Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-09 22:50:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux-stable/kernel
History
Zheng Yejian 325f3fb551 kprobes: Fix possible use-after-free issue on kprobe registration 
When unloading a module, its state is changing MODULE_STATE_LIVE ->
 MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take
a time. `is_module_text_address()` and `__module_text_address()`
works with MODULE_STATE_LIVE and MODULE_STATE_GOING.
If we use `is_module_text_address()` and `__module_text_address()`
separately, there is a chance that the first one is succeeded but the
next one is failed because module->state becomes MODULE_STATE_UNFORMED
between those operations.

In `check_kprobe_address_safe()`, if the second `__module_text_address()`
is failed, that is ignored because it expected a kernel_text address.
But it may have failed simply because module->state has been changed
to MODULE_STATE_UNFORMED. In this case, arm_kprobe() will try to modify
non-exist module text address (use-after-free).

To fix this problem, we should not use separated `is_module_text_address()`
and `__module_text_address()`, but use only `__module_text_address()`
once and do `try_module_get(module)` which is only available with
MODULE_STATE_LIVE.

Link: https://lore.kernel.org/all/20240410015802.265220-1-zhengyejian1@huawei.com/

Fixes: 28f6c37a2910 ("kprobes: Forbid probing on trampoline and BPF code areas")
Cc: stable@vger.kernel.org
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2024-04-10 23:35:51 +09:00
..
bpf
Including fixes from netfilter, bluetooth and bpf.
2024-04-04 14:49:10 -07:00
cgroup
Networking changes for 6.9.
2024-03-12 17:44:08 -07:00
configs
Networking changes for 6.9.
2024-03-12 17:44:08 -07:00
debug
kdb: Fix a potential buffer overflow in kdb_local()
2024-01-17 17:19:06 +00:00
dma
dma-mapping fixes for Linux 6.9
2024-03-24 10:45:31 -07:00
entry
entry: Respect changes to system call number by trace_sys_enter()
2024-03-12 13:23:32 +01:00
events
- Sumanth Korikkar has taught s390 to allocate hotplug-time page frames
2024-03-14 17:43:30 -07:00
futex
futex: Prevent the reuse of stale pi_state
2024-01-19 12:58:17 +01:00
gcov
gcov: annotate struct gcov_iterator with __counted_by
2023-10-18 14:43:22 -07:00
irq
genirq: Introduce IRQF_COND_ONESHOT and use it in pinctrl-amd
2024-03-25 23:45:21 +01:00
kcsan
mm: delete checks for xor_unlock_is_negative_byte()
2023-10-18 14:34:17 -07:00
livepatch
livepatch: Fix missing newline character in klp_resolve_symbols()
2023-09-20 11:24:18 +02:00
locking
locking/rtmutex: Use try_cmpxchg_relaxed() in mark_rt_mutex_waiters()
2024-03-01 13:02:05 +01:00
module
This push fixes a regression that broke iwd as well as a divide by
2024-03-25 10:48:23 -07:00
power
RTC for 6.9
2024-03-21 17:16:46 -07:00
printk
printk changes for 6.9-rc2
2024-03-26 09:25:57 -07:00
rcu
Merge branches 'rcu-doc.2024.02.14a', 'rcu-nocb.2024.02.14a', 'rcu-exp.2024.02.14a', 'rcu-tasks.2024.02.26a' and 'rcu-misc.2024.02.14a' into rcu.2024.02.26a
2024-02-26 17:37:25 -08:00
sched
RISC-V Patches for the 6.9 Merge Window
