diff options
author | Oleg Nesterov <oleg@redhat.com> | 2020-05-04 18:47:25 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-06-09 18:49:24 +0200 |
commit | 013b2deba9a6b80ca02f4fafd7dedf875e9b4450 (patch) | |
tree | 5bd2542332362d7ea7e39c5243a0845515bfc789 /arch/arm/mm/fault-armv.c | |
parent | Merge branch 'x86/srbds' of git://git.kernel.org/pub/scm/linux/kernel/git/tip... (diff) | |
download | linux-013b2deba9a6b80ca02f4fafd7dedf875e9b4450.tar.xz linux-013b2deba9a6b80ca02f4fafd7dedf875e9b4450.zip |
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
uprobe_write_opcode() must not cross page boundary; prepare_uprobe()
relies on arch_uprobe_analyze_insn() which should validate "vaddr" but
some architectures (csky, s390, and sparc) don't do this.
We can remove the BUG_ON() check in prepare_uprobe() and validate the
offset early in __uprobe_register(). The new IS_ALIGNED() check matches
the alignment check in arch_prepare_kprobe() on supported architectures,
so I think that all insns must be aligned to UPROBE_SWBP_INSN_SIZE.
Another problem is __update_ref_ctr() which was wrong from the very
beginning, it can read/write outside of kmap'ed page unless "vaddr" is
aligned to sizeof(short), __uprobe_register() should check this too.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Sven Schnelle <svens@linux.ibm.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'arch/arm/mm/fault-armv.c')
0 files changed, 0 insertions, 0 deletions