* [PATCH] fprobe: Fix to allocate entry_data_size buffer with rethook instances
@ 2024-02-29 11:22 Masami Hiramatsu (Google)
2024-02-29 11:28 ` Masami Hiramatsu
2024-02-29 21:58 ` Jiri Olsa
0 siblings, 2 replies; 4+ messages in thread
From: Masami Hiramatsu (Google) @ 2024-02-29 11:22 UTC (permalink / raw)
To: Steven Rostedt, linux-trace-kernel; +Cc: Jiri Olsa, linux-kernel
From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Fix to allocate fprobe::entry_data_size buffer with rethook instances.
If fprobe doesn't allocate entry_data_size buffer for each rethook instance,
fprobe entry handler can cause a buffer overrun when storing entry data in
entry handler.
Reported-by: Jiri Olsa <olsajiri@gmail.com>
Fixes: 4bbd93455659 ("kprobes: kretprobe scalability improvement")
Cc: stable@vger.kernel.org
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
---
kernel/trace/fprobe.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c
index 6cd2a4e3afb8..9ff018245840 100644
--- a/kernel/trace/fprobe.c
+++ b/kernel/trace/fprobe.c
@@ -189,9 +189,6 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
{
int size;
- if (num <= 0)
- return -EINVAL;
-
if (!fp->exit_handler) {
fp->rethook = NULL;
return 0;
@@ -199,15 +196,16 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
/* Initialize rethook if needed */
if (fp->nr_maxactive)
- size = fp->nr_maxactive;
+ num = fp->nr_maxactive;
else
- size = num * num_possible_cpus() * 2;
- if (size <= 0)
+ num *= num_possible_cpus() * 2;
+ if (num <= 0)
return -EINVAL;
+ size = sizeof(struct fprobe_rethook_node) + fp->entry_data_size;
+
/* Initialize rethook */
- fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler,
- sizeof(struct fprobe_rethook_node), size);
+ fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler, size, num);
if (IS_ERR(fp->rethook))
return PTR_ERR(fp->rethook);
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH] fprobe: Fix to allocate entry_data_size buffer with rethook instances
2024-02-29 11:22 [PATCH] fprobe: Fix to allocate entry_data_size buffer with rethook instances Masami Hiramatsu (Google)
@ 2024-02-29 11:28 ` Masami Hiramatsu
2024-02-29 21:58 ` Jiri Olsa
1 sibling, 0 replies; 4+ messages in thread
From: Masami Hiramatsu @ 2024-02-29 11:28 UTC (permalink / raw)
To: Masami Hiramatsu (Google)
Cc: Steven Rostedt, linux-trace-kernel, Jiri Olsa, linux-kernel
On Thu, 29 Feb 2024 20:22:47 +0900
"Masami Hiramatsu (Google)" <mhiramat@kernel.org> wrote:
> From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
>
> Fix to allocate fprobe::entry_data_size buffer with rethook instances.
> If fprobe doesn't allocate entry_data_size buffer for each rethook instance,
> fprobe entry handler can cause a buffer overrun when storing entry data in
> entry handler.
>
Oops, missed a URL.
> Reported-by: Jiri Olsa <olsajiri@gmail.com>
Closes: https://lore.kernel.org/all/Zd9eBn2FTQzYyg7L@krava/
Thanks,
> Fixes: 4bbd93455659 ("kprobes: kretprobe scalability improvement")
> Cc: stable@vger.kernel.org
> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
> ---
> kernel/trace/fprobe.c | 14 ++++++--------
> 1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c
> index 6cd2a4e3afb8..9ff018245840 100644
> --- a/kernel/trace/fprobe.c
> +++ b/kernel/trace/fprobe.c
> @@ -189,9 +189,6 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
> {
> int size;
>
> - if (num <= 0)
> - return -EINVAL;
> -
> if (!fp->exit_handler) {
> fp->rethook = NULL;
> return 0;
> @@ -199,15 +196,16 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
>
> /* Initialize rethook if needed */
> if (fp->nr_maxactive)
> - size = fp->nr_maxactive;
> + num = fp->nr_maxactive;
> else
> - size = num * num_possible_cpus() * 2;
> - if (size <= 0)
> + num *= num_possible_cpus() * 2;
> + if (num <= 0)
> return -EINVAL;
>
> + size = sizeof(struct fprobe_rethook_node) + fp->entry_data_size;
> +
> /* Initialize rethook */
> - fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler,
> - sizeof(struct fprobe_rethook_node), size);
> + fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler, size, num);
> if (IS_ERR(fp->rethook))
> return PTR_ERR(fp->rethook);
>
>
>
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] fprobe: Fix to allocate entry_data_size buffer with rethook instances
2024-02-29 11:22 [PATCH] fprobe: Fix to allocate entry_data_size buffer with rethook instances Masami Hiramatsu (Google)
2024-02-29 11:28 ` Masami Hiramatsu
@ 2024-02-29 21:58 ` Jiri Olsa
2024-02-29 22:50 ` Masami Hiramatsu
1 sibling, 1 reply; 4+ messages in thread
From: Jiri Olsa @ 2024-02-29 21:58 UTC (permalink / raw)
To: Masami Hiramatsu (Google)
Cc: Steven Rostedt, linux-trace-kernel, Jiri Olsa, linux-kernel
On Thu, Feb 29, 2024 at 08:22:47PM +0900, Masami Hiramatsu (Google) wrote:
> From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
>
> Fix to allocate fprobe::entry_data_size buffer with rethook instances.
