Hi Peter, Josh,
Found following bug. This bug can not be seen with this fix:
https://lkml.org/lkml/2018/5/10/280.
Here unwind_next_frame+0x463 is pointing at: "*ip = regs->ip;" in
deref_stack_iret_regs().
[ 2505.084076] BUG: KASAN: stack-out-of-bounds in
unwind_next_frame+0x463/0x850
[ 25
Commit-ID: 621b6d2ea297d0fb6030452c5bcd221f12165fcf
Gitweb: https://git.kernel.org/tip/621b6d2ea297d0fb6030452c5bcd221f12165fcf
Author: Prashant Bhole
AuthorDate: Mon, 9 Apr 2018 19:03:46 +0900
Committer: Ingo Molnar
CommitDate: Mon, 9 Apr 2018 18:15:58 +0200
perf/core: Fix use-after
.
perf_event_alloc() assigns task_struct to hw.target of perf_event,
but there is no reference counting for it.
As a fix we get_task_struct() in perf_event_alloc() at above mentioned
assignment and put_task_struct() in _free_event().
Signed-off-by: Prashant Bhole
---
kernel/events/core.c | 6 ++
1
On 4/9/2018 4:38 PM, Peter Zijlstra wrote:
On Tue, Mar 06, 2018 at 06:49:10PM +0900, Prashant Bhole wrote:
Sorry for late reply. I tried these changes. It didn't fix the problem. With
He, sorry for completely forgetting about this one :/
these changes, the use-after-free acce
On 2/23/2018 2:40 AM, Oleg Nesterov wrote:
On 02/22, Peter Zijlstra wrote:
On Thu, Feb 22, 2018 at 06:04:27PM +0100, Peter Zijlstra wrote:
On Thu, Feb 22, 2018 at 05:37:15PM +0100, Oleg Nesterov wrote:
This all makes me think that we should change (fix) kernel/events/core.c...
That's go
patch.
Signed-off-by: Prashant Bhole
---
kernel/trace/trace_uprobe.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c
index 2014f4351ae0..b81e0a88136a 100644
--- a/kernel/trace/trace_uprobe.c
+++ b/kernel/trace
6 matches
Mail list logo
