iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/kernel
History
Masami Hiramatsu 2117fbc35a kprobes: Limit max data_size of the kretprobe instances 
commit 6bbfa44116689469267f1a6e3d233b52114139d2 upstream.

The 'kprobe::data_size' is unsigned, thus it can not be negative.  But if
user sets it enough big number (e.g. (size_t)-8), the result of 'data_size
+ sizeof(struct kretprobe_instance)' becomes smaller than sizeof(struct
kretprobe_instance) or zero. In result, the kretprobe_instance are
allocated without enough memory, and kretprobe accesses outside of
allocated memory.

To avoid this issue, introduce a max limitation of the
kretprobe::data_size. 4KB per instance should be OK.

Link: https://lkml.kernel.org/r/163836995040.432120.10322772773821182925.stgit@devnote2

Cc: stable@vger.kernel.org
Fixes: f47cd9b553aa ("kprobes: kretprobe user entry-handler")
Reported-by: zhangyue <zhangyue1@kylinos.cn>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-08 08:45:06 +01:00
..
bpf
bpf: Prevent increasing bpf_jit_limit above max
2021-11-26 11:48:20 +01:00
configs
config: android: enable CONFIG_SECCOMP
2016-10-11 15:06:32 -07:00
debug
kdb: Make memory allocations more robust
2021-03-03 17:44:31 +01:00
events
events: Reuse value read using READ_ONCE instead of re-reading it
2021-09-22 11:43:09 +02:00
gcov
gcov: add support for GCC 10.1
2020-09-23 08:46:14 +02:00
irq
genirq: Disable interrupts for force threaded handlers
2021-03-24 10:59:26 +01:00
livepatch
livepatch/module: make TAINT_LIVEPATCH module-specific
2016-08-26 14:42:08 +02:00
locking
locking/lockdep: Avoid RCU-induced noinstr fail
2021-11-26 11:48:27 +01:00
power
PM: hibernate: use correct mode for swsusp_close()
2021-12-08 08:45:03 +01:00
printk
printk/console: Allow to disable console output by using console="" or console=null
2021-11-12 13:18:02 +01:00
rcu
rcuperf: Fix cleanup path for invalid perf_type strings
2019-05-31 06:48:30 -07:00
sched
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
2021-11-26 11:48:41 +01:00
time
kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
2021-03-24 10:59:25 +01:00
trace
tracing: Check pid filtering when creating events
2021-12-08 08:45:03 +01:00
.gitignore
acct.c
kernel/acct.c: fix the acct->needcheck check in check_free_space()
2018-01-10 09:29:51 +01:00
async.c
kernel/async.c: revert "async: simplify lowest_in_progress()"
2018-02-17 13:21:18 +01:00
audit_fsnotify.c
audit_tree.c
audit_watch.c
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
2020-10-01 20:40:07 +02:00
audit.c
audit: fix a net reference leak in audit_list_rules_send()
2021-04-07 12:05:41 +02:00
audit.h
audit: fix a net reference leak in audit_list_rules_send()
2021-04-07 12:05:41 +02:00
auditfilter.c
audit: fix a net reference leak in audit_list_rules_send()
2021-04-07 12:05:41 +02:00
auditsc.c
audit: print empty EXECVE args
2019-11-28 18:28:55 +01:00
backtracetest.c
bounds.c
kbuild: fix kernel/bounds.c 'W=1' warning
2018-11-13 11:16:57 -08:00
capability.c
ptrace: Capture the ptracer's creds not PT_PTRACE_CAP
2017-01-06 10:40:13 +01:00
cgroup_freezer.c
cgroup_pids.c
cgroup: pids: use atomic64_t for pids->limit
2019-12-21 10:42:02 +01:00
cgroup.c
cgroup: Make rebind_subsystems() disable v2 controllers all at once
2021-11-26 11:48:32 +01:00
compat.c
configs.c
context_tracking.c
cpu_pm.c
kernel/cpu_pm: Fix uninitted local in cpu_pm
2020-06-20 10:24:21 +02:00
cpu.c
kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
2020-12-29 13:44:50 +01:00
cpuset.c
sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
2017-10-12 11:51:25 +02:00
crash_dump.c
cred.c
memcg: account security cred as well to kmemcg
2020-01-12 11:24:13 +01:00
delayacct.c
dma.c
exec_domain.c
exit.c
futex: Mark the begin of futex exit explicitly
2021-02-03 23:19:49 +01:00
extable.c
kernel/extable.c: mark core_kernel_text notrace
2017-07-21 07:42:21 +02:00
fork.c
mm/hugetlb: initialize hugetlb_usage in mm_init
2021-09-22 11:43:08 +02:00
freezer.c
freezer, oom: check TIF_MEMDIE on the correct task
2016-07-28 16:07:41 -07:00
futex.c
mm, futex: fix shared futex pgoff on shmem huge page
2021-07-11 12:46:40 +02:00
groups.c
kernel: make groups_sort calling a responsibility group_info allocators
2018-01-10 09:29:52 +01:00
hung_task.c
kernel: hung_task.c: disable on suspend
2019-04-20 09:07:52 +02:00
irq_work.c
jump_label.c
jump_label: Invoke jump_label_test() via early_initcall()
