From patchwork Fri Jan  3 16:02:12 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?b?Q2zDqW1lbnQgTMOpZ2Vy?= <cleger@rivosinc.com>
X-Patchwork-Id: 13925674
Return-Path: 
 <linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 22EF6E77188
	for <linux-riscv@archiver.kernel.org>; Fri,  3 Jan 2025 16:02:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=qJChpW6oLTcPzJkKUAigCv0fh0p9YlahI1QRjHkymuM=; b=vTEtNzG6juG7mu
	OmNm687GFcY+gA6IqJMQtFmWz+gdcB+GSj3qq5f9NNgjhLSBIGI1D0Rpcr0Vc51w52rKmCOpbB2Tt
	iAo4VbmmN/aQq8pu3Pg5LlMdIF//pU98uHDOOVkEe9T72tRMt6JCTMfMINyupzaUTwEXnV7DAq4wy
	4BaFSDkkGt3/KtJdoTGuFBGDuKqkIBzKntm3c9qrPaKtD7l/O8jRiTYp4N6g3BUFEezkW0/7SUbFK
	2s/IJE/C4ohOPCoQcC1uaJHavp/Ec0yc50QX0wz9/zc5pQSXlLh/aM7NAO4dbkK8593Sjvg6zfuyI
	ZazPB10Rz01sHJ+0xOzQ==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux))
	id 1tTk80-0000000DN64-0yDK;
	Fri, 03 Jan 2025 16:02:24 +0000
Received: from mail-wm1-x32f.google.com ([2a00:1450:4864:20::32f])
	by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux))
	id 1tTk7x-0000000DN5M-0llf
	for linux-riscv@lists.infradead.org;
	Fri, 03 Jan 2025 16:02:22 +0000
Received: by mail-wm1-x32f.google.com with SMTP id
 5b1f17b1804b1-4361b6f9faeso75185755e9.1
        for <linux-riscv@lists.infradead.org>;
 Fri, 03 Jan 2025 08:02:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20230601.gappssmtp.com; s=20230601; t=1735920139;
 x=1736524939; darn=lists.infradead.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=HhnXhiBJBFC7C+Aawkh2Vz/9safPS+mJzsnuCa4fu70=;
        b=ZTB+YA1ee5Xrdbn9w/cv0n9lemAMHjWjOKxTTdfjDWw2DZz9J+S+T2oU4dWkxidZs+
         LpfzTHrWcTpfN3v2C/gn04BiSB57sK8wQgBABYCoIO+4OBZG/FJaGrpI05T1NN5cCeu7
         O959JihPFULqF0TaBiSN6Aqa2NOyvdIcMcj/2F5oGP4ZTNq+dM6Ch3OdpEMDN4RXnKvV
         a0ZlDQNNpbnnaaUB1hn9MNXavTPbluVs+1fgC5O1EJIFFGzRoOijcRJcW26rLHLaMK97
         UN+ul5GpDr/a3+Mw2GJFv5UkaNZJU30aTvKC9vfAN+rOwwhDEvcQUGCCfhXVcN0UbSXB
         lkjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1735920139; x=1736524939;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=HhnXhiBJBFC7C+Aawkh2Vz/9safPS+mJzsnuCa4fu70=;
        b=OlGAv84dxUJIcElc0PuG93xizEmgbEDNO1X+W15znkVp5wXk2Zwil2SPoD47utu+7e
         o4imslGOuFX8FB5cgoXUIW2KYZP/HDdXqrvm1VFmmPY1zAQunZdOCojl+A9T9hUA3UIj
         dQuXScVZIYZ3x0rWGGgb8d/yorN4+7wW0znItxe7WJgl6/RsNw7E2aeAonIEQIVTsSBz
         WbdANbr8y3TaALzW2SF/nFAhCrF/CPYCu2HP+6ExMrtiUJ7DFrIHi8HJuPb/wp7epeN8
