Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp893036pxb; Wed, 6 Apr 2022 03:28:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZvGdU4wIZefF5rnQCereQBNDZfAosDDbx5r232dajNtvfUY5VpxWREayDVpA3/2Z5VxxT X-Received: by 2002:a63:5522:0:b0:398:f8a1:c8bd with SMTP id j34-20020a635522000000b00398f8a1c8bdmr6481746pgb.118.1649240884594; Wed, 06 Apr 2022 03:28:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649240884; cv=none; d=google.com; s=arc-20160816; b=jVtjJQOO9soXzw89LV17wi9OClAIKP5ykCLznwU6yU+pG70lrkIdiRGfkm5+jNMhHl QnieN3vYZ5mb2NEPgkLUlUrGFXUPIIu4mrQnP5UbKjZx88RceDzO1s2/cgxag+SV405Q tTJKEW+UvMoum292Y7AfMZVpImfvuFKlZKQsReMPLlyvKF7IvO05r6J2N9OWIK9nrbC7 650q/kvtDw0BPXM9iU3ejbctQyzTkWjfFzlzgHMY8MOsYyboGgkgRpdJz7yDJp76EbFM uXoBfF1StCLh1kYyYnyN+uIvzjxURpQTIWanR4tokkM3+mR4bQhv8zxy0GkOvSTqrBqa 55WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=7ttKqKizvpzmbmGSxxXZ20bC0AhU8hWlpsx6M/4REUU=; b=RJi5ddwhfZPnuRh0r572pvHzV5TXdq1bWiDjvXoTZBm3zYm2276D7/Fr+E8nXXc+r/ r9Pw3aciG/3baNefaSDIdgwEmOqIkwm+JItXJpD+oHm0wolr9L5bCMe6izDDG6pyiUCz TIwLZHaEnGMFnj0GF7lPZVXEVEtekqRFvsVeu4CMTZ8yS2HO1jtyOb9CjJTfdhnpGxTy 2AIO3s7Oo8V8ZJ5PgIsvzA+kMWtoQjMt9gcLJRGyAunm6oWui7ef6GB4YDhqIkW7V+57 gJdAJ3+Fy1X9LuuKuyiuMACcxENSBTlEkpOB93vYKMM8x52B4KvkH48KwfunZaA1vH9t 4ANw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hwx3qXTW; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id e16-20020a170902ef5000b00153b2d16535si14819699plx.317.2022.04.06.03.28.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 03:28:04 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=hwx3qXTW; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id B5F734C169E; Wed, 6 Apr 2022 01:50:12 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1389325AbiDEV7S (ORCPT + 99 others); Tue, 5 Apr 2022 17:59:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349554AbiDEJuP (ORCPT ); Tue, 5 Apr 2022 05:50:15 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CDA389B; Tue, 5 Apr 2022 02:48:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 8C220B818F3; Tue, 5 Apr 2022 09:48:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 05763C385A2; Tue, 5 Apr 2022 09:48:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1649152095; bh=xc5tT771KBxay9UwO9nhcapUuxOWzNj8GgPN+OHumyg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hwx3qXTWwKb04BYfesn1bHmSSwkxxs/KYdGmuC0r94HDY87Of9VY9ucpsXJKslpf1 EmHwOh8mepmkWiVRQrBbPdkZ1oLZasmmlV5UhrxSpTovCA7KS0vr7bwc8msQ5Sfl5q 2FFlcSA3ezPC6WfFqFI/1RXFSc4NscUnyxpDOBe4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Daniel Thompson , Douglas Anderson , Sasha Levin Subject: [PATCH 5.15 652/913] kdb: Fix the putarea helper function Date: Tue, 5 Apr 2022 09:28:34 +0200 Message-Id: <20220405070359.382969619@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220405070339.801210740@linuxfoundation.org> References: <20220405070339.801210740@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Daniel Thompson [ Upstream commit c1cb81429df462eca1b6ba615cddd21dd3103c46 ] Currently kdb_putarea_size() uses copy_from_kernel_nofault() to write *to* arbitrary kernel memory. This is obviously wrong and means the memory modify ('mm') command is a serious risk to debugger stability: if we poke to a bad address we'll double-fault and lose our debug session. Fix this the (very) obvious way. Note that there are two Fixes: tags because the API was renamed and this patch will only trivially backport as far as the rename (and this is probably enough). Nevertheless Christoph's rename did not introduce this problem so I wanted to record that! Fixes: fe557319aa06 ("maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault") Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)") Signed-off-by: Daniel Thompson Reviewed-by: Douglas Anderson Link: https://lore.kernel.org/r/20220128144055.207267-1-daniel.thompson@linaro.org Signed-off-by: Sasha Levin --- kernel/debug/kdb/kdb_support.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/debug/kdb/kdb_support.c b/kernel/debug/kdb/kdb_support.c index df2bface866e..85cb51c4a17e 100644 --- a/kernel/debug/kdb/kdb_support.c +++ b/kernel/debug/kdb/kdb_support.c @@ -291,7 +291,7 @@ int kdb_getarea_size(void *res, unsigned long addr, size_t size) */ int kdb_putarea_size(unsigned long addr, void *res, size_t size) { - int ret = copy_from_kernel_nofault((char *)addr, (char *)res, size); + int ret = copy_to_kernel_nofault((char *)addr, (char *)res, size); if (ret) { if (!KDB_STATE(SUPPRESS)) { kdb_func_printf("Bad address 0x%lx\n", addr); -- 2.34.1