dump_vma_snapshot() is directly reading memory from a user mapping. The access is entirely driven by the kernel, not by userspace, so a user pointer has to be created manually from the computed address. Using uaddr_to_user_ptr_safe() is the appropriate way to create a user pointer in this case.
Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com --- fs/coredump.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/coredump.c b/fs/coredump.c index 7bad7785e8e6..90009027a8af 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -1182,7 +1182,7 @@ static bool dump_vma_snapshot(struct coredump_params *cprm) if (m->dump_size == DUMP_SIZE_MAYBE_ELFHDR_PLACEHOLDER) { char elfmag[SELFMAG];
- if (copy_from_user(elfmag, (void __user *)m->start, SELFMAG) || + if (copy_from_user(elfmag, uaddr_to_user_ptr_safe(m->start), SELFMAG) || memcmp(elfmag, ELFMAG, SELFMAG) != 0) { m->dump_size = 0; } else {