Unverified Commit 3f736df9 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!9227 kprobes: Fix possible use-after-free issue on kprobe registration 

Merge Pull Request from: @ci-robot 
 
PR sync from: Chen Zhongjin <chenzhongjin@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/KTJC6P3S2A2RV25VNF3GU4DDFFFDVK4F/ 
 
https://gitee.com/src-openeuler/kernel/issues/I9QRI5 
 
Link:https://gitee.com/openeuler/kernel/pulls/9227

 

Reviewed-by: default avatarLiu YongQiang <liuyongqiang13@huawei.com>
Reviewed-by: default avatarYe Weihua <yeweihua4@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parents ba32a8e0 46e99ca0

kernel/kprobes.c

+12 −5
Original line number Diff line number Diff line
@@ -1564,9 +1564,17 @@ static int check_kprobe_address_safe(struct kprobe *p, 
	jump_label_lock();

	preempt_disable();



	/* Ensure it is not in reserved area nor out of text */

	if (!(core_kernel_text((unsigned long) p->addr) ||

	    is_module_text_address((unsigned long) p->addr)) ||

	/* Ensure the address is in a text area, and find a module if exists. */

	*probed_mod = NULL;

	if (!core_kernel_text((unsigned long) p->addr)) {

		*probed_mod = __module_text_address((unsigned long) p->addr);

		if (!(*probed_mod)) {

			ret = -EINVAL;

			goto out;

		}

	}

	/* Ensure it is not in reserved area. */

	if (in_gate_area_no_mm((unsigned long) p->addr) ||

	    within_kprobe_blacklist((unsigned long) p->addr) ||

	    jump_label_text_reserved(p->addr, p->addr) ||

	    find_bug((unsigned long)p->addr)) {
@@ -1574,8 +1582,7 @@ static int check_kprobe_address_safe(struct kprobe *p, 
		goto out;

	}



	/* Check if are we probing a module */

	*probed_mod = __module_text_address((unsigned long) p->addr);

	/* Get module refcount and reject __init functions for loaded modules. */

	if (*probed_mod) {

		/*

		 * We must hold a refcount of the probed module while updating