|
in kernel linux and android bug will crash as this https://community.nxp.com/thread/464833
modify here
1.
~myandroid/kernel_imx/arch/arm/include/asm/uaccess.h
static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
{
if (access_ok(VERIFY_READ, from, n))
{
/*** begin: issue #: avoid arg crash in copy_from_user ***/
if ( from )
n = __copy_from_user(to, from, n);
/*** end: issue #: avoid arg crash in copy_from_user ***/
}
else /* security hole - plug it */
{
memset(to, 0, n);
}
return n;
}
2.
~myandroid/kernel_imx/arch/arm/lib/copy_from_user.S
ENDPROC(__copy_from_user)
/*** begin: issue #5404: socket can ***/
/*.pushsection .fixup,"ax"*/
.pushsection .text.fixup,"ax"
/*** end: issue #5404 ***/
.align 0
copy_abort_preamble
ldmfd sp!, {r1, r2}
sub r3, r0, r1
rsb r1, r3, r2
str r1, [sp]
bl __memzero
ldr r0, [sp], #4
copy_abort_end
.popsection
3.
~myandroid/kernel_imx/drivers/scsi/mac_scsi.c
search all .fixup
change to
.text.fixup
https://bugzilla.kernel.org/show_bug.cgi?id=198641
https://issuetracker.google.com/issues/71959823
I fire bug to them... you can modify this code too |
|