audit_log_execve_info() is directly reading memory from a user mapping. The access is entirely driven by the kernel, not by userspace, so a user pointer has to be created manually from the address of the arguments region (mm->arg_start). Using uaddr_to_user_ptr_safe() is the appropriate way to create a user pointer in this case.
Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com --- kernel/auditsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 9f8c05228d6d..a136fb44180c 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1129,7 +1129,7 @@ static void audit_log_execve_info(struct audit_context *context, unsigned int arg; char *buf_head; char *buf; - const char __user *p = (const char __user *)current->mm->arg_start; + const char __user *p = uaddr_to_user_ptr_safe(current->mm->arg_start);
/* NOTE: this buffer needs to be large enough to hold all the non-arg * data we put in the audit record for this argument (see the