bad_io_uring icon indicating copy to clipboard operation
bad_io_uring copied to clipboard
verified publisher icon Markakd

FIONREAD pipe 1 is 1

Open Ko-Hi-Dev opened this issue 2 years ago • 4 comments

Device: Vivo Model: X80 Pro Security Patch: [ro.build.version.security_patch]: [2022-08-01] [ro.vendor.build.security_patch]: [2021-12-05] Kernel Matches: Yes

Error Message:

whats been modified:

init_task init_cred _buf_ops

to vivo values extracted kallsyms from vivo device

PD2186:/data/local/tmp $ rm -rf vivo_shrinker PD2186:/data/local/tmp $ ./exp vivo.kallsyms
got 0xffffffc0101b219c for commit_creds got 0xffffffc012400068 for anon_pipe_buf_ops got 0xffffffc012aebfc0 for init_task got 0xffffffc012b00780 for init_cred got 0xffffffc012ebcbf0 for selinux_state global data at 0x777e4cb000, buffer at 0x777d202000 preparing... [] STAGE 1: defragmentation [] STAGE 2: trigger the bug [] STAGE 3: free the cache [] STAGE 4: reclaim the page FIONREAD pipe 1 is 1 failed, please retry

Ko-Hi-Dev avatar Aug 16 '23 16:08 Ko-Hi-Dev

If the exp keeps showing this message and the kernel does not crash, it means the kernel is patched XD

Markakd avatar Aug 17 '23 20:08 Markakd

If the exp keeps showing this message and the kernel does not crash, it means the kernel is patched XD

That seems very unlikely? Since this was patched in October? Maybe mediatek isn't vulnerable? Or they got it patched early?

Judging by the

ro.build.version.security_patch]: [2022-08-01] [ro.vendor.build.security_patch]: [2021-12-05

It really shouldn't, unless OEM got the patch early?

Ko-Hi-Dev avatar Aug 17 '23 21:08 Ko-Hi-Dev

Not quite sure, upstream patched this bug in Aug last year

Markakd avatar Aug 18 '23 21:08 Markakd

Not quite sure, upstream patched this bug in Aug last year

Ah okay I see , I get segmentation fault when running so might be patched.

Ko-Hi-Dev avatar Aug 19 '23 14:08 Ko-Hi-Dev