Re: [RFC PATCH v1 1/2] maccess: fix writing offset in case of fault in strncpy_from_kernel_nofault()
From: Francis Laniel
Date: Wed Nov 09 2022 - 06:04:37 EST
Hi.
Le mardi 8 novembre 2022, 22:05:51 CET Andrew Morton a écrit :
> On Tue, 8 Nov 2022 20:52:06 +0100 Francis Laniel
<flaniel@xxxxxxxxxxxxxxxxxxx> wrote:
> > From: Alban Crequy <albancrequy@xxxxxxxxxxxxx>
> >
> > If a page fault occurs while copying the first byte, this function resets
> > one byte before dst.
> > As a consequence, an address could be modified and leaded to kernel
> > crashes if case the modified address was accessed later.
> >
> > Signed-off-by: Alban Crequy <albancrequy@xxxxxxxxxxxxx>
> > Tested-by: Francis Laniel <flaniel@xxxxxxxxxxxxxxxxxxx>
>
> Reviewed-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
>
> Please merge via the bpf tree.
>
> This looks potentially nasty. Fortunately only tracing code uses it,
> but I'm thinking it should have cc:stable and a Fixes:?
Thank you for the review!
Sorry, I thought to add stable list but forgot to add it when sending the
series...
I will sent a v2 with your review and without rfc tag to, among others,
stable.