> If fprobe doesn't allocate entry_data_size buffer for each rethook instance,
> fprobe entry handler can cause a buffer overrun when storing entry data in
> entry handler.
>
> Reported-by: Jiri Olsa <olsajiri@gmail.com>
Tested-by: Jiri Olsa <olsajiri@gmail.com>
thanks,
jirka
> Fixes: 4bbd93455659 ("kprobes: kretprobe scalability improvement")
> Cc: stable@vger.kernel.org
> Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
> ---
> kernel/trace/fprobe.c | 14 ++++++--------
> 1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c
> index 6cd2a4e3afb8..9ff018245840 100644
> --- a/kernel/trace/fprobe.c
> +++ b/kernel/trace/fprobe.c
> @@ -189,9 +189,6 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
> {
> int size;
>
> - if (num <= 0)
> - return -EINVAL;
> -
> if (!fp->exit_handler) {
> fp->rethook = NULL;
> return 0;
> @@ -199,15 +196,16 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
>
> /* Initialize rethook if needed */
> if (fp->nr_maxactive)
> - size = fp->nr_maxactive;
> + num = fp->nr_maxactive;
> else
> - size = num * num_possible_cpus() * 2;
> - if (size <= 0)
> + num *= num_possible_cpus() * 2;
> + if (num <= 0)
> return -EINVAL;
>
> + size = sizeof(struct fprobe_rethook_node) + fp->entry_data_size;
> +
> /* Initialize rethook */
> - fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler,
> - sizeof(struct fprobe_rethook_node), size);
> + fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler, size, num);
> if (IS_ERR(fp->rethook))
> return PTR_ERR(fp->rethook);
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] fprobe: Fix to allocate entry_data_size buffer with rethook instances
2024-02-29 21:58 ` Jiri Olsa
@ 2024-02-29 22:50 ` Masami Hiramatsu
0 siblings, 0 replies; 4+ messages in thread
From: Masami Hiramatsu @ 2024-02-29 22:50 UTC (permalink / raw)
To: Jiri Olsa; +Cc: Steven Rostedt, linux-trace-kernel, linux-kernel
On Thu, 29 Feb 2024 22:58:54 +0100
Jiri Olsa <olsajiri@gmail.com> wrote:
> On Thu, Feb 29, 2024 at 08:22:47PM +0900, Masami Hiramatsu (Google) wrote:
> > From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
> >
> > Fix to allocate fprobe::entry_data_size buffer with rethook instances.
> > If fprobe doesn't allocate entry_data_size buffer for each rethook instance,
> > fprobe entry handler can cause a buffer overrun when storing entry data in
> > entry handler.
> >
> > Reported-by: Jiri Olsa <olsajiri@gmail.com>
>
> Tested-by: Jiri Olsa <olsajiri@gmail.com>
Thanks for testing!
Let me pick this to probe/fixes.
Thank you,
>
> thanks,
> jirka
>
> > Fixes: 4bbd93455659 ("kprobes: kretprobe scalability improvement")
> > Cc: stable@vger.kernel.org
> > Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
> > ---
> > kernel/trace/fprobe.c | 14 ++++++--------
> > 1 file changed, 6 insertions(+), 8 deletions(-)
> >
> > diff --git a/kernel/trace/fprobe.c b/kernel/trace/fprobe.c
> > index 6cd2a4e3afb8..9ff018245840 100644
> > --- a/kernel/trace/fprobe.c
> > +++ b/kernel/trace/fprobe.c
> > @@ -189,9 +189,6 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
> > {
> > int size;
> >
> > - if (num <= 0)
> > - return -EINVAL;
> > -
> > if (!fp->exit_handler) {
> > fp->rethook = NULL;
> > return 0;
> > @@ -199,15 +196,16 @@ static int fprobe_init_rethook(struct fprobe *fp, int num)
> >
> > /* Initialize rethook if needed */
> > if (fp->nr_maxactive)
> > - size = fp->nr_maxactive;
> > + num = fp->nr_maxactive;
> > else
> > - size = num * num_possible_cpus() * 2;
> > - if (size <= 0)
> > + num *= num_possible_cpus() * 2;
> > + if (num <= 0)
> > return -EINVAL;
> >
> > + size = sizeof(struct fprobe_rethook_node) + fp->entry_data_size;
> > +
> > /* Initialize rethook */
> > - fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler,
> > - sizeof(struct fprobe_rethook_node), size);
> > + fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler, size, num);
> > if (IS_ERR(fp->rethook))
> > return PTR_ERR(fp->rethook);
> >
> >
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-02-29 22:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-29 11:22 [PATCH] fprobe: Fix to allocate entry_data_size buffer with rethook instances Masami Hiramatsu (Google)
2024-02-29 11:28 ` Masami Hiramatsu
2024-02-29 21:58 ` Jiri Olsa
2024-02-29 22:50 ` Masami Hiramatsu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).