--- /dev/null
+From 49c1866348f364478a0c4d3dd13fd08bb82d3a5b Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Tue, 8 Mar 2022 13:01:19 -0600
+Subject: coredump: Remove the WARN_ON in dump_vma_snapshot
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit 49c1866348f364478a0c4d3dd13fd08bb82d3a5b upstream.
+
+The condition is impossible and to the best of my knowledge has never
+triggered.
+
+We are in deep trouble if that conditions happens and we walk past
+the end of our allocated array.
+
+So delete the WARN_ON and the code that makes it look like the kernel
+can handle the case of walking past the end of it's vma_meta array.
+
+Reviewed-by: Jann Horn <jannh@google.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/coredump.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+--- a/fs/coredump.c
++++ b/fs/coredump.c
+@@ -1123,11 +1123,6 @@ int dump_vma_snapshot(struct coredump_pa
+
+ mmap_write_unlock(mm);
+
+- if (WARN_ON(i != *vma_count)) {
+- kvfree(*vma_meta);
+- return -EFAULT;
+- }
+-
+ for (i = 0; i < *vma_count; i++) {
+ struct core_vma_metadata *m = (*vma_meta) + i;
+
kvm-x86-mmu-do-compare-and-exchange-of-gpte-via-the-user-address.patch
can-m_can-m_can_tx_handler-fix-use-after-free-of-skb.patch
can-usb_8dev-usb_8dev_start_xmit-fix-double-dev_kfree_skb-in-error-path.patch
+coredump-remove-the-warn_on-in-dump_vma_snapshot.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