2024-03-22 10:41:13 -07:00
time
timers/migration: Return early on deactivation
2024-04-05 11:05:16 +02:00
trace
bpf: support deferring bpf_link dealloc to after RCU grace period
2024-03-28 18:47:45 -07:00
.gitignore
acct.c
fs: rename __mnt_{want,drop}_write*() helpers
2023-09-11 15:05:50 +02:00
async.c
async: Use a dedicated unbound workqueue with raised min_active
2024-02-09 11:13:59 -10:00
audit_fsnotify.c
audit: fix potential double free on error path from fsnotify_add_inode_mark
2022-08-22 18:50:06 -04:00
audit_tree.c
As usual, lots of singleton and doubleton patches all over the tree and
2023-11-02 20:53:31 -10:00
audit_watch.c
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
2023-11-14 17:34:27 -05:00
audit.c
audit: use KMEM_CACHE() instead of kmem_cache_create()
2024-01-25 10:12:22 -05:00
audit.h
audit: correct audit_filter_inodes() definition
2023-07-21 12:17:25 -04:00
auditfilter.c
audit: remove unnecessary assignment in audit_dupe_lsm_field()
2024-01-25 09:59:27 -05:00
auditsc.c
audit,io_uring: io_uring openat triggers audit reference count underflow
2023-10-13 18:34:46 +02:00
backtracetest.c
backtracetest: Convert from tasklet to BH workqueue
2024-02-05 13:22:34 -10:00
bounds.c
bounds: support non-power-of-two CONFIG_NR_CPUS
2024-02-22 15:38:51 -08:00
capability.c
lsm: constify the 'target' parameter in security_capget()
2023-08-08 16:48:47 -04:00
cfi.c
cfi: Switch to -fsanitize=kcfi
2022-09-26 10:13:13 -07:00
compat.c
sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
2023-03-14 19:32:38 -07:00
configs.c
context_tracking.c
context_tracking: Fix kerneldoc headers for __ct_user_{enter,exit}()
2024-02-14 07:53:50 -08:00
cpu_pm.c
cpuidle, cpu_pm: Remove RCU fiddling from cpu_pm_{enter,exit}()
2023-01-13 11:48:15 +01:00
cpu.c
Rework of APIC enumeration and topology evaluation:
2024-03-11 15:45:55 -07:00
crash_core.c
crash: split crash dumping code out from kexec_core.c
2024-02-23 17:48:22 -08:00
crash_reserve.c
crash: use macro to add crashk_res into iomem early for specific arch
2024-03-26 11:14:12 -07:00
cred.c
cred: Use KMEM_CACHE() instead of kmem_cache_create()
2024-02-23 17:33:31 -05:00
delayacct.c
delayacct: track delays from IRQ/SOFTIRQ
2023-04-18 16:39:34 -07:00
dma.c
elfcorehdr.c
crash: remove dependency of FA_DUMP on CRASH_DUMP
2024-02-23 17:48:22 -08:00
exec_domain.c
exit.c
vfs-6.9.pidfd
2024-03-11 10:21:06 -07:00
exit.h
exit: add internal include file with helpers
2023-09-21 12:03:50 -06:00
extable.c
fail_function.c
kernel/fail_function: fix memory leak with using debugfs_lookup()
2023-02-08 13:36:22 +01:00
fork.c
RCU pull request for v6.9
2024-03-11 12:02:50 -07:00
freezer.c
Linux 6.7-rc6
2023-12-23 15:52:13 +01:00
gen_kheaders.sh
Revert "kheaders: substituting --sort in archive creation"
2023-05-28 16:20:21 +09:00
groups.c
groups: Convert group_info.usage to refcount_t
2023-09-29 11:28:39 -07:00
hung_task.c
kernel/hung_task.c: export sysctl_hung_task_timeout_secs
2024-03-13 21:22:04 -04:00
iomem.c
kernel/iomem.c: remove __weak ioremap_cache helper
2023-08-21 13:37:28 -07:00
irq_work.c
trace: Add trace_ipi_send_cpu()
