Probes fixes for v6.8-rc5:
- fprobe: Fix to allocate entry_data_size buffer for each rethook instance. This fixes a buffer overrun bug (which leads a kernel crash) when fprobe user uses its entry_data in the entry_handler. -----BEGIN PGP SIGNATURE----- iQFPBAABCgA5FiEEh7BulGwFlgAOi5DV2/sHvwUrPxsFAmXhIPgbHG1hc2FtaS5o aXJhbWF0c3VAZ21haWwuY29tAAoJENv7B78FKz8bhwIH/1h5q2ZqNwNplDGVQpWU G1uuRHLlt47jwbGR3gfeYqVELtX0gFigBsmVouCKK3u3qerB1pDscYhULzKeHjS4 1HAsonj+vKY2pbdCaRnxRT7ejlEioN8CwPb1eqY6Bf6XQ2tJqS5gUqdej8JDJuY5 tpNAhHWqAnRvf1V5muclGAIU+9zavrAjbetpgrPEDIjE5idFvN+6D+4PXiM1cRIW KXW1oA7VlShdfY7xprSZ33Lx7C/dLWojM2P/z/BvqyXOf4f1ovqtGFJegW4n7V5b ZgamgOcSBwFLTVOTpOzn0peucduLFTfEWyC7fFGkHjBxTl2JypsQLEupdoaWLvBB el4= =bUgZ -----END PGP SIGNATURE----- Merge tag 'probes-fixes-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace Pull fprobe fix from Masami Hiramatsu: - allocate entry_data_size buffer for each rethook instance. This fixes a buffer overrun bug (which leads a kernel crash) when fprobe user uses its entry_data in the entry_handler. * tag 'probes-fixes-v6.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: fprobe: Fix to allocate entry_data_size buffer with rethook instances
This commit is contained in:
commit
161671a6eb
@ -189,9 +189,6 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
|
||||
{
|
||||
int size;
|
||||
|
||||
if (num <= 0)
|
||||
return -EINVAL;
|
||||
|
||||
if (!fp->exit_handler) {
|
||||
fp->rethook = NULL;
|
||||
return 0;
|
||||
@ -199,15 +196,16 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
|
||||
|
||||
/* Initialize rethook if needed */
|
||||
if (fp->nr_maxactive)
|
||||
size = fp->nr_maxactive;
|
||||
num = fp->nr_maxactive;
|
||||
else
|
||||
size = num * num_possible_cpus() * 2;
|
||||
if (size <= 0)
|
||||
num *= num_possible_cpus() * 2;
|
||||
if (num <= 0)
|
||||
return -EINVAL;
|
||||
|
||||
size = sizeof(struct fprobe_rethook_node) + fp->entry_data_size;
|
||||
|
||||
/* Initialize rethook */
|
||||
fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler,
|
||||
sizeof(struct fprobe_rethook_node), size);
|
||||
fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler, size, num);
|
||||
if (IS_ERR(fp->rethook))
|
||||
return PTR_ERR(fp->rethook);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user