On Aug 30, 2018, at 6:36 AM, Thomas Gleixner [off-list ref] wrote:

quoted

On Wed, 29 Aug 2018, Nadav Amit wrote:
at 8:47 AM, Andy Lutomirski [off-list ref] wrote:

quoted

In NMI context, we might be in the middle of context switching or in
the middle of switch_mm_irqs_off().  In either case, CR3 might not
match current->mm, which could cause copy_from_user_nmi() and
friends to read the wrong memory.

Fix it by adding a new nmi_uaccess_okay() helper and checking it in
copy_from_user_nmi() and in __copy_from_user_nmi()'s callers.

Cc: stable@vger.kernel.org
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Nadav Amit <redacted>
Signed-off-by: Andy Lutomirski <luto@kernel.org>
---

Nadav, this is intended for your series.  Want to add it right
before the use_temporary_mm() stuff?

Sure. Thanks! I will apply the following small fix:

quoted

+
+#ifdef CONFIG_DEBUG_VM
+    WARN_ON_ONCE(!loaded_mm);
+#endif

Will be changed to VM_WARN_ON_ONCE() in the two instances.

Unless I'm completely lost, this can just be applied to tip right
away. It's not depending on anything else.

Fine with me. Do you want to do the VM_WARN_ON cleanup yourself or should I send a v3?