On 10/26/20 6:05 PM, Al Viro wrote:

On Mon, Oct 26, 2020 at 05:56:11PM -0600, Jens Axboe wrote:

quoted

On 10/26/20 4:55 PM, Kyle Huey wrote:

quoted

A test program from the rr[0] test suite, vm_readv_writev[1], no
longer works on 5.10-rc1 when compiled as a 32 bit binary and executed
on a 64 bit kernel. The first process_vm_readv call (on line 35) now
fails with EFAULT. I have bisected this to
c3973b401ef2b0b8005f8074a10e96e3ea093823.

It should be fairly straightforward to extract the test case from our
repository into a standalone program.

Can you check with this applied?

diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
index fd12da80b6f2..05676722d9cd 100644
--- a/mm/process_vm_access.c
+++ b/mm/process_vm_access.c

@@ -273,7 +273,8 @@ static ssize_t process_vm_rw(pid_t pid,
 		return rc;
 	if (!iov_iter_count(&iter))
 		goto free_iov_l;
-	iov_r = iovec_from_user(rvec, riovcnt, UIO_FASTIOV, iovstack_r, false);
+	iov_r = iovec_from_user(rvec, riovcnt, UIO_FASTIOV, iovstack_r,
+				in_compat_syscall());

_ouch_

There's a bug, all right, but I'm not sure that this is all there is
to it. For now it's probably the right fix, but...  Consider the fun
trying to use that from 32bit process to access the memory of 64bit
one.  IOW, we might want to add an explicit flag for "force 64bit
addresses/sizes in rvec".

Ouch yes good point, nice catch.

-- 
Jens Axboe