linux

mirror of https://github.com/hardkernel/linux.git synced 2026-03-25 03:50:24 +09:00

Files

Masami Hiramatsu a1ba65e6df kprobes: Limit max data_size of the kretprobe instances

commit 6bbfa44116 upstream.

The 'kprobe::data_size' is unsigned, thus it can not be negative.  But if
user sets it enough big number (e.g. (size_t)-8), the result of 'data_size
+ sizeof(struct kretprobe_instance)' becomes smaller than sizeof(struct
kretprobe_instance) or zero. In result, the kretprobe_instance are
allocated without enough memory, and kretprobe accesses outside of
allocated memory.

To avoid this issue, introduce a max limitation of the
kretprobe::data_size. 4KB per instance should be OK.

Link: https://lkml.kernel.org/r/163836995040.432120.10322772773821182925.stgit@devnote2

Cc: stable@vger.kernel.org
Fixes: f47cd9b553 ("kprobes: kretprobe user entry-handler")
Reported-by: zhangyue <zhangyue1@kylinos.cn>
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2023-05-16 12:21:33 +09:00

bpf

bpf: Prevent increasing bpf_jit_limit above max

2023-05-16 12:12:54 +09:00

configs

ANDROID: add script to fetch android kernel config fragments

2017-10-03 17:19:26 +00:00

debug

kdb: Make memory allocations more robust

2023-05-16 10:36:43 +09:00

events

events: Reuse value read using READ_ONCE instead of re-reading it

2023-05-16 11:46:48 +09:00

gcov

gcov: add support for GCC 10.1

2023-05-16 09:13:10 +09:00

irq

genirq: Disable interrupts for force threaded handlers

2023-05-16 10:48:29 +09:00

livepatch

livepatch/module: make TAINT_LIVEPATCH module-specific

2016-08-26 14:42:08 +02:00

locking

locking/lockdep: Avoid RCU-induced noinstr fail

2023-05-16 12:14:03 +09:00

power

PM: hibernate: use correct mode for swsusp_close()

2023-05-16 12:21:03 +09:00

printk

printk/console: Allow to disable console output by using console="" or console=null

2023-05-16 12:02:34 +09:00

rcu

rcuperf: Fix cleanup path for invalid perf_type strings

2023-05-15 13:36:07 +09:00

sched

sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()

2023-05-16 12:16:21 +09:00

time

kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()

2023-05-16 10:48:22 +09:00

trace

tracing: Check pid filtering when creating events

2023-05-16 12:21:05 +09:00

.gitignore

certs: add .gitignore to stop git nagging about x509_certificate_list

2015-10-21 15:18:35 +01:00

acct.c

kernel/acct.c: fix the acct->needcheck check in check_free_space()

2018-01-10 09:29:51 +01:00

async.c

kernel/async.c: revert "async: simplify lowest_in_progress()"

2018-02-17 13:21:18 +01:00

audit_fsnotify.c

wrappers for ->i_mutex access

2016-01-22 18:04:28 -05:00

audit_tree.c

audit: cleanup prune_tree_thread

2016-04-04 09:46:47 -04:00

audit_watch.c

audit: CONFIG_CHANGE don't log internal bookkeeping as an event

2023-05-16 09:15:30 +09:00

audit.c

audit: fix a net reference leak in audit_list_rules_send()

2023-05-16 10:50:19 +09:00

audit.h

audit: fix a net reference leak in audit_list_rules_send()

2023-05-16 10:50:19 +09:00

auditfilter.c

audit: fix a net reference leak in audit_list_rules_send()

2023-05-16 10:50:19 +09:00

auditsc.c

audit: print empty EXECVE args

2023-05-15 15:18:40 +09:00

backtracetest.c

…

bounds.c

kbuild: fix kernel/bounds.c 'W=1' warning

2023-05-15 09:22:43 +09:00

capability.c

ptrace: Capture the ptracer's creds not PT_PTRACE_CAP

2017-01-06 10:40:13 +01:00

cfi.c

cfi: print target address on failure

2018-05-01 16:49:34 +00:00

cgroup_freezer.c

cgroup: kill cgrp_ss_priv[CGROUP_CANFORK_COUNT] and friends

2015-12-03 10:24:08 -05:00

cgroup_pids.c

cgroup: pids: use atomic64_t for pids->limit

2023-05-15 16:16:25 +09:00

cgroup.c

cgroup: Make rebind_subsystems() disable v2 controllers all at once

2023-05-16 12:14:32 +09:00

compat.c

19af5c5 dtv_demod: add AGC control for board t309 [1/1]

