diff options
| author | Johannes Berg <[email protected]> | 2025-04-04 15:05:19 +0000 |
|---|---|---|
| committer | Johannes Berg <[email protected]> | 2025-05-05 08:06:51 +0000 |
| commit | 68025adfc13e6cd15eebe2293f77659f47daf13b (patch) | |
| tree | ed250635fcbce5f1c21a12af1785d7e3891ec860 /security/selinux/hooks.c | |
| parent | Linux 6.15-rc5 (diff) | |
| download | kernel-68025adfc13e6cd15eebe2293f77659f47daf13b.tar.gz kernel-68025adfc13e6cd15eebe2293f77659f47daf13b.zip | |
um: fix _nofault accesses
Nathan reported [1] that when built with clang, the um kernel
crashes pretty much immediately. This turned out to be an issue
with the inline assembly I had added, when clang used %rax/%eax
for both operands. Reorder it so current->thread.segv_continue
is written first, and then the lifetime of _faulted won't have
overlap with the lifetime of segv_continue.
In the email thread Benjamin also pointed out that current->mm
is only NULL for true kernel tasks, but we could do this for a
userspace task, so the current->thread.segv_continue logic must
be lifted out of the mm==NULL check.
Finally, while looking at this, put a barrier() so the NULL
assignment to thread.segv_continue cannot be reorder before
the possibly faulting operation.
Reported-by: Nathan Chancellor <[email protected]>
Closes: https://lore.kernel.org/r/20250402221254.GA384@ax162 [1]
Fixes: d1d7f01f7cd3 ("um: mark rodata read-only and implement _nofault accesses")
Tested-by: Nathan Chancellor <[email protected]>
Signed-off-by: Johannes Berg <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions