* Patch "kprobes/x86: Fix to set RWX bits correctly before releasing trampoline" has been added to the 4.9-stable tree
@ 2018-04-03 10:29 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2018-04-03 10:29 UTC (permalink / raw)
To: mhiramat, ben.hutchings, gregkh, rostedt; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kprobes-x86-fix-to-set-rwx-bits-correctly-before-releasing-trampoline.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From c93f5cf571e7795f97d49ef51b766cf25e328545 Mon Sep 17 00:00:00 2001
From: Masami Hiramatsu <mhiramat@kernel.org>
Date: Thu, 25 May 2017 19:38:17 +0900
Subject: kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
From: Masami Hiramatsu <mhiramat@kernel.org>
commit c93f5cf571e7795f97d49ef51b766cf25e328545 upstream.
Fix kprobes to set(recover) RWX bits correctly on trampoline
buffer before releasing it. Releasing readonly page to
module_memfree() crash the kernel.
Without this fix, if kprobes user register a bunch of kprobes
in function body (since kprobes on function entry usually
use ftrace) and unregister it, kernel hits a BUG and crash.
Link: http://lkml.kernel.org/r/149570868652.3518.14120169373590420503.stgit@devbox
Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Fixes: d0381c81c2f7 ("kprobes/x86: Set kprobes pages read-only")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/kprobes/core.c | 9 +++++++++
kernel/kprobes.c | 2 +-
2 files changed, 10 insertions(+), 1 deletion(-)
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -51,6 +51,7 @@
#include <linux/ftrace.h>
#include <linux/frame.h>
#include <linux/kasan.h>
+#include <linux/moduleloader.h>
#include <asm/text-patching.h>
#include <asm/cacheflush.h>
@@ -405,6 +406,14 @@ int __copy_instruction(u8 *dest, u8 *src
return length;
}
+/* Recover page to RW mode before releasing it */
+void free_insn_page(void *page)
+{
+ set_memory_nx((unsigned long)page & PAGE_MASK, 1);
+ set_memory_rw((unsigned long)page & PAGE_MASK, 1);
+ module_memfree(page);
+}
+
static int arch_copy_kprobe(struct kprobe *p)
{
int ret;
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -125,7 +125,7 @@ static void *alloc_insn_page(void)
return module_alloc(PAGE_SIZE);
}
-static void free_insn_page(void *page)
+void __weak free_insn_page(void *page)
{
module_memfree(page);
}
Patches currently in stable-queue which might be from mhiramat@kernel.org are
queue-4.9/kprobes-x86-fix-to-set-rwx-bits-correctly-before-releasing-trampoline.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-04-03 10:29 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-04-03 10:29 Patch "kprobes/x86: Fix to set RWX bits correctly before releasing trampoline" has been added to the 4.9-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).