From: Bixuan Cui <cuibixuan@huawei.com>
To: <linux-kernel@vger.kernel.org>
Cc: "Libin (Huawei)" <huawei.libin@huawei.com>,
"kangwen (A)" <kangwen1@huawei.com>
Subject: [PATCH] kernel/kprobes: add check to avoid memory leaks
Date: Wed, 25 Oct 2017 20:29:12 +0800 [thread overview]
Message-ID: <59F08398.3020707@huawei.com> (raw)
The register_kretprobe(struct kretprobe *rp) creates and initializes
a hash list for rp->free_instances when register kretprobe every time.
Then malloc memory for it.
The test case:
static struct kretprobe rp;
struct kretprobe *rps[2]={&rp, &rp};
static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
printk(KERN_DEBUG "ret_handler\n");
return 0;
}
static int entry_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
printk(KERN_DEBUG "entry_handler\n");
return 0;
}
static int __init kretprobe_init(void)
{
int ret;
rp.kp.addr = (kprobe_opcode_t *)kallsyms_lookup_name("do_fork");
rp.handler=ret_handler;
rp.entry_handler=entry_handler;
rp.maxactive = 3;
ret = register_kretprobes(rps,2);
Result:
unreferenced object 0xffff8010b12ad980 (size 64):
comm "insmod", pid 17352, jiffies 4298977824 (age 63065.756s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 d8 84 12 fc ff 7f ff ff ................
74 65 73 74 52 65 67 4b 72 65 74 70 72 6f 62 65 testRegKretprobe
backtrace:
[<ffff8000002cd880>] create_object+0x1e0/0x3f0
[<ffff800000fa3d6c>] kmemleak_alloc+0x6c/0xf0
[<ffff8000002ac97c>] __kmalloc+0x23c/0x2e0
[<ffff8000001a6f2c>] register_kretprobe+0x12c/0x350
When call register_kretprobes(struct kretprobe **rps, int num) with the
same rps(num>=2).
The first time,call INIT_HLIST_HEAD() and kmalloc() to malloc memory for the
hash list,then save into rp->free_instances.
The second time,call INIT_HLIST_HEAD() and kmalloc() then create a new
hash list into rp->free_instances and lost the first rp->free_instances.
So add check to avoid it.
Reported-and-tested-by: kangwen <kangwen1@huawei.com>
Signed-off-by: Bixuan Cui <cuibixuan@huawei.com>
---
kernel/kprobes.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index 6301dae..f19f191 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -1890,10 +1890,16 @@ EXPORT_SYMBOL_GPL(register_kretprobe);
int register_kretprobes(struct kretprobe **rps, int num)
{
- int ret = 0, i;
+ int ret = 0, i, j;
if (num <= 0)
return -EINVAL;
+
+ for (i = 0; i < num-1; i++)
+ for (j = i+1; j < num; j++)
+ if (rps[i] == rps[j])
+ return -EINVAL;
+
for (i = 0; i < num; i++) {
ret = register_kretprobe(rps[i]);
if (ret < 0) {
--
2.6.2
next reply other threads:[~2017-10-25 12:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-25 12:29 Bixuan Cui [this message]
2017-10-30 1:10 ` [PATCH] kernel/kprobes: add check to avoid memory leaks Bixuan Cui
2017-10-30 4:42 ` Masami Hiramatsu
2017-10-30 11:34 ` Bixuan Cui
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=59F08398.3020707@huawei.com \
--to=cuibixuan@huawei.com \
--cc=huawei.libin@huawei.com \
--cc=kangwen1@huawei.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.