From: Zheng Yejian zhengyejian1@huawei.com
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4UAQ1
--------------------------------
Refer to following codes, 'strncpy' would stop copying if Null character encountered. For example, when 'code' is "53 be 00 0a 05", 'old_code' would be "53 be 00 00 00".
396 static void *klp_old_code(unsigned char *code) 397 { 398 static unsigned char old_code[JMP_E9_INSN_SIZE]; 399 400 strncpy(old_code, code, JMP_E9_INSN_SIZE); 401 return old_code; 402 }
As a result, the instructions cannot be restored completely, and the system becomes abnormal.
Fixes: f5a6746743d8 ("livepatch/x86: support livepatch without ftrace") Suggested-by: Xu Kuohai xukuohai@huawei.com Signed-off-by: Zheng Yejian zhengyejian1@huawei.com Reviewed-by: Kuohai Xu xukuohai@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- arch/x86/kernel/livepatch.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/arch/x86/kernel/livepatch.c b/arch/x86/kernel/livepatch.c index b3e891efa113..2a541c7de167 100644 --- a/arch/x86/kernel/livepatch.c +++ b/arch/x86/kernel/livepatch.c @@ -367,14 +367,6 @@ static void *klp_jmp_code(unsigned long ip, unsigned long addr) return text_gen_insn(JMP32_INSN_OPCODE, (void *)ip, (void *)addr); }
-static void *klp_old_code(unsigned char *code) -{ - static unsigned char old_code[JMP_E9_INSN_SIZE]; - - strncpy(old_code, code, JMP_E9_INSN_SIZE); - return old_code; -} - void arch_klp_code_modify_prepare(void) __acquires(&text_mutex) { @@ -422,7 +414,7 @@ void arch_klp_unpatch_func(struct klp_func *func) ip = (unsigned long)func_node->old_func; if (list_is_singular(&func_node->func_stack)) { list_del_rcu(&func->stack_node); - new = klp_old_code(func_node->arch_data.old_code); + new = func_node->arch_data.old_code; } else { list_del_rcu(&func->stack_node); next_func = list_first_or_null_rcu(&func_node->func_stack,