Bug 198641

Summary: .fixup eror and crash
Product: IO/Storage Reporter: Jesse Stone (fatalfeel)
Component: OtherAssignee: io_other
Status: NEW ---    
Severity: high CC: fatalfeel
Priority: P1    
Hardware: ARM   
OS: Linux   
Kernel Version: 4.1 and 4.1 after Subsystem:
Regression: No Bisected commit-id:
Attachments: arg=0 crash and no .fixup

Description Jesse Stone 2018-02-02 07:59:29 UTC 
Created attachment 273969 [details]
arg=0 crash and no .fixup

use sock can api will crash in kernel 

my poset here~ 
https://community.nxp.com/thread/464833

my fix way here~
1.
~myandroid/kernel_imx/arch/arm/include/asm/uaccess.h
static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
{
    if (access_ok(VERIFY_READ, from, n))
    {
        /*** begin: issue #: avoid arg crash in copy_from_user ***/
        if ( from )
            n = __copy_from_user(to, from, n);
        /*** end: issue #: avoid arg crash in copy_from_user ***/
    }
    else /* security hole - plug it */
    {
        memset(to, 0, n);
    }

    return n;
}

2.
~myandroid/kernel_imx/arch/arm/lib/copy_from_user.S
ENDPROC(__copy_from_user)
    /*** begin: issue #5404: socket can ***/
    /*.pushsection .fixup,"ax"*/
    .pushsection .text.fixup,"ax"
    /*** end: issue #5404 ***/
    .align 0
    copy_abort_preamble
    ldmfd    sp!, {r1, r2}
    sub    r3, r0, r1
    rsb    r1, r3, r2
    str    r1, [sp]
    bl    __memzero
    ldr    r0, [sp], #4
    copy_abort_end
    .popsection

3.
~myandroid/kernel_imx/drivers/scsi/mac_scsi.c
search all .fixup
change to
.text.fixup
Comment 1 Jesse Stone 2019-03-02 09:01:22 UTC 
the same issue here
https://bbs.csdn.net/topics/370250542