review.tizen.org Git - platform/kernel/linux-rpi.git/commit

author	Masami Hiramatsu <mhiramat@kernel.org>
	Wed, 1 Dec 2021 14:45:50 +0000 (23:45 +0900)
committer	Steven Rostedt (VMware) <rostedt@goodmis.org>
	Thu, 2 Dec 2021 02:04:34 +0000 (21:04 -0500)
commit	6bbfa44116689469267f1a6e3d233b52114139d2
tree	f4efdc55d15d0e54f9ee1b53d996f1c55278fdfc	tree \| snapshot
parent	f25667e5980a4333729cac3101e5de1bb851f71a	commit \| diff

kprobes: Limit max data_size of the kretprobe instances

The 'kprobe::data_size' is unsigned, thus it can not be negative. But if
user sets it enough big number (e.g. (size_t)-8), the result of 'data_size
+ sizeof(struct kretprobe_instance)' becomes smaller than sizeof(struct
kretprobe_instance) or zero. In result, the kretprobe_instance are
allocated without enough memory, and kretprobe accesses outside of
allocated memory.

To avoid this issue, introduce a max limitation of the
kretprobe::data_size. 4KB per instance should be OK.

Link: https://lkml.kernel.org/r/163836995040.432120.10322772773821182925.stgit@devnote2
Cc: stable@vger.kernel.org
Fixes: f47cd9b553aa ("kprobes: kretprobe user entry-handler")
Reported-by: zhangyue <zhangyue1@kylinos.cn>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>

include/linux/kprobes.h		diff \| blob \| history
kernel/kprobes.c		diff \| blob \| history