On Fri, Aug 28, 2020 at 01:11:15PM +0000, eddy...@trendmicro.com wrote:
> > -----Original Message-----
> > From: Peter Zijlstra <pet...@infradead.org>
> > Sent: Friday, August 28, 2020 12:13 AM
> > To: linux-kernel@vger.kernel.org; mhira...@kernel.org
> > Cc: Eddy Wu (RD-TW) <eddy...@trendmicro.com>; x...@kernel.org;
> > da...@davemloft.net; rost...@goodmis.org;
> > naveen.n....@linux.ibm.com; anil.s.keshavamur...@intel.com;
> > linux-a...@vger.kernel.org; came...@moodycamel.com;
> > o...@redhat.com; w...@kernel.org; paul...@kernel.org; pet...@infradead.org
> > Subject: [RFC][PATCH 3/7] kprobes: Remove kretprobe hash
> >
> > @@ -1935,71 +1932,45 @@ unsigned long __kretprobe_trampoline_han
> > unsigned long trampoline_address,
> > void *frame_pointer)
> > {
> > // ... removed
> > // NULL here
> > + first = node = current->kretprobe_instances.first;
> > + while (node) {
> > + ri = container_of(node, struct kretprobe_instance, llist);
> >
> > - orig_ret_address = (unsigned long)ri->ret_addr;
> > - if (skipped)
> > - pr_warn("%ps must be blacklisted because of
> > incorrect kretprobe order\n",
> > - ri->rp->kp.addr);
> > + BUG_ON(ri->fp != frame_pointer);
> >
> > - if (orig_ret_address != trampoline_address)
> > + orig_ret_address = (unsigned long)ri->ret_addr;
> > + if (orig_ret_address != trampoline_address) {
> > /*
> > * This is the real return address. Any other
> > * instances associated with this task are for
> > * other calls deeper on the call stack
> > */
> > break;
> > + }
> > +
> > + node = node->next;
> > }
> >
>
> Hi, I found a NULL pointer dereference here, where
> current->kretprobe_instances.first == NULL in these two scenario:
Hurmph, that would mean hitting the trampoline and not having a
kretprobe_instance, weird. Let me try and reproduce.
