github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
a8392866c5
linux/kernel
History
Masami Hiramatsu 16ccd481e3 kprobes: Limit max data_size of the kretprobe instances 
commit 6bbfa44116 upstream.

The 'kprobe::data_size' is unsigned, thus it can not be negative.  But if
user sets it enough big number (e.g. (size_t)-8), the result of 'data_size
+ sizeof(struct kretprobe_instance)' becomes smaller than sizeof(struct
kretprobe_instance) or zero. In result, the kretprobe_instance are
allocated without enough memory, and kretprobe accesses outside of
allocated memory.

To avoid this issue, introduce a max limitation of the
kretprobe::data_size. 4KB per instance should be OK.

Link: https://lkml.kernel.org/r/163836995040.432120.10322772773821182925.stgit@devnote2

Cc: stable@vger.kernel.org
Fixes: f47cd9b553 ("kprobes: kretprobe user entry-handler")
Reported-by: zhangyue <zhangyue1@kylinos.cn>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-12-08 09:04:41 +01:00
..
bpf bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs 2021-11-25 09:49:07 +01:00
cgroup cgroup: Fix rootcg cpu.stat guest double counting 2021-11-18 19:16:45 +01:00
configs
debug kdb: Adopt scheduler's task classification 2021-11-18 19:17:06 +01:00
dma dma-mapping fixes for Linux 5.15 2021-10-20 10:16:51 -10:00
entry signal: Replace force_fatal_sig with force_exit_sig when in doubt 2021-11-25 09:49:07 +01:00
events perf: Ignore sigtrap for tracepoints destined for other tasks 2021-12-01 09:04:54 +01:00
gcov
irq PCI/MSI: Move non-mask check back into low level accessors 2021-11-18 19:17:14 +01:00
kcsan LKMM updates: 2021-09-02 13:00:15 -07:00
livepatch
locking locking/rwsem: Make handoff bit handling more consistent 2021-12-01 09:04:54 +01:00
power PM: hibernate: use correct mode for swsusp_close() 2021-12-01 09:04:51 +01:00
printk printk: restore flushing of NMI buffers on remote CPUs after NMI backtraces 2021-11-25 09:48:45 +01:00
rcu rcu: Fix rcu_dynticks_curr_cpu_in_eqs() vs noinstr 2021-11-18 19:16:30 +01:00
sched sched/scs: Reset task stack state in bringup_cpu() 2021-12-01 09:04:54 +01:00
time posix-cpu-timers: Clear task::posix_cputimers_work in copy_process() 2021-11-18 19:17:14 +01:00
trace tracing: Don't use out-of-sync va_list in event printing 2021-12-08 09:04:41 +01:00
.gitignore
acct.c kernel/acct.c: use dedicated helper to access rlimit values 2021-09-08 11:50:26 -07:00
async.c
audit_fsnotify.c
audit_tree.c
audit_watch.c
audit.c
audit.h
auditfilter.c
auditsc.c audit: fix possible null-pointer dereference in audit_filter_rules 2021-10-18 18:27:47 -04:00
backtracetest.c
bounds.c
capability.c
cfi.c
compat.c arch: remove compat_alloc_user_space 2021-09-08 15:32:35 -07:00
configs.c
context_tracking.c
cpu_pm.c
cpu.c sched/scs: Reset task stack state in bringup_cpu() 2021-12-01 09:04:54 +01:00
crash_core.c
crash_dump.c
cred.c ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring 2021-10-20 10:34:20 -05:00
delayacct.c
dma.c
exec_domain.c
exit.c
extable.c
fail_function.c
fork.c posix-cpu-timers: Clear task::posix_cputimers_work in copy_process() 2021-11-18 19:17:14 +01:00
freezer.c
futex.c futex: Remove unused variable 'vpid' in futex_proxy_trylock_atomic() 2021-09-03 23:00:22 +02:00
gen_kheaders.sh
groups.c
hung_task.c
iomem.c
irq_work.c
jump_label.c
kallsyms.c
kcmp.c
Kconfig.freezer
Kconfig.hz
Kconfig.locks
Kconfig.preempt
kcov.c
kexec_core.c
kexec_elf.c
kexec_file.c
kexec_internal.h
kexec.c kexec: avoid compat_alloc_user_space 2021-09-08 15:32:34 -07:00
kheaders.c
kmod.c
kprobes.c kprobes: Limit max data_size of the kretprobe instances 2021-12-08 09:04:41 +01:00
ksysfs.c
kthread.c
latencytop.c
Makefile
module_signature.c
module_signing.c
module-internal.h
module.c module: fix clang CFI with MODULE_UNLOAD=n 2021-09-28 12:56:26 +02:00
notifier.c
nsproxy.c memcg: enable accounting for new namesapces and struct nsproxy 2021-09-03 09:58:12 -07:00
padata.c
panic.c
params.c
pid_namespace.c memcg: enable accounting for new namesapces and struct nsproxy 2021-09-03 09:58:12 -07:00
pid.c
profile.c profiling: fix shift-out-of-bounds bugs 2021-09-08 11:50:26 -07:00
ptrace.c
range.c
reboot.c
regset.c
relay.c
resource_kunit.c
resource.c
rseq.c KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest 2021-09-22 10:24:01 -04:00
scftorture.c
scs.c scs: Release kasan vmalloc poison in scs_free process 2021-11-18 19:16:29 +01:00
seccomp.c Merge branch 'exit-cleanups-for-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2021-09-01 14:52:05 -07:00
signal.c signal: Replace force_fatal_sig with force_exit_sig when in doubt 2021-11-25 09:49:07 +01:00
smp.c
smpboot.c
smpboot.h
softirq.c
stackleak.c
stacktrace.c
static_call.c
stop_machine.c
sys_ni.c compat: remove some compat entry points 2021-09-08 15:32:35 -07:00
sys.c Merge branch 'akpm' (patches from Andrew) 2021-09-08 12:55:35 -07:00
sysctl-test.c
sysctl.c Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
task_work.c
taskstats.c
test_kprobes.c
torture.c
tracepoint.c
tsacct.c
ucount.c ucounts: Fix signal ucount refcounting 2021-10-18 16:02:30 -05:00
uid16.c
uid16.h
umh.c
up.c
user_namespace.c memcg: enable accounting for new namesapces and struct nsproxy 2021-09-03 09:58:12 -07:00
user-return-notifier.c
user.c fs/epoll: use a per-cpu counter for user's watches count 2021-09-08 11:50:27 -07:00
usermode_driver.c
utsname_sysctl.c
utsname.c
watch_queue.c
watchdog_hld.c
watchdog.c
workqueue_internal.h
workqueue.c workqueue: make sysfs of unbound kworker cpumask more clever 2021-11-18 19:16:17 +01:00