Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp983629pxb;
        Wed, 6 Apr 2022 06:02:14 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwo1yK/2LTcMwAarvDOxLEV08PLQKHtqfb25lgb+djCd2wXqUJJzWH0cQ0PwmKxCRsM/VDA
X-Received: by 2002:a05:6602:2f01:b0:5ec:f99a:93a1 with SMTP id q1-20020a0566022f0100b005ecf99a93a1mr4017428iow.109.1649250134531;
        Wed, 06 Apr 2022 06:02:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649250134; cv=none;
        d=google.com; s=arc-20160816;
        b=IDl+iobWp3FjLjaV9tc8pKYfrNUFmrPpcTBbDAOzvUJhMRlzzWuDOvO48mbDywErrU
         moCerstNePfyOBN+Jby4krN8MG/us07oH3kpY80A8Lq5lmHg3Z2tRys7VpGQmAMzuz1O
         EF9BWe9OVt4NI7pfPkT6in6r+E0yT33FboHODq5csGnlwZ2ZQA3GaZp9hPqi0Z7eK3GP
         3cV5apxAUJmLx9Rq1CstO9p/HMjbbsHYp7u7d4WIrZRCF/3jfr7UsNWrsF9azcn5r6dR
         15CFGSoLeVs7mJ2oaHhi4XtsY0MpO4yOvM2A9g8OgO1q2cdlWeqLRsbY5cu1+93yyiwK
         Mbpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=i32cvF+uXcH70ecSr+vcY7/1z/bG0qfjK9ht8MTjuTI=;
        b=E8zVkZDvdPl8yFP9aU23sJZpxQ+GexlM0KCWhfAZT9hEtqlF3sL7ZtA/IWEtlU1Ogr
         CoOqNgj6Aw5uQBbowdrWouTC4VmdOmbpR4OCsXMIU3kj+rwUkAiw78WJySyF2crQZF+5
         RKUx5GVFQA7OTEZPh6Ku7mkZBHjQvnHufsAfrvZSxchq+O59KKQSksJMdoDqblcTiNcF
         8PS3Ee8MP45fiatgDAatgNX1igGaVu3ayqAHHeWdZqqMlQTOJBh4x4ew6QV99p8NUDiC
         56OyS/v6uBZy9zquZs3Fvt91DlyNtCc+NWKOmHlaTNJn1o3wBE4PhUd0Hxu6zAq5XulJ
         eIyw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1aZQWY2o;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id c7-20020a056e02058700b002ca4d6af585si3530779ils.24.2022.04.06.06.02.13
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 06 Apr 2022 06:02:14 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=1aZQWY2o;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 01C49652A2E;
	Wed,  6 Apr 2022 03:19:23 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1579493AbiDEXbW (ORCPT <rfc822;02joepater06@gmail.com>
        + 99 others); Tue, 5 Apr 2022 19:31:22 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35284 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S243445AbiDEKfe (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 5 Apr 2022 06:35:34 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B60013389D;
        Tue,  5 Apr 2022 03:20:37 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id 729A0B81C8A;
        Tue,  5 Apr 2022 10:20:36 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D5377C385A1;
        Tue,  5 Apr 2022 10:20:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1649154035;
        bh=u2Mr+BJrOZfvY5gcwdfQ0/mfeezzxarWxhXLWj6Mubc=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=1aZQWY2ol7rrqfhNUQzgTO1Bt2rza4uUJDDKclu9oxjZbA1bAFwm7wkTfp93kJAd3
         5WptFvvR7rNrOiinMspskrfWzJrL+B20nJpeqB8fNW4tPYm7JftnlqXicDPBn8UhMb
         y7EIWEI0h8+hpX7eRHhPEYGcXwzP/LsBY5RYVZTA=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        Daniel Thompson <daniel.thompson@linaro.org>,
        Douglas Anderson <dianders@chromium.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 434/599] kdb: Fix the putarea helper function
Date:   Tue,  5 Apr 2022 09:32:08 +0200
Message-Id: <20220405070311.747206996@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220405070258.802373272@linuxfoundation.org>
References: <20220405070258.802373272@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Daniel Thompson <daniel.thompson@linaro.org>

[ Upstream commit c1cb81429df462eca1b6ba615cddd21dd3103c46 ]

Currently kdb_putarea_size() uses copy_from_kernel_nofault() to write *to*
arbitrary kernel memory. This is obviously wrong and means the memory
modify ('mm') command is a serious risk to debugger stability: if we poke
to a bad address we'll double-fault and lose our debug session.

Fix this the (very) obvious way.

Note that there are two Fixes: tags because the API was renamed and this
patch will only trivially backport as far as the rename (and this is
probably enough). Nevertheless Christoph's rename did not introduce this
problem so I wanted to record that!

Fixes: fe557319aa06 ("maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault")
Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)")
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Link: https://lore.kernel.org/r/20220128144055.207267-1-daniel.thompson@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/debug/kdb/kdb_support.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/debug/kdb/kdb_support.c b/kernel/debug/kdb/kdb_support.c
index 6226502ce049..13417f0045f0 100644
--- a/kernel/debug/kdb/kdb_support.c
+++ b/kernel/debug/kdb/kdb_support.c
@@ -350,7 +350,7 @@ int kdb_getarea_size(void *res, unsigned long addr, size_t size)
  */
 int kdb_putarea_size(unsigned long addr, void *res, size_t size)
 {
-	int ret = copy_from_kernel_nofault((char *)addr, (char *)res, size);
+	int ret = copy_to_kernel_nofault((char *)addr, (char *)res, size);
 	if (ret) {
 		if (!KDB_STATE(SUPPRESS)) {
 			kdb_printf("kdb_putarea: Bad address 0x%lx\n", addr);
-- 
2.34.1