maccess: Fix writing offset in case of fault in strncpy_from_kernel_nofault()

stable inclusion
from stable-v5.10.156
commit db744288af730abb66312f40b087d1dbf794c5f4
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7MCG1

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=db744288af730abb66312f40b087d1dbf794c5f4

--------------------------------

commit 8678ea06 upstream.

If a page fault occurs while copying the first byte, this function resets one
byte before dst.
As a consequence, an address could be modified and leaded to kernel crashes if
case the modified address was accessed later.

Fixes: b58294ea ("maccess: allow architectures to provide kernel probing directly")
Signed-off-by: NAlban Crequy <albancrequy@linux.microsoft.com>
Signed-off-by: NAndrii Nakryiko <andrii@kernel.org>
Tested-by: NFrancis Laniel <flaniel@linux.microsoft.com>
Reviewed-by: NAndrew Morton <akpm@linux-foundation.org>
Cc: <stable@vger.kernel.org> [5.8]
Link: https://lore.kernel.org/bpf/20221110085614.111213-2-albancrequy@linux.microsoft.comSigned-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Nsanglipeng <sanglipeng1@jd.com>
(cherry picked from commit 67efa5f7)

mm/maccess.c

@@ -83,7 +83,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count)
 	return src - unsafe_addr;
 Efault:
 	pagefault_enable();
-	dst[-1] = '\0';
+	dst[0] = '\0';
 	return -EFAULT;
 }
 #else /* HAVE_GET_KERNEL_NOFAULT */