Commit 65727860 authored by Masami Hiramatsu (Google)'s avatar Masami Hiramatsu (Google)
Browse files

fprobe: Fix to allocate entry_data_size buffer with rethook instances 

Fix to allocate fprobe::entry_data_size buffer with rethook instances.
If fprobe doesn't allocate entry_data_size buffer for each rethook instance,
fprobe entry handler can cause a buffer overrun when storing entry data in
entry handler.

Link: https://lore.kernel.org/all/170920576727.107552.638161246679734051.stgit@devnote2/



Reported-by: default avatarJiri Olsa <olsajiri@gmail.com>
Closes: https://lore.kernel.org/all/Zd9eBn2FTQzYyg7L@krava/


Fixes: 4bbd9345 ("kprobes: kretprobe scalability improvement")
Cc: stable@vger.kernel.org
Tested-by: default avatarJiri Olsa <olsajiri@gmail.com>
Signed-off-by: default avatarMasami Hiramatsu (Google) <mhiramat@kernel.org>
parent b401b621

kernel/trace/fprobe.c

+6 −8
Original line number Diff line number Diff line
@@ -189,9 +189,6 @@ static int fprobe_init_rethook(struct fprobe *fp, int num) 
{

	int size;



	if (num <= 0)

		return -EINVAL;



	if (!fp->exit_handler) {

		fp->rethook = NULL;

		return 0;
@@ -199,15 +196,16 @@ static int fprobe_init_rethook(struct fprobe *fp, int num) 


	/* Initialize rethook if needed */

	if (fp->nr_maxactive)

		size = fp->nr_maxactive;

		num = fp->nr_maxactive;

	else

		size = num * num_possible_cpus() * 2;

	if (size <= 0)

		num *= num_possible_cpus() * 2;

	if (num <= 0)

		return -EINVAL;



	size = sizeof(struct fprobe_rethook_node) + fp->entry_data_size;



	/* Initialize rethook */

	fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler,

				sizeof(struct fprobe_rethook_node), size);

	fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler, size, num);

	if (IS_ERR(fp->rethook))

		return PTR_ERR(fp->rethook);