fixes it.
I'll let the arch maintainers speak of what the consequences of the
changed si_code would be - the bug has been here so long, that I would
worry some userspace might have come to depend on it (the old "common
law feature" issue).
Just a concern I have, with 0 evidence behind it, so I hope it turns
out not to be an actual issue.
Acked-by: Michel Lespinasse <walken@xxxxxxxxxx>
On Thu, Apr 1, 2021 at 12:51 PM Liam Howlett <liam.howlett@xxxxxxxxxx> wrote:
>
> find_vma() will continue to search upwards until the end of the virtual
> memory space. This means the si_code would almost never be set to
> SEGV_MAPERR even when the address falls outside of any VMA.
>
> Using find_vma_intersection() allows for what is intended by only
> returning a VMA if it falls within the range provided, in this case a
> window of 1.
>
> Signed-off-by: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
> ---
> arch/alpha/kernel/traps.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/alpha/kernel/traps.c b/arch/alpha/kernel/traps.c
> index 921d4b6e4d95..7f51386c06d0 100644
> --- a/arch/alpha/kernel/traps.c
> +++ b/arch/alpha/kernel/traps.c
> @@ -957,8 +957,10 @@ do_entUnaUser(void __user * va, unsigned long opcode,
> si_code = SEGV_ACCERR;
> else {
> struct mm_struct *mm = current->mm;
> + unsigned long addr = (unsigned long)va;
> +
> mmap_read_lock(mm);
> - if (find_vma(mm, (unsigned long)va))
> + if (find_vma_intersection(mm, addr, addr + 1))
> si_code = SEGV_ACCERR;
> else
> si_code = SEGV_MAPERR;
> --
> 2.30.0
--
Michel "Walken" Lespinasse
A program is never fully debugged until the last user dies.
