| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20171026015453.ba08699319ffaa9a18bbd8e3@kernel.org>
Date: Thu, 26 Oct 2017 01:54:53 +0900
From: Masami Hiramatsu <mhiramat@...nel.org>
To: JianKang Chen <chenjiankang1@...wei.com>
Cc: <nanth@...ux.vnet.ibm.com>, <anil.s.keshavamurthy@...el.com>,
<linux-kernel@...r.kernel.org>, <xieyisheng1@...wei.com>,
<wangkefeng.wang@...wei.com>
Subject: Re: [PATCH] kernel/kprobes: add check to avoid kprobe memory leak
On Tue, 24 Oct 2017 20:17:02 +0800
JianKang Chen <chenjiankang1@...wei.com> wrote:
> The function register_kretprobe is used to initialize a struct
> kretprobe and allocate a list table for kprobe instance.
> However,in this function, there is a memory leak.
>
> The test case:
>
> static struct kretprobe rp;
> struct kretprobe *rps[10]={&rp ,&rp ,&rp ,
> &rp ,&rp ,&rp ,&rp ,&rp ,&rp,&rp};
What ? this is buggy code. you must not list same kretprobe.
But, year, since register_kprobe() already has similar protection against
reusing, register_kretprobe() should do so.
[..]
> raw_spin_lock_init(&rp->lock);
> +
> + if (!hlist_empty(&rp->free_instances))
> + return -EBUSY;
> +
Hmm, but can you use check_kprobe_rereg() before raw_spin_lock_init()?
If user reuses rp after it starts, rp->lock can already be used.
Thank you,
> INIT_HLIST_HEAD(&rp->free_instances);
> for (i = 0; i < rp->maxactive; i++) {
> inst = kmalloc(sizeof(struct kretprobe_instance) +
> --
> 1.7.12.4
>
--
Masami Hiramatsu <mhiramat@...nel.org>
Powered by blists - more mailing lists