breeze/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-01-25 15:03:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'probes-fixes-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Browse Source 
Pull fprobe fix from Masami Hiramatsu:

 - allocate entry_data_size buffer for each rethook instance.

   This fixes a buffer overrun bug (which leads a kernel crash)
   when fprobe user uses its entry_data in the entry_handler.

* tag 'probes-fixes-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  fprobe: Fix to allocate entry_data_size buffer with rethook instances
This commit is contained in:
Linus Torvalds
2024-03-01 11:17:23 -08:00
parent 2f03fc340c 6572786006
commit 161671a6eb
1 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
kernel/trace/fprobe.c
View File

@@ -189,9 +189,6 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
{
int size;
if (num <= 0)
return -EINVAL;
if (!fp->exit_handler) {
fp->rethook = NULL;
return 0;
@@ -199,15 +196,16 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
/* Initialize rethook if needed */
if (fp->nr_maxactive)
size = fp->nr_maxactive;
num = fp->nr_maxactive;
else
size = num * num_possible_cpus() * 2;
if (size <= 0)
num *= num_possible_cpus() * 2;
if (num <= 0)
return -EINVAL;
size = sizeof(struct fprobe_rethook_node) + fp->entry_data_size;
/* Initialize rethook */
fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler,
sizeof(struct fprobe_rethook_node), size);
fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler, size, num);
if (IS_ERR(fp->rethook))
return PTR_ERR(fp->rethook);