On Tue, Jul 17, 2018 at 03:01:21PM +0530, Hari Vyas wrote:
> On executing simple user level "devmem 0x0" command, kernel panics.
> As 0x0 address is mostly not matched to any valid memory so exception
> is expected and raised which results in unconditional kernel panic
> by serror handler.
Having access to /dev/mem means that userspace can bring down the system
in any number of ways.
Why did userspace do this, and why do you think this shouldn't be fatal?
> This is happening after newly introduced serror handling framework
> change which panics kernel on any any serror without checking
> processor mode.`
This is the expected behaviour. The processor mode is not relevant,
because Serror is asynchronous -- so we cannot attribute it to userspace
instructions.
> Kernel panic is fixed by checking processor mode in serror handler.
> On kernel mode, normal kernel panic action is taken and system halts.
> On user mode, only user process is killed and further panic action is
> not initiated.
This is not safe.
For example, an Serror could result from the kernel page tables being
programmed to point at device memory. A TLB walk for TTBR1 made while
userspace was executing could result in an SError, and killing userspace
alone is insufficient to contain the error.
Thanks,
Mark.
>
> Signed-off-by: Hari Vyas <hari.vyas@xxxxxxxxxxxx>
> ---
> arch/arm64/kernel/traps.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c
> index d399d45..c7cbad7 100644
> --- a/arch/arm64/kernel/traps.c
> +++ b/arch/arm64/kernel/traps.c
> @@ -729,6 +729,13 @@ bool arm64_is_fatal_ras_serror(struct pt_regs *regs, unsigned int esr)
>
> asmlinkage void do_serror(struct pt_regs *regs, unsigned int esr)
> {
> + if (user_mode(regs)) {
> + pr_crit("UserMode SError Exception on CPU%d, code 0x%08x %s\n",
> + smp_processor_id(), esr, esr_get_class_string(esr));
> + die("Oops - user mode ", regs, 0);
> + return;
> + }
> +
> nmi_enter();
>
> /* non-RAS errors are not containable */
> --
> 1.9.1
>
>
> _______________________________________________
> linux-arm-kernel mailing list
> linux-arm-kernel@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
