lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 26 Oct 2017 01:54:53 +0900
From:   Masami Hiramatsu <mhiramat@...nel.org>
To:     JianKang Chen <chenjiankang1@...wei.com>
Cc:     <nanth@...ux.vnet.ibm.com>, <anil.s.keshavamurthy@...el.com>,
        <linux-kernel@...r.kernel.org>, <xieyisheng1@...wei.com>,
        <wangkefeng.wang@...wei.com>
Subject: Re: [PATCH] kernel/kprobes: add check to avoid kprobe memory leak

On Tue, 24 Oct 2017 20:17:02 +0800
JianKang Chen <chenjiankang1@...wei.com> wrote:

> The function register_kretprobe is used to initialize a struct
> kretprobe and allocate a list table for kprobe instance.
> However,in this function, there is a memory leak.
> 
> The test case:
> 
> static struct kretprobe rp;
> struct  kretprobe *rps[10]={&rp ,&rp ,&rp ,
> &rp ,&rp ,&rp ,&rp ,&rp ,&rp,&rp};

What ? this is buggy code. you must not list same kretprobe.
But, year, since register_kprobe() already has similar protection against
reusing, register_kretprobe() should do so.

[..]
>  	raw_spin_lock_init(&rp->lock);
> +
> +	if (!hlist_empty(&rp->free_instances))
> +		return -EBUSY;
> +

Hmm, but can you use check_kprobe_rereg() before raw_spin_lock_init()?
If user reuses rp after it starts, rp->lock can already be used.

Thank you,

>  	INIT_HLIST_HEAD(&rp->free_instances);
>  	for (i = 0; i < rp->maxactive; i++) {
>  		inst = kmalloc(sizeof(struct kretprobe_instance) +
> -- 
> 1.7.12.4
> 


-- 
Masami Hiramatsu <mhiramat@...nel.org>

Powered by blists - more mailing lists