Hi Ritesh, "Ritesh Harjani (IBM)" <ritesh.list@xxxxxxxxx> writes: > copy_from_kernel_nofault() can be called when doing read of /proc/kcore. > /proc/kcore can have some unmapped kfence objects which when read via > copy_from_kernel_nofault() can cause page faults. Since *_nofault() > functions define their own fixup table for handling fault, use that > instead of asking kfence to handle such faults. > > Hence we search the exception tables for the nip which generated the > fault. If there is an entry then we let the fixup table handler handle the > page fault by returning an error from within ___do_page_fault(). > > This can be easily triggered if someone tries to do dd from /proc/kcore. > dd if=/proc/kcore of=/dev/null bs=1M > > <some example false negatives> > =============================== > BUG: KFENCE: invalid read in copy_from_kernel_nofault+0xb0/0x1c8 > Invalid read at 0x000000004f749d2e: > copy_from_kernel_nofault+0xb0/0x1c8 > 0xc0000000057f7950 > read_kcore_iter+0x41c/0x9ac > proc_reg_read_iter+0xe4/0x16c > vfs_read+0x2e4/0x3b0 > ksys_read+0x88/0x154 > system_call_exception+0x124/0x340 > system_call_common+0x160/0x2c4 I haven't been able to reproduce this. Can you give some more details on the exact machine/kernel-config/setup where you saw this? cheers