2023-03-24 11:01:29 +01:00
jump_label.c
jump_label: Prevent key->enabled int overflow
2022-12-01 15:53:05 -08:00
kallsyms_internal.h
kallsyms: Reduce the memory occupied by kallsyms_seqs_of_names[]
2022-11-12 18:47:36 -08:00
kallsyms_selftest.c
mm/vmalloc: remove vmap_area_list
2024-02-23 17:48:19 -08:00
kallsyms_selftest.h
kallsyms: Add self-test facility
2022-11-15 00:42:02 -08:00
kallsyms.c
kallsyms: Change func signature for cleanup_symbol_name()
2023-08-25 15:00:36 -07:00
kcmp.c
file: convert to SLAB_TYPESAFE_BY_RCU
2023-10-19 11:02:48 +02:00
Kconfig.freezer
Kconfig.hz
Kconfig.kexec
crash: clean up kdump related config items
2024-02-23 17:48:22 -08:00
Kconfig.locks
Kconfig.preempt
kcov.c
kcov: add prototypes for helper functions
2023-06-09 17:44:17 -07:00
kexec_core.c
- Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min
2024-03-14 18:03:09 -07:00
kexec_elf.c
kexec_file.c
arm64, crash: wrap crash dumping code into crash related ifdefs
2024-02-23 17:48:23 -08:00
kexec_internal.h
crash: remove dependency of FA_DUMP on CRASH_DUMP
2024-02-23 17:48:22 -08:00
kexec.c
crash: split crash dumping code out from kexec_core.c
2024-02-23 17:48:22 -08:00
kheaders.c
kheaders: Use array declaration instead of char
2023-03-24 20:10:59 -07:00
kprobes.c
kprobes: Fix possible use-after-free issue on kprobe registration
2024-04-10 23:35:51 +09:00
ksyms_common.c
kallsyms: make kallsyms_show_value() as generic function
2023-06-08 12:27:20 -07:00
ksysfs.c
Driver core changes for 6.9-rc1
2024-03-21 13:34:15 -07:00
kthread.c
As usual, lots of singleton and doubleton patches all over the tree and
2023-11-02 20:53:31 -10:00
latencytop.c
latencytop: use the last element of latency_record of system
2022-09-11 21:55:12 -07:00
Makefile
crash: split crash dumping code out from kexec_core.c
2024-02-23 17:48:22 -08:00
module_signature.c
notifier.c
notifiers: add tracepoints to the notifiers infrastructure
2023-04-08 13:45:38 -07:00
nsproxy.c
pidfd: add pidfs
2024-03-01 12:23:37 +01:00
numa.c
kernel/numa.c: Move logging out of numa.h
2023-12-20 19:26:30 -05:00
padata.c
Author: Gang Li padata: dispatch works on
2024-03-06 13:04:17 -08:00
panic.c
- Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min
2024-03-14 18:03:09 -07:00
params.c
params: Fix multi-line comment style
2023-12-01 09:51:44 -08:00
pid_namespace.c
wait: Remove uapi header file from main header file
2023-12-20 19:26:31 -05:00
pid_sysctl.h
memfd: replace ratcheting feature from vm.memfd_noexec with hierarchy
2023-08-21 13:37:59 -07:00
pid.c
pidfs: remove config option
2024-03-13 12:53:53 -07:00
profile.c
kernel/profile.c: simplify duplicated code in profile_setup()
2022-09-11 21:55:12 -07:00
ptrace.c
ptrace_attach: shift send(SIGSTOP) into ptrace_set_stopped()
2024-02-22 15:38:52 -08:00
range.c
reboot.c
Thermal control updates for 6.8-rc1
2024-01-09 16:20:17 -08:00
regset.c
relay.c
kernel: relay: remove relay_file_splice_read dead code, doesn't work
2023-12-29 12:22:27 -08:00
resource_kunit.c
resource.c
Quite a lot of kexec work this time around. Many singleton patches in
2024-01-09 11:46:20 -08:00
rseq.c
