lib/test_lockup: fix kernel pointer check for separate address spaces

BugLink: https://bugs.launchpad.net/bugs/1969110
[ Upstream commit 5a06fcb15b43d1f7bf740c672950122331cb5655 ]

test_kernel_ptr() uses access_ok() to figure out if a given address
points to user space instead of kernel space. However on architectures
that set CONFIG_ALTERNATE_USER_ADDRESS_SPACE, a pointer can be valid
for both, and the check always fails because access_ok() returns true.

Make the check for user space pointers conditional on the type of
address space layout.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 6a1c70de40b500e0eee32292572b9b8d01f334c3)
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>

diff --git a/lib/test_lockup.c b/lib/test_lockup.c
index 6a0f329a794a4787fc740f22c0acac5971821918..c3fd87d6c2dd0eafb5a4650da0cf35e7cce5c375 100644 (file)
--- a/lib/test_lockup.c
+++ b/lib/test_lockup.c
@@ -417,9 +417,14 @@ static bool test_kernel_ptr(unsigned long addr, int size)
                return false;
 
        /* should be at least readable kernel address */
-       if (access_ok((void __user *)ptr, 1) ||
-           access_ok((void __user *)ptr + size - 1, 1) ||
-           get_kernel_nofault(buf, ptr) ||
+       if (!IS_ENABLED(CONFIG_ALTERNATE_USER_ADDRESS_SPACE) &&
+           (access_ok((void __user *)ptr, 1) ||
+            access_ok((void __user *)ptr + size - 1, 1))) {
+               pr_err("user space ptr invalid in kernel: %#lx\n", addr);
+               return true;
+       }
+
+       if (get_kernel_nofault(buf, ptr) ||
            get_kernel_nofault(buf, ptr + size - 1)) {
                pr_err("invalid kernel ptr: %#lx\n", addr);
                return true;