From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 13 May 2018 20:35:59 +0000 (+0200)
Subject: 3.18-stable patches
X-Git-Tag: v3.18.109~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b9632a62dbc0d9b7c315ad1e7f98b17b3184534a;p=thirdparty%2Fkernel%2Fstable-queue.git

3.18-stable patches

added patches:
	tracing-uprobe_event-fix-strncpy-corner-case.patch
---

diff --git a/queue-3.18/series b/queue-3.18/series
index 852a54324e4..9a525324f80 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -20,3 +20,4 @@ rfkill-gpio-fix-memory-leak-in-probe-error-path.patch
 libata-apply-nolpm-quirk-for-sandisk-sd7ub3q-g1001-ssds.patch
 tracing-fix-regex_match_front-to-not-over-compare-the-test-string.patch
 can-kvaser_usb-increase-correct-stats-counter-in-kvaser_usb_rx_can_msg.patch
+tracing-uprobe_event-fix-strncpy-corner-case.patch
diff --git a/queue-3.18/tracing-uprobe_event-fix-strncpy-corner-case.patch b/queue-3.18/tracing-uprobe_event-fix-strncpy-corner-case.patch
new file mode 100644
index 00000000000..eebfe19a741
--- /dev/null
+++ b/queue-3.18/tracing-uprobe_event-fix-strncpy-corner-case.patch
@@ -0,0 +1,41 @@
+From 50268a3d266ecfdd6c5873d62b2758d9732fc598 Mon Sep 17 00:00:00 2001
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Tue, 10 Apr 2018 21:20:08 +0900
+Subject: tracing/uprobe_event: Fix strncpy corner case
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Masami Hiramatsu <mhiramat@kernel.org>
+
+commit 50268a3d266ecfdd6c5873d62b2758d9732fc598 upstream.
+
+Fix string fetch function to terminate with NUL.
+It is OK to drop the rest of string.
+
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Song Liu <songliubraving@fb.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: security@kernel.org
+Cc: 范龙飞 <long7573@126.com>
+Fixes: 5baaa59ef09e ("tracing/probes: Implement 'memory' fetch method for uprobes")
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace_uprobe.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/trace/trace_uprobe.c
++++ b/kernel/trace/trace_uprobe.c
+@@ -149,6 +149,8 @@ static void FETCH_FUNC_NAME(memory, stri
+ 		return;
+ 
+ 	ret = strncpy_from_user(dst, src, maxlen);
++	if (ret == maxlen)
++		dst[--ret] = '\0';
+ 
+ 	if (ret < 0) {	/* Failed to fetch string */
+ 		((u8 *)get_rloc_data(dest))[0] = '\0';