         DapfUeh3zzMSc/gCPnCEDNTA4XPQf0e7BGUn/bDdTQ/S7lWilIrg1rAyBHjPi7d8WOTM
         A42w==
X-Forwarded-Encrypted: i=1;
 AJvYcCWl05w1vvec0zX8ocaX/2bEIGRZgKySnbBFGh+8YIIJOgxj/QJ3MIoWuquyeve0Y7MAYr/CjwERoqYMsA==@lists.infradead.org
X-Gm-Message-State: AOJu0YyrJ4B6hlflZ5Ru6FrjaefWZv9EvjJo2sxT/hp4/o7tqdNR6ZJs
	N1/q8dat7E111pTI2rxaOxutEJKODZLl9jQZIWRDC65yknYujm97hCoWlT7kDSU=
X-Gm-Gg: ASbGnctzRvKN86cEO/o2eLDmMH0IMNIBBzF9LTs1EE1vhPs2mMP2tXoF5nB/P4cDu+J
	cXg6/PzP5NxJuz9tv6B6udDbNqwr9A7IVWcB77NbcE0hLvCBTfLty/YUqYk6HKcaJlRpEb64G9C
	M29pGCSBZw7703EyAuD0FeH5lvc/E+6z2Ig1IlFsL2KjLFcgkIsxWYIlYC3DAA5Dyqfg4vePzPj
	ZxgKZXn24YvyO05eY/nkE1Yh/OJX451ugmWBwYosahfJim33HvvN8ijOA==
X-Google-Smtp-Source: 
 AGHT+IGiH4f+iFtbqTHqAIn7gziVnGP9IrLLBkdeE5qloAxEpQ4ctpaVRx832Uo/qr0BTEO5Y13l5A==
X-Received: by 2002:a7b:c7cd:0:b0:434:92f8:54a8 with SMTP id
 5b1f17b1804b1-4365c51e2a3mr433112145e9.0.1735920139460;
        Fri, 03 Jan 2025 08:02:19 -0800 (PST)
Received: from carbon-x1.. ([2a01:e0a:e17:9700:16d2:7456:6634:9626])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-436611ea40csm486312685e9.1.2025.01.03.08.02.18
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 03 Jan 2025 08:02:18 -0800 (PST)
From: =?utf-8?b?Q2zDqW1lbnQgTMOpZ2Vy?= <cleger@rivosinc.com>
To: Paul Walmsley <paul.walmsley@sifive.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	linux-riscv@lists.infradead.org (open list:RISC-V ARCHITECTURE),
	linux-kernel@vger.kernel.org (open list)
Cc: =?utf-8?b?Q2zDqW1lbnQgTMOpZ2Vy?= <cleger@rivosinc.com>,
 Samuel Holland <samuel.holland@sifive.com>
Subject: [PATCH] riscv: misaligned: disable pagefault before accessing user
 memory
Date: Fri,  3 Jan 2025 17:02:12 +0100
Message-ID: <20250103160214.657508-1-cleger@rivosinc.com>
X-Mailer: git-send-email 2.45.2
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20250103_080221_490234_C11B2C54 
X-CRM114-Status: GOOD (  13.13  )
X-BeenThere: linux-riscv@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-riscv.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-riscv>,
 <mailto:linux-riscv-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-riscv/>
List-Post: <mailto:linux-riscv@lists.infradead.org>
List-Help: <mailto:linux-riscv-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-riscv>,
 <mailto:linux-riscv-request@lists.infradead.org?subject=subscribe>
Sender: "linux-riscv" <linux-riscv-bounces@lists.infradead.org>
Errors-To: 
 linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org

