From: Chen Jiankang <chenjianka...@huawei.com>
When there are two same struct kretprobe rp, the INIT_HLIST_HEAD()
will result in a empty list table rp->free_instances. The memory leak
will happen. So it needs to add re-register safe check by
__get_valid_kprobe().
However, current this is not safe for multi-threadings, because
there is still a chance to re-register kretprobe concurrently.
So I add a kretprobe_mutex lock to protect the INIT_LIST_HEAD;
Signed-off-by: Chen Jiankang <chenjianka...@huawei.com>
---
kernel/kprobes.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index a1606a4..5ff8f69 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -67,6 +67,7 @@
/* This protects kprobe_table and optimizing_list */
static DEFINE_MUTEX(kprobe_mutex);
+static DEFINE_MUTEX(kretprobe_mutex);
static DEFINE_PER_CPU(struct kprobe *, kprobe_instance) = NULL;
static struct {
raw_spinlock_t lock ____cacheline_aligned_in_smp;
@@ -1947,6 +1948,12 @@ int register_kretprobe(struct kretprobe *rp)
rp->maxactive = num_possible_cpus();
#endif
}
+
+ mutex_lock(&kretprobe_mutex);
+ if (__get_valid_kprobe(&rp->kp)) {
+ ret = -EINVAL;
+ goto out;
+ }
raw_spin_lock_init(&rp->lock);
INIT_HLIST_HEAD(&rp->free_instances);
for (i = 0; i < rp->maxactive; i++) {
@@ -1954,7 +1961,8 @@ int register_kretprobe(struct kretprobe *rp)
rp->data_size, GFP_KERNEL);
if (inst == NULL) {
free_rp_inst(rp);
- return -ENOMEM;
+ ret = -ENOMEM;
+ goto out;
}
INIT_HLIST_NODE(&inst->hlist);
hlist_add_head(&inst->hlist, &rp->free_instances);
@@ -1965,6 +1973,8 @@ int register_kretprobe(struct kretprobe *rp)
ret = register_kprobe(&rp->kp);
if (ret != 0)
free_rp_inst(rp);
+out:
+ mutex_unlock(&kretprobe_mutex);
return ret;
}
EXPORT_SYMBOL_GPL(register_kretprobe);
--
1.7.12.4