2019-05-06 21:14:10 +08:00

configs.c

…

context_tracking.c

context_tracking: Switch to new static_branch API

2015-11-24 09:56:43 +01:00

cpu_pm.c

kernel/cpu_pm: Fix uninitted local in cpu_pm

2023-05-15 17:34:36 +09:00

cpu.c

kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling

2023-05-16 09:56:17 +09:00

cpuset.c

Merge 4.9.55 into android-4.9

2017-10-12 22:31:24 +02:00

crash_dump.c

crash_dump: Make is_kdump_kernel() accessible from modules

2014-08-25 15:42:19 -07:00

cred.c

memcg: account security cred as well to kmemcg

2023-05-15 16:30:24 +09:00

delayacct.c

kmemcg: account certain kmem allocations to memcg

2016-01-14 16:00:49 -08:00

dma.c

…

exec_domain.c

Remove rest of exec domains.

2015-04-12 21:03:31 +02:00

exit.c

futex: Mark the begin of futex exit explicitly

2023-05-16 10:33:14 +09:00

extable.c

kernel/extable.c: mark core_kernel_text notrace

2017-07-21 07:42:21 +02:00

fork.c

mm/hugetlb: initialize hugetlb_usage in mm_init

2023-05-16 11:46:31 +09:00

freezer.c

freezer, oom: check TIF_MEMDIE on the correct task

2016-07-28 16:07:41 -07:00

futex.c

mm, futex: fix shared futex pgoff on shmem huge page

2023-05-16 11:16:33 +09:00

groups.c

kernel: make groups_sort calling a responsibility group_info allocators

2018-01-10 09:29:52 +01:00

hung_task.c

kernel: hung_task.c: disable on suspend

2023-05-15 12:23:14 +09:00

irq_work.c

treewide: Remove old email address

2015-11-23 09:44:58 +01:00

jump_label.c

jump_label: Invoke jump_label_test() via early_initcall()

2017-12-14 09:28:24 +01:00

kallsyms.c

rodata: optimize memory usage of rodata section [4/5]

2023-04-21 13:52:34 +09:00

kcmp.c

ptrace: use fsuid, fsgid, effective creds for fs access checks

2016-01-20 17:09:18 -08:00

Kconfig.freezer

…

Kconfig.hz

…

Kconfig.locks

locking/qrwlock: Rename QUEUE_RWLOCK to QUEUED_RWLOCKS

2015-05-12 09:46:00 +02:00

Kconfig.preempt

…

kcov.c

kcov: ensure irq code sees a valid area

2023-05-12 16:39:07 +09:00

kexec_core.c

objtool, x86: Add several functions and files to the objtool whitelist

2018-06-05 10:28:57 +02:00

kexec_file.c

kernel: kexec_file: fix error return code of kexec_calculate_store_digests()

2023-05-16 11:04:16 +09:00

kexec_internal.h

kexec: move some memembers and definitions within the scope of CONFIG_KEXEC_FILE

2016-01-20 17:09:18 -08:00

kexec.c

kexec: allow architectures to override boot mapping

2016-08-02 19:35:27 -04:00

kmod.c

usermodehelper: reset umask to default before executing user process

2023-05-16 09:24:03 +09:00

kprobes.c

kprobes: Limit max data_size of the kretprobe instances

2023-05-16 12:21:33 +09:00

ksysfs.c

kexec: add a kexec_crash_loaded() function

2016-08-02 19:35:30 -04:00

kthread.c

kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()

2023-05-16 11:16:38 +09:00

latencytop.c

sched/debug: Make schedstats a runtime tunable that is disabled by default

2016-02-09 11:54:23 +01:00

Makefile

elfcore: fix building with clang

2023-05-16 10:34:10 +09:00

membarrier.c

Fix: Disable sys_membarrier when nohz_full is enabled

2017-03-12 06:41:45 +01:00

memremap.c

mm, devm_memremap_pages: kill mapping "System RAM" support

2023-05-15 10:54:41 +09:00

module_signing.c

KEYS: Move the point of trust determination to __key_link()

2016-04-11 22:43:43 +01:00

module-internal.h

…

module.c

module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols

2023-05-16 10:38:49 +09:00

notifier.c

x86/mm: split vmalloc_sync_all()

2023-05-15 17:11:06 +09:00

nsproxy.c

cgroup: introduce cgroup namespaces

2016-02-16 13:04:58 -05:00

padata.c

padata: purge get_cpu and reorder_via_wq from padata_do_serial

2023-05-15 17:28:50 +09:00

panic.c

panic: ensure preemption is disabled during panic()