rseq: Extend struct rseq with per-memory-map concurrency ID
2022-12-27 12:52:12 +01:00
scftorture.c
scftorture: Pause testing after memory-allocation failure
2023-07-14 15:02:57 -07:00
scs.c
scs: add support for dynamic shadow call stacks
2022-11-09 18:06:35 +00:00
seccomp.c
file: remove __receive_fd()
2023-12-12 14:24:14 +01:00
signal.c
- Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min
2024-03-14 18:03:09 -07:00
smp.c
CSD lock commits for v6.7
2023-10-30 17:56:53 -10:00
smpboot.c
kthread: add kthread_stop_put
2023-10-04 10:41:57 -07:00
smpboot.h
softirq.c
workqueue: Drain BH work items on hot-unplugged CPUs
2024-02-29 11:51:24 -10:00
stackleak.c
stackleak: allow to specify arch specific stackleak poison function
2023-04-20 11:36:35 +02:00
stacktrace.c
stacktrace: fix kernel-doc typo
2023-12-29 12:22:29 -08:00
static_call_inline.c
static_call: Add call depth tracking support
2022-10-17 16:41:16 +02:00
static_call.c
stop_machine.c
sys_ni.c
lsm/stable-6.8 PR 20240105
2024-01-09 12:57:46 -08:00
sys.c
prctl: generalize PR_SET_MDWE support check to be per-arch
2024-03-26 11:07:22 -07:00
sysctl-test.c
kernel/sysctl-test: use SYSCTL_{ZERO/ONE_HUNDRED} instead of i_{zero/one_hundred}
2022-09-08 16:56:45 -07:00
sysctl.c
tracing: Support to dump instance traces by ftrace_dump_on_oops
2024-03-18 10:33:06 -04:00
task_work.c
task_work: add kerneldoc annotation for 'data' argument
2023-09-19 13:21:32 -07:00
taskstats.c
taskstats: fill_stats_for_tgid: use for_each_thread()
2023-10-04 10:41:57 -07:00
torture.c
torture: Print out torture module parameters
2023-09-24 17:24:01 +02:00
tracepoint.c
tracepoint: Allow livepatch module add trace event
2023-02-18 14:34:36 -05:00
tsacct.c
ucount.c
sysctl: Add size to register_sysctl
2023-08-15 15:26:17 -07:00
uid16.c
uid16.h
umh.c
sysctl: fix unused proc_cap_handler() function warning
2023-06-29 15:19:43 -07:00
up.c
smp: Change function signatures to use call_single_data_t
2023-09-13 14:59:24 +02:00
user_namespace.c
user_namespace: remove unnecessary NULL values from kbuf
2024-02-22 15:38:52 -08:00
user-return-notifier.c
user.c
binfmt_misc: enable sandboxed mounts
2023-10-11 08:46:01 -07:00
usermode_driver.c
utsname_sysctl.c
utsname: simplify one-level sysctl registration for uts_kern_table
2023-04-13 11:49:35 -07:00
utsname.c
vhost_task.c
vhost: Fix worker hangs due to missed wake up calls
2023-06-08 15:43:09 -04:00
vmcore_info.c
crash_core: export vmemmap when CONFIG_SPARSEMEM_VMEMMAP is enabled
2024-03-04 17:01:27 -08:00
watch_queue.c
watch_queue: fix kcalloc() arguments order
2023-12-21 13:17:54 +01:00
watchdog_buddy.c
watchdog/hardlockup: move SMP barriers from common code to buddy code
2023-06-19 16:25:28 -07:00
watchdog_perf.c
watchdog/perf: add a weak function for an arch to detect if perf can use NMIs
2023-06-09 17:44:21 -07:00
watchdog.c
watchdog/core: remove sysctl handlers from public header
2024-03-12 13:09:23 -07:00
workqueue_internal.h
workqueue: Drop the special locking rule for worker->flags and worker_pool->flags
2023-08-07 15:57:22 -10:00
workqueue.c
Driver core changes for 6.9-rc1
2024-03-21 13:34:15 -07:00