From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 5 Apr 2022 06:03:20 +0000 (+0200)
Subject: 5.15-stable patches
X-Git-Tag: v5.17.2~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=86de28815714490bee4db7960363b3d5f81be279;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	coredump-remove-the-warn_on-in-dump_vma_snapshot.patch
---

diff --git a/queue-5.15/coredump-remove-the-warn_on-in-dump_vma_snapshot.patch b/queue-5.15/coredump-remove-the-warn_on-in-dump_vma_snapshot.patch
new file mode 100644
index 00000000000..79539ae35f6
--- /dev/null
+++ b/queue-5.15/coredump-remove-the-warn_on-in-dump_vma_snapshot.patch
@@ -0,0 +1,40 @@
+From 49c1866348f364478a0c4d3dd13fd08bb82d3a5b Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Tue, 8 Mar 2022 13:01:19 -0600
+Subject: coredump: Remove the WARN_ON in dump_vma_snapshot
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit 49c1866348f364478a0c4d3dd13fd08bb82d3a5b upstream.
+
+The condition is impossible and to the best of my knowledge has never
+triggered.
+
+We are in deep trouble if that conditions happens and we walk past
+the end of our allocated array.
+
+So delete the WARN_ON and the code that makes it look like the kernel
+can handle the case of walking past the end of it's vma_meta array.
+
+Reviewed-by: Jann Horn <jannh@google.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/coredump.c |    5 -----
+ 1 file changed, 5 deletions(-)
+
+--- a/fs/coredump.c
++++ b/fs/coredump.c
+@@ -1146,11 +1146,6 @@ int dump_vma_snapshot(struct coredump_pa
+ 
+ 	mmap_write_unlock(mm);
+ 
+-	if (WARN_ON(i != *vma_count)) {
+-		kvfree(*vma_meta);
+-		return -EFAULT;
+-	}
+-
+ 	for (i = 0; i < *vma_count; i++) {
+ 		struct core_vma_metadata *m = (*vma_meta) + i;
+ 
diff --git a/queue-5.15/series b/queue-5.15/series
index 761dbb74d8f..b0e7be6deb7 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -907,3 +907,4 @@ iommu-dma-fold-_swiotlb-helpers-into-callers.patch
 iommu-dma-check-config_swiotlb-more-broadly.patch
 swiotlb-support-aligned-swiotlb-buffers.patch
 iommu-dma-account-for-min_align_mask-w-swiotlb.patch
+coredump-remove-the-warn_on-in-dump_vma_snapshot.patch