x86/uaccess, sched/preempt: Verify access_ok() context
authorPeter Zijlstra <peterz@infradead.org>
Tue, 22 Nov 2016 09:57:15 +0000 (10:57 +0100)
committerIngo Molnar <mingo@kernel.org>
Tue, 6 Dec 2016 09:32:40 +0000 (10:32 +0100)
I recently encountered wreckage because access_ok() was used where it
should not be, add an explicit WARN when access_ok() is used wrongly.

Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
arch/x86/include/asm/uaccess.h
include/linux/preempt.h

index faf3687f1035c466c87684110fbc221afcce141f..ea148313570f6e6d1a7ba34ba18f49ce7928569f 100644 (file)
@@ -68,6 +68,12 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
        __chk_range_not_ok((unsigned long __force)(addr), size, limit); \
 })
 
+#ifdef CONFIG_DEBUG_ATOMIC_SLEEP
+# define WARN_ON_IN_IRQ()      WARN_ON_ONCE(!in_task())
+#else
+# define WARN_ON_IN_IRQ()
+#endif
+
 /**
  * access_ok: - Checks if a user space pointer is valid
  * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE.  Note that
@@ -88,8 +94,11 @@ static inline bool __chk_range_not_ok(unsigned long addr, unsigned long size, un
  * checks that the pointer is in the user space range - after calling
  * this function, memory access functions may still return -EFAULT.
  */
-#define access_ok(type, addr, size) \
-       likely(!__range_not_ok(addr, size, user_addr_max()))
+#define access_ok(type, addr, size)                                    \
+({                                                                     \
+       WARN_ON_IN_IRQ();                                               \
+       likely(!__range_not_ok(addr, size, user_addr_max()));           \
+})
 
 /*
  * These are the main single-value transfer routines.  They automatically
index 75e4e30677f1254fb2c9f076f71fc4e2df1fb9be..7eeceac52dea2509ea28344d1181ccae023aead9 100644 (file)
 
 /*
  * Are we doing bottom half or hardware interrupt processing?
- * Are we in a softirq context? Interrupt context?
- * in_softirq - Are we currently processing softirq or have bh disabled?
- * in_serving_softirq - Are we currently processing softirq?
+ *
+ * in_irq()       - We're in (hard) IRQ context
+ * in_softirq()   - We have BH disabled, or are processing softirqs
+ * in_interrupt() - We're in NMI,IRQ,SoftIRQ context or have BH disabled
+ * in_serving_softirq() - We're in softirq context
+ * in_nmi()       - We're in NMI context
+ * in_task()     - We're in task context
+ *
+ * Note: due to the BH disabled confusion: in_softirq(),in_interrupt() really
+ *       should not be used in new code.
  */
 #define in_irq()               (hardirq_count())
 #define in_softirq()           (softirq_count())
 #define in_interrupt()         (irq_count())
 #define in_serving_softirq()   (softirq_count() & SOFTIRQ_OFFSET)
-
-/*
- * Are we in NMI context?
- */
-#define in_nmi()       (preempt_count() & NMI_MASK)
+#define in_nmi()               (preempt_count() & NMI_MASK)
+#define in_task()              (!(preempt_count() & \
+                                  (NMI_MASK | HARDIRQ_MASK | SOFTIRQ_OFFSET)))
 
 /*
  * The preempt_count offset after preempt_disable();