From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D44BC433FE for ; Wed, 9 Nov 2022 11:04:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230179AbiKILEf (ORCPT ); Wed, 9 Nov 2022 06:04:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229714AbiKILEc (ORCPT ); Wed, 9 Nov 2022 06:04:32 -0500 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 909B7644C; Wed, 9 Nov 2022 03:04:30 -0800 (PST) Received: from pwmachine.localnet (85-170-25-210.rev.numericable.fr [85.170.25.210]) by linux.microsoft.com (Postfix) with ESMTPSA id E10EA20B929F; Wed, 9 Nov 2022 03:04:26 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com E10EA20B929F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1667991870; bh=xjS3RSgFinUTnn09YzQPAUOcc5Q2nF9iD2L4KzdBxww=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gf/R1SCtcGFF4CgzLlMsIc28oU4/5u8K8PB3INvwTTeVUNeluS7YQDzb7WkVZBGXM aTE3sOLwkcICATx7N4IcHvqtFxt3hZH5a9ZuqjcrhWmR/tnPzX5NnDMaAnbb243Fdt a+TEzsT3R21bijzQv3l8DC5BsrleqV8rqMp/comQ= From: Francis Laniel To: Andrew Morton Cc: linux-kernel@vger.kernel.org, Alban Crequy , Alban Crequy , Andrii Nakryiko , Mykola Lysenko , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Shuah Khan , linux-mm@kvack.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: Re: [RFC PATCH v1 1/2] maccess: fix writing offset in case of fault in strncpy_from_kernel_nofault() Date: Wed, 09 Nov 2022 12:04:24 +0100 Message-ID: <2655397.mvXUDI8C0e@pwmachine> In-Reply-To: <20221108130551.85ad67b402582e3855418294@linux-foundation.org> References: <20221108195211.214025-1-flaniel@linux.microsoft.com> <20221108195211.214025-2-flaniel@linux.microsoft.com> <20221108130551.85ad67b402582e3855418294@linux-foundation.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi. Le mardi 8 novembre 2022, 22:05:51 CET Andrew Morton a =E9crit : > On Tue, 8 Nov 2022 20:52:06 +0100 Francis Laniel=20 wrote: > > From: Alban Crequy > >=20 > > If a page fault occurs while copying the first byte, this function rese= ts > > one byte before dst. > > As a consequence, an address could be modified and leaded to kernel > > crashes if case the modified address was accessed later. > >=20 > > Signed-off-by: Alban Crequy > > Tested-by: Francis Laniel >=20 > Reviewed-by: Andrew Morton >=20 > Please merge via the bpf tree. >=20 > This looks potentially nasty. Fortunately only tracing code uses it, > but I'm thinking it should have cc:stable and a Fixes:? Thank you for the review! Sorry, I thought to add stable list but forgot to add it when sending the=20 series... I will sent a v2 with your review and without rfc tag to, among others,=20 stable.