From: Zheng Yejian zhengyejian1@huawei.com
hulk inclusion category: bugfix bugzilla: 186253, https://gitee.com/openeuler/kernel/issues/I4TYA9 CVE: NA
-----------------------------------------------
Refer to following codes, 'strncpy' would stop copying if Null character encountered. For example, when 'code' is "53 be 00 0a 05", 'old_code' would be "53 be 00 00 00". > 276 static unsigned char *klp_old_code(unsigned char *code) > 277 { > 278 static union klp_code_union old_code; > 279 > 280 strncpy(old_code.code, code, JMP_E9_INSN_SIZE); > 281 return old_code.code; > 282 }
As a result, the instructions cannot be restored completely, and the system becomes abnormal.
Fixes: 7e2ab91ea076 ("livepatch/x86: support livepatch without ftrace") Signed-off-by: Zheng Yejian zhengyejian1@huawei.com Reviewed-by: Kuohai Xu xukuohai@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- arch/x86/kernel/livepatch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/livepatch.c b/arch/x86/kernel/livepatch.c index 0e118adf14087..785bba03b77fa 100644 --- a/arch/x86/kernel/livepatch.c +++ b/arch/x86/kernel/livepatch.c @@ -277,7 +277,7 @@ static unsigned char *klp_old_code(unsigned char *code) { static union klp_code_union old_code;
- strncpy(old_code.code, code, JMP_E9_INSN_SIZE); + memcpy(old_code.code, code, JMP_E9_INSN_SIZE); return old_code.code; }