kprobes: Forbid probing on trampoline and BPF code areas
stable inclusion from stable-v5.10.137 commit 2a49b025c36ae749cee7ccc4b7e456e02539cdc3 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I60PLB Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2a49b025c36ae749cee7ccc4b7e456e02539cdc3 -------------------------------- [ Upstream commit 28f6c37a ] kernel_text_address() treats ftrace_trampoline, kprobe_insn_slot and bpf_text_address as valid kprobe addresses - which is not ideal. These text areas are removable and changeable without any notification to kprobes, and probing on them can trigger unexpected behavior: https://lkml.org/lkml/2022/7/26/1148 Considering that jump_label and static_call text are already forbiden to probe, kernel_text_address() should be replaced with core_kernel_text() and is_module_text_address() to check other text areas which are unsafe to kprobe. [ mingo: Rewrote the changelog. ] Fixes: 5b485629 ("kprobes, extable: Identify kprobes trampolines as kernel text area") Fixes: 74451e66 ("bpf: make jited programs visible in traces") Signed-off-by:Chen Zhongjin <chenzhongjin@huawei.com> Signed-off-by:
Loading
Please sign in to comment