um: Catch unprotected user memory access If the kernel tries to access user memory without copy_from_user() a trap will happen as kernel and userspace run in different processes on the host side. Currently this special page fault cannot be resolved and will happen over and over again. As result UML will lockup. This patch allows the page fault code to detect that situation and causes a panic() such that the root cause of the unprotected memory access can be found and fixed. Signed-off-by: Richard Weinberger <richard@nod.at>

commit: d2313084e2c3488e254796617fcda45d69731b21 [log] [tgz]
author: Richard Weinberger <richard@nod.at> Sun May 31 19:21:51 2015 +0200
committer: Richard Weinberger <richard@nod.at> Sun May 31 19:21:51 2015 +0200
tree: 3e1a011f87f645cfc5c09330d8a56741d8f019d1
parent: 6c684465587aab2a0d2712ee755c0164fa33efd1 [diff] [blame]
diff --git a/arch/um/kernel/trap.c b/arch/um/kernel/trap.c
index 8e4daf4..34b633ec 100644
--- a/arch/um/kernel/trap.c
+++ b/arch/um/kernel/trap.c

@@ -219,6 +219,11 @@
 		show_regs(container_of(regs, struct pt_regs, regs));
 		panic("Segfault with no mm");
 	}
+	else if (!is_user && address < TASK_SIZE) {
+		show_regs(container_of(regs, struct pt_regs, regs));
+		panic("Kernel tried to access user memory at addr 0x%lx, ip 0x%lx",
+		       address, ip);
+	}
 
 	if (SEGV_IS_FIXABLE(&fi))
 		err = handle_page_fault(address, ip, is_write, is_user,
commit	d2313084e2c3488e254796617fcda45d69731b21	[log] [tgz]
author	Richard Weinberger <richard@nod.at>	Sun May 31 19:21:51 2015 +0200
committer	Richard Weinberger <richard@nod.at>	Sun May 31 19:21:51 2015 +0200
tree	3e1a011f87f645cfc5c09330d8a56741d8f019d1
parent	6c684465587aab2a0d2712ee755c0164fa33efd1 [diff] [blame]