On Thu, 30 Aug 2018, Andy Lutomirski wrote: > > On Aug 30, 2018, at 6:36 AM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote: > > > >> On Wed, 29 Aug 2018, Nadav Amit wrote: > >> at 8:47 AM, Andy Lutomirski <luto@xxxxxxxxxx> wrote: > >> > >>> In NMI context, we might be in the middle of context switching or in > >>> the middle of switch_mm_irqs_off(). In either case, CR3 might not > >>> match current->mm, which could cause copy_from_user_nmi() and > >>> friends to read the wrong memory. > >>> > >>> Fix it by adding a new nmi_uaccess_okay() helper and checking it in > >>> copy_from_user_nmi() and in __copy_from_user_nmi()'s callers. > >>> > >>> Cc: stable@xxxxxxxxxxxxxxx > >>> Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> > >>> Cc: Nadav Amit <nadav.amit@xxxxxxxxx> > >>> Signed-off-by: Andy Lutomirski <luto@xxxxxxxxxx> > >>> --- > >>> > >>> Nadav, this is intended for your series. Want to add it right > >>> before the use_temporary_mm() stuff? > >> > >> Sure. Thanks! I will apply the following small fix: > >> > >>> + > >>> +#ifdef CONFIG_DEBUG_VM > >>> + WARN_ON_ONCE(!loaded_mm); > >>> +#endif > >> > >> Will be changed to VM_WARN_ON_ONCE() in the two instances. > > > > Unless I'm completely lost, this can just be applied to tip right > > away. It's not depending on anything else. > > > > Fine with me. Do you want to do the VM_WARN_ON cleanup yourself or should > I send a v3? I think, I'll manage