diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-04-11 05:48:05 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-04-11 05:48:05 +0300 |
| commit | e8c39d0f57f358950356a8e44ee5159f57f86ec5 (patch) | |
| tree | 05e9af52843ce3f26e45c2db94a8e29f5a629182 /MAINTAINERS | |
| parent | 03a55b63919f4b52b9c323d9a43ccccdc1cdb33b (diff) | |
| parent | 325f3fb551f8cd672dbbfc4cf58b14f9ee3fc9e8 (diff) | |
| download | linux-e8c39d0f57f358950356a8e44ee5159f57f86ec5.tar.xz | |
Merge tag 'probes-fixes-v6.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull probes fixes from Masami Hiramatsu:
"Fix possible use-after-free issue on kprobe registration.
check_kprobe_address_safe() uses `is_module_text_address()` and
`__module_text_address()` separately.
As a result, if the probed address is in a module that is being
unloaded, the first `is_module_text_address()` might return true but
then the `__module_text_address()` call might return NULL if the
module has been unloaded between the two.
The result is that kprobe believes the probe is on the kernel text,
and skips getting a module reference. In this case, when it arms a
breakpoint on the probe address, it may cause a use-after-free.
To fix this issue, only use `__module_text_address()` once and get a
reference to the module then. If it fails, reject the probe"
* tag 'probes-fixes-v6.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
kprobes: Fix possible use-after-free issue on kprobe registration
Diffstat (limited to 'MAINTAINERS')
0 files changed, 0 insertions, 0 deletions