| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Sep 2017 08:01:26 -0400 (EDT)
From: Shu Wang <shuwang@...hat.com>
To: rostedt@...dmis.org, mingo@...hat.com
Cc: chuhu@...hat.com, liwang@...hat.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ftrace: fix kmemleak in unregister_ftrace_graph
> From: shuwang@...hat.com
> To: rostedt@...dmis.org, mingo@...hat.com
> Cc: chuhu@...hat.com, liwang@...hat.com, linux-kernel@...r.kernel.org, "Shu Wang" <shuwang@...hat.com>
> Sent: Tuesday, September 12, 2017 10:14:54 AM
> Subject: [PATCH] ftrace: fix kmemleak in unregister_ftrace_graph
>
> From: Shu Wang <shuwang@...hat.com>
>
> The trampoline allocated by function tracer was
> overwrite by function_graph tracer, and cause
> memory leak. The save_global_trampoline should
> save previous trampoline in register_ftrace_graph
> and restore it in unregister_ftrace_graph. But
> as it implemented, save_global_trampoline was only
> used in unregister_ftrace_graph as default value 0,
> and overwrite the previous trampoline's value.
>
> kmmeleak backtrace:
> kmemleak_vmalloc+0x77/0xc0
> __vmalloc_node_range+0x1b5/0x2c0
> module_alloc+0x7c/0xd0
> arch_ftrace_update_trampoline+0xb5/0x290
> ftrace_startup+0x78/0x210
> register_ftrace_function+0x8b/0xd0
> function_trace_init+0x4f/0x80
> tracing_set_tracer+0xe6/0x170
> tracing_set_trace_write+0x90/0xd0
> __vfs_write+0x37/0x170
> vfs_write+0xb2/0x1b0
> SyS_write+0x55/0xc0
> do_syscall_64+0x67/0x180
> return_from_SYSCALL_64+0x0/0x6a
>
> Signed-off-by: Shu Wang <shuwang@...hat.com>
> ---
> kernel/trace/ftrace.c | 14 --------------
> 1 file changed, 14 deletions(-)
>
> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
> index 6abfafd7f173..8319e09e15b9 100644
> --- a/kernel/trace/ftrace.c
> +++ b/kernel/trace/ftrace.c
> @@ -4954,9 +4954,6 @@ static char ftrace_graph_buf[FTRACE_FILTER_SIZE]
> __initdata;
> static char ftrace_graph_notrace_buf[FTRACE_FILTER_SIZE] __initdata;
> static int ftrace_graph_set_hash(struct ftrace_hash *hash, char *buffer);
>
> -static unsigned long save_global_trampoline;
> -static unsigned long save_global_flags;
> -
> static int __init set_graph_function(char *str)
> {
> strlcpy(ftrace_graph_buf, str, FTRACE_FILTER_SIZE);
> @@ -6808,17 +6805,6 @@ void unregister_ftrace_graph(void)
> unregister_pm_notifier(&ftrace_suspend_notifier);
> unregister_trace_sched_switch(ftrace_graph_probe_sched_switch, NULL);
>
> -#ifdef CONFIG_DYNAMIC_FTRACE
> - /*
> - * Function graph does not allocate the trampoline, but
> - * other global_ops do. We need to reset the ALLOC_TRAMP flag
> - * if one was used.
> - */
> - global_ops.trampoline = save_global_trampoline;
> - if (save_global_flags & FTRACE_OPS_FL_ALLOC_TRAMP)
> - global_ops.flags |= FTRACE_OPS_FL_ALLOC_TRAMP;
> -#endif
> -
> out:
> mutex_unlock(&ftrace_lock);
> }
> --
> 2.13.5
>
>
ping
Powered by blists - more mailing lists