(2014/07/12 2:27), Andy Lutomirski wrote: > This commit: > > commit 6f6343f53d133bae516caf3d254bce37d8774625 > Author: Masami Hiramatsu <[email protected]> > Date: Thu Apr 17 17:17:33 2014 +0900 > > kprobes/x86: Call exception handlers directly from do_int3/do_debug > > appears to have inadvertently dropped a check that the int3 came > from kernel mode. Trying to dereference addr when addr is > user-controlled is completely bogus.
Oops, right! Acked-by: Masami Hiramatsu <[email protected]> Thank you very much! > > Signed-off-by: Andy Lutomirski <[email protected]> > --- > > Changes from v1: Fixed the changelog message > > arch/x86/kernel/kprobes/core.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c > index 7596df6..67e6d19 100644 > --- a/arch/x86/kernel/kprobes/core.c > +++ b/arch/x86/kernel/kprobes/core.c > @@ -574,6 +574,9 @@ int kprobe_int3_handler(struct pt_regs *regs) > struct kprobe *p; > struct kprobe_ctlblk *kcb; > > + if (user_mode_vm(regs)) > + return 0; > + > addr = (kprobe_opcode_t *)(regs->ip - sizeof(kprobe_opcode_t)); > /* > * We don't want to be preempted for the entire > -- Masami HIRAMATSU Software Platform Research Dept. Linux Technology Research Center Hitachi, Ltd., Yokohama Research Laboratory E-mail: [email protected] -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
