Use of __memcpy_avx_unaligned for userspace memory access in kernel module #3
Description
Hi,
When I run the hello world program in kernel-recv02, it triggers the following crash when the kernel module calls __memcpy_avx_unaligned with userspace addresses:
[ 35.343203] BUG: unable to handle page fault for address: 00005635d42fd380
[ 35.344395] #PF: supervisor read access in kernel mode
[ 35.345294] #PF: error_code(0x0001) - permissions violation
[ 35.346267] PGD 106a58067 P4D 106a5a067 PUD 1059ad067 PMD 1059a9067 PTE 800000001069f867
[ 35.347679] Oops: 0001 [#1] SMP KASAN NOPTI
[ 35.348418] CPU: 2 PID: 376 Comm: copyer-wt Not tainted 5.15.131+ #6
[ 35.349524] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015
[ 35.350973] RIP: 0010:__memcpy_avx_unaligned+0x1e7/0x1fd6b0
[ 35.366382] Call Trace:
[ 35.366746]
[ 35.367065] ? __die_body.cold+0x1a/0x1f
[ 35.367646] ? __die+0x2a/0x35
[ 35.368097] ? page_fault_oops+0x1f6/0x4b0
[ 35.368711] ? dump_pagetable+0x460/0x460
[ 35.369304] ? __kasan_check_write+0x14/0x20
[ 35.369926] ? __kasan_check_write+0x14/0x20
[ 35.370553] ? do_user_addr_fault+0x3e8/0x800
[ 35.371188] ? vprintk_emit+0xe3/0x2a0
[ 35.371743] ? exc_page_fault+0x5f/0xe0
[ 35.372313] ? asm_exc_page_fault+0x27/0x30
[ 35.372928] ? u2u_thread_background_cp+0x729/0x932
[ 35.373647] ? __kasan_check_write+0x14/0x20
[ 35.374281] ? _raw_spin_lock_irqsave+0x8e/0xf0
[ 35.374945] ? _raw_write_unlock_bh+0x30/0x30
[ 35.375585] ? thread_background_cp_whole_system.cold+0x14/0x14
[ 35.376449] kthread+0x1d7/0x200
[ 35.376920] ? set_kthread_struct+0x90/0x90
[ 35.377528] ret_from_fork+0x1f/0x30
[ 35.378055]
// In kernel module
static inline void u2u_copy_user_to_user_core_short(const void *src, const void *dst, ...)
{
__memcpy_avx_unaligned((void *)dst, src, n); // CRASHES HERE
...
}
As far as I know, kernel cannot directly dereference userspace pointers. Instead, kernel should use copy_from_user()/copy_to_user() for accessing userspace memory?