2023-05-15 14:48:19 +09:00

params.c

Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux

2015-11-09 15:53:39 -08:00

pid_namespace.c

memcg: enable accounting for pids in nested pid namespaces

2023-05-16 11:46:33 +09:00

pid.c

UPSTREAM: locking/atomic, kref: Add KREF_INIT()

2023-05-16 10:25:44 +09:00

profile.c

profiling: fix shift-out-of-bounds bugs

2023-05-16 11:52:36 +09:00

ptrace.c

ptrace: make ptrace() fail if the tracee changed its pid unexpectedly

2023-05-16 11:05:16 +09:00

range.c

kernel: avoid overflow in cmp_range

2015-01-17 10:02:23 +13:00

reboot.c

reboot: fix overflow parsing reboot cpu number

2023-05-16 09:48:13 +09:00

relay.c

kernel/relay.c: fix memleak on destroy relay channel

2023-05-16 08:54:40 +09:00

resource.c

resource: fix integer overflow at reallocation

2018-04-24 09:34:09 +02:00

seccomp.c

seccomp: Add missing return in non-void function

2023-05-16 10:38:38 +09:00

signal.c

signal: Remove the bogus sigkill_pending in ptrace_stop

2023-05-16 12:13:41 +09:00

smp.c

cpu/hotplug: Fix SMT supported evaluation

2023-05-12 16:55:46 +09:00

smpboot.c

kthread/smpboot: do not park in kthread_create_on_cpu()

2016-10-11 15:06:33 -07:00

smpboot.h

cpu/hotplug: Create hotplug threads

2016-03-01 20:36:56 +01:00

softirq.c

Mark HI and TASKLET softirq synchronous

2023-05-12 16:46:40 +09:00

stacktrace.c

stacktrace, lockdep: Fix address, newline ugliness

2017-02-14 15:25:42 -08:00

stop_machine.c

stop_machine: Use raw spinlocks

2023-05-12 16:43:35 +09:00

sys_ni.c

x86/pkeys: Fix pkeys build breakage for some non-x86 arches

2016-09-13 14:41:36 +02:00

sys.c

prctl: allow to setup brk for et_dyn executables

2023-05-16 11:52:33 +09:00

sysctl_binary.c

kernel/sysctl_binary.c: use generic UUID library

2016-05-20 17:58:30 -07:00

sysctl.c

sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in milliseconds

2023-05-16 08:29:07 +09:00

task_work.c

task_work: use READ_ONCE/lockless_dereference, avoid pi_lock if !task_works

2016-08-02 19:35:02 -04:00

taskstats.c

taskstats: fix data-race

2023-05-15 16:30:15 +09:00

test_kprobes.c

…

torture.c

torture: Convert torture_shutdown() to hrtimer

2016-08-22 10:01:49 -07:00

tracepoint.c

tracepoint: Do not fail unregistering a probe due to memory failure

2023-05-16 10:37:50 +09:00

tsacct.c

time, acct: Drop irq save & restore from __acct_update_integrals()

2016-02-29 09:53:09 +01:00

ucount.c

kernel/ucount.c: mark user_header with kmemleak_ignore()

2017-06-17 06:41:51 +02:00

uid16.c

kernel: make groups_sort calling a responsibility group_info allocators

2018-01-10 09:29:52 +01:00

up.c

smp: Add function to execute a function synchronously on a CPU

2016-09-05 13:52:39 +02:00

user_namespace.c

userns: move user access out of the mutex

2023-05-12 17:24:22 +09:00

user-return-notifier.c

scheduler: Replace __get_cpu_var with this_cpu_ptr

2014-08-26 13:45:45 -04:00

user.c

ANDROID: proc: Add /proc/uid directory

2018-04-03 11:15:30 -07:00

utsname_sysctl.c

sys: don't hold uts_sem while accessing userspace memory

2023-05-12 17:24:20 +09:00

utsname.c

Merge branch 'nsfs-ioctls' into HEAD

2016-09-22 20:00:36 -05:00

watchdog_hld.c

debug: hard lockup detect

2018-05-09 19:39:28 -07:00

watchdog.c

debug: hard lockup detect

2018-05-09 19:39:28 -07:00

workqueue_internal.h

workqueue: Fix NULL pointer dereference

2017-11-15 15:53:17 +01:00

workqueue.c

workqueue: fix UAF in pwq_unbound_release_workfn()

2023-05-16 11:34:43 +09:00