Calling copy_{from/to}_user() in interrupt context might actually sleep
and display a BUG message:

[   10.377019] BUG: sleeping function called from invalid context at include/linux/uaccess.h:162
[   10.379868] in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 88, name: ssh-keygen
[   10.380009] preempt_count: 0, expected: 0
[   10.380324] CPU: 0 UID: 0 PID: 88 Comm: ssh-keygen Not tainted 6.13.0-rc5-00013-g3435cd5f1331-dirty #19
[   10.380639] Hardware name: riscv-virtio,qemu (DT)
[   10.380798] Call Trace:
[   10.381108] [<ffffffff80013d30>] dump_backtrace+0x1c/0x24
[   10.381690] [<ffffffff800022d8>] show_stack+0x28/0x34
[   10.381812] [<ffffffff8000ee1c>] dump_stack_lvl+0x4a/0x68
[   10.381958] [<ffffffff8000ee4e>] dump_stack+0x14/0x1c
[   10.382047] [<ffffffff80065e0a>] __might_resched+0xfa/0x104
[   10.382172] [<ffffffff80065e56>] __might_sleep+0x42/0x66
[   10.382267] [<ffffffff801b0c5e>] __might_fault+0x1c/0x24
[   10.382363] [<ffffffff804415e4>] _copy_from_user+0x28/0xc2
[   10.382459] [<ffffffff800152ca>] handle_misaligned_load+0x1ca/0x2fc
[   10.382565] [<ffffffff80a033a0>] do_trap_load_misaligned+0x24/0xee
[   10.382714] [<ffffffff80a0dc66>] handle_exception+0x146/0x152

In order to safely handle user memory access from this context, disable
page fault while copying user memory. Although this might lead to copy
failure in some cases (offlined page), this is the best we can try to be
safe.

Fixes: b686ecdeacf6 ("riscv: misaligned: Restrict user access to kernel memory")
Signed-off-by: Clément Léger <cleger@rivosinc.com>
---
 arch/riscv/kernel/traps_misaligned.c | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c
index 7cc108aed74e..75a08ed20070 100644
--- a/arch/riscv/kernel/traps_misaligned.c
+++ b/arch/riscv/kernel/traps_misaligned.c
@@ -355,7 +355,7 @@ static int handle_scalar_misaligned_load(struct pt_regs *regs)
 {
 	union reg_data val;
 	unsigned long epc = regs->epc;
-	unsigned long insn;
+	unsigned long insn, copy_len;
 	unsigned long addr = regs->badaddr;
 	int fp = 0, shift = 0, len = 0;
 
@@ -441,7 +441,16 @@ static int handle_scalar_misaligned_load(struct pt_regs *regs)
 
 	val.data_u64 = 0;
 	if (user_mode(regs)) {
-		if (copy_from_user(&val, (u8 __user *)addr, len))
+		/*
+		 * We can not sleep in exception context. Disable pagefault to
+		 * avoid a potential sleep while accessing user memory. Side
+		 * effect is that if it would have sleep, then the copy will
+		 * fail.
+		 */
+		pagefault_disable();
+		copy_len = copy_from_user(&val, (u8 __user *)addr, len);
+		pagefault_enable();
+		if (copy_len)
 			return -1;
 	} else {
 		memcpy(&val, (u8 *)addr, len);
@@ -463,7 +472,7 @@ static int handle_scalar_misaligned_store(struct pt_regs *regs)
 {
 	union reg_data val;
 	unsigned long epc = regs->epc;
-	unsigned long insn;
+	unsigned long insn, copy_len;
 	unsigned long addr = regs->badaddr;
 	int len = 0, fp = 0;
 
@@ -539,7 +548,16 @@ static int handle_scalar_misaligned_store(struct pt_regs *regs)
 		return -EOPNOTSUPP;
 
 	if (user_mode(regs)) {
-		if (copy_to_user((u8 __user *)addr, &val, len))
+		/*
+		 * We can not sleep in exception context. Disable pagefault to
+		 * avoid a potential sleep while accessing user memory. Side
+		 * effect is that if it would have sleep, then the copy will
+		 * fail.
+		 */
+		pagefault_disable();
+		copy_len = copy_to_user((u8 __user *)addr, &val, len);
+		pagefault_enable();
+		if (copy_len)
 			return -1;
 	} else {
 		memcpy((u8 *)addr, &val, len);