On Wed, 29 Aug 2018, Nadav Amit wrote:
at 8:47 AM, Andy Lutomirski luto@kernel.org wrote:
In NMI context, we might be in the middle of context switching or in the middle of switch_mm_irqs_off(). In either case, CR3 might not match current->mm, which could cause copy_from_user_nmi() and friends to read the wrong memory.
Fix it by adding a new nmi_uaccess_okay() helper and checking it in copy_from_user_nmi() and in __copy_from_user_nmi()'s callers.
Cc: stable@vger.kernel.org Cc: Peter Zijlstra peterz@infradead.org Cc: Nadav Amit nadav.amit@gmail.com Signed-off-by: Andy Lutomirski luto@kernel.org
Nadav, this is intended for your series. Want to add it right before the use_temporary_mm() stuff?
Sure. Thanks! I will apply the following small fix:
+#ifdef CONFIG_DEBUG_VM
- WARN_ON_ONCE(!loaded_mm);
+#endif
Will be changed to VM_WARN_ON_ONCE() in the two instances.
Unless I'm completely lost, this can just be applied to tip right away. It's not depending on anything else.
Thanks,
tglx