2017-12-14 09:28:24 +01:00
kallsyms.c
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: ensure irq code sees a valid area
2018-08-03 07:55:12 +02:00
kexec_core.c
objtool, x86: Add several functions and files to the objtool whitelist
2018-06-05 10:28:57 +02:00
kexec_file.c
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
2021-05-22 10:40:31 +02:00
kexec_internal.h
kexec.c
kexec: allow architectures to override boot mapping
2016-08-02 19:35:27 -04:00
kmod.c
usermodehelper: reset umask to default before executing user process
2020-10-14 09:48:14 +02:00
kprobes.c
kprobes: Limit max data_size of the kretprobe instances
2021-12-08 08:45:06 +01:00
ksysfs.c
kexec: add a kexec_crash_loaded() function
2016-08-02 19:35:30 -04:00
kthread.c
kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
2021-07-11 12:46:41 +02:00
latencytop.c
Makefile
elfcore: fix building with clang
2021-02-10 09:09:25 +01:00
membarrier.c
Fix: Disable sys_membarrier when nohz_full is enabled
2017-03-12 06:41:45 +01:00
memremap.c
mm, devm_memremap_pages: kill mapping "System RAM" support
2019-01-13 10:03:51 +01:00
module_signing.c
module-internal.h
module.c
module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
2021-03-03 17:44:44 +01:00
notifier.c
x86/mm: split vmalloc_sync_all()
2020-04-02 17:20:26 +02:00
nsproxy.c
padata.c
padata: purge get_cpu and reorder_via_wq from padata_do_serial
2020-05-27 16:41:53 +02:00
panic.c
panic: ensure preemption is disabled during panic()
2019-10-17 13:42:25 -07:00
params.c
pid_namespace.c
memcg: enable accounting for pids in nested pid namespaces
2021-09-22 11:43:08 +02:00
pid.c
pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid()
2018-04-13 19:47:53 +02:00
profile.c
profiling: fix shift-out-of-bounds bugs
2021-09-26 13:36:18 +02:00
ptrace.c
ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
2021-05-26 11:29:06 +02:00
range.c
reboot.c
reboot: fix overflow parsing reboot cpu number
2020-11-18 18:26:32 +01:00
relay.c
kernel/relay.c: fix memleak on destroy relay channel
2020-08-26 10:29:03 +02:00
resource.c
resource: fix integer overflow at reallocation
2018-04-24 09:34:09 +02:00
seccomp.c
seccomp: Add missing return in non-void function
2021-03-03 17:44:43 +01:00
signal.c
signal: Remove the bogus sigkill_pending in ptrace_stop
2021-11-26 11:48:24 +01:00
smp.c
cpu/hotplug: Fix SMT supported evaluation
2018-08-15 18:14:53 +02:00
smpboot.c
kthread/smpboot: do not park in kthread_create_on_cpu()
2016-10-11 15:06:33 -07:00
smpboot.h
softirq.c
Mark HI and TASKLET softirq synchronous
2018-08-15 18:14:42 +02:00
stacktrace.c
stacktrace, lockdep: Fix address, newline ugliness
2017-02-14 15:25:42 -08:00
stop_machine.c
stop_machine: Use raw spinlocks
2018-08-03 07:55:24 +02:00
sys_ni.c
x86/pkeys: Fix pkeys build breakage for some non-x86 arches
2016-09-13 14:41:36 +02:00
sys.c
prctl: allow to setup brk for et_dyn executables
2021-09-26 13:36:18 +02:00
sysctl_binary.c
sysctl.c
sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in milliseconds
2020-07-09 09:35:55 +02:00
task_work.c
task_work: use READ_ONCE/lockless_dereference, avoid pi_lock if !task_works
2016-08-02 19:35:02 -04:00
taskstats.c
taskstats: fix data-race
2020-01-12 11:24:12 +01:00
test_kprobes.c
torture.c
torture: Convert torture_shutdown() to hrtimer
2016-08-22 10:01:49 -07:00
tracepoint.c
tracepoint: Do not fail unregistering a probe due to memory failure
2021-03-03 17:44:38 +01:00
tsacct.c
ucount.c
kernel/ucount.c: mark user_header with kmemleak_ignore()
2017-06-17 06:41:51 +02:00
uid16.c
kernel: make groups_sort calling a responsibility group_info allocators
2018-01-10 09:29:52 +01:00
up.c
smp: Add function to execute a function synchronously on a CPU
2016-09-05 13:52:39 +02:00
user_namespace.c
userns: move user access out of the mutex
2018-09-09 20:01:24 +02:00
user-return-notifier.c
user.c
utsname_sysctl.c
sys: don't hold uts_sem while accessing userspace memory
2018-09-09 20:01:24 +02:00
utsname.c
Merge branch 'nsfs-ioctls' into HEAD
2016-09-22 20:00:36 -05:00
watchdog_hld.c
kernel/watchdog: prevent false hardlockup on overloaded system
2017-06-17 06:41:57 +02:00
watchdog.c
kernel/watchdog: prevent false hardlockup on overloaded system
2017-06-17 06:41:57 +02:00
workqueue_internal.h
workqueue: Fix NULL pointer dereference
2017-11-15 15:53:17 +01:00
workqueue.c
workqueue: fix UAF in pwq_unbound_release_workfn()
2021-08-04 11:58:01 +02:00