Re: [RFC PATCH v1 1/2] maccess: fix writing offset in case of fault in strncpy_from_kernel_nofault()

8 Nov 2022


      On Tue,  8 Nov 2022 20:52:06 +0100 Francis Laniel flaniel@linux.microsoft.com wrote:
...
From: Alban Crequy albancrequy@microsoft.com
If a page fault occurs while copying the first byte, this function resets one
byte before dst.
As a consequence, an address could be modified and leaded to kernel crashes if
case the modified address was accessed later.
Signed-off-by: Alban Crequy albancrequy@microsoft.com
Tested-by: Francis Laniel flaniel@linux.microsoft.com
Reviewed-by: Andrew Morton akpm@linux-foundation.org
Please merge via the bpf tree.
This looks potentially nasty.  Fortunately only tracing code uses it,
but I'm thinking it should have cc:stable and a Fixes:?

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [RFC PATCH v1 1/2] maccess: fix writing offset in case of fault in strncpy_from_kernel_nofault()