On Wed, 13 Dec 2017 20:27:21 +0800
Cheng Jian wrote:
> When we register kretprobe, data_size used to allocate space
> for storing per-instance private data.
>
> If we use a negative values as data_size, It will register
> successfully, then cause slab-out-of-bounds
On Wed, 13 Dec 2017 20:27:21 +0800
Cheng Jian wrote:
> When we register kretprobe, data_size used to allocate space
> for storing per-instance private data.
>
> If we use a negative values as data_size, It will register
> successfully, then cause slab-out-of-bounds which can be
> found by
Hi
The demo is like:
#include
#include
#include
#include
#include
static int data_size=0;
module_param(data_size, int, 0644);
static struct kretprobe rp;
static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
printk(KERN_DEBUG "ret_handler\n");
return 0;
}
Hi
The demo is like:
#include
#include
#include
#include
#include
static int data_size=0;
module_param(data_size, int, 0644);
static struct kretprobe rp;
static int ret_handler(struct kretprobe_instance *ri, struct pt_regs *regs)
{
printk(KERN_DEBUG "ret_handler\n");
return 0;
}
When we register kretprobe, data_size used to allocate space
for storing per-instance private data.
If we use a negative values as data_size, It will register
successfully, then cause slab-out-of-bounds which can be
found by KASAN.
The call trace is like :
When we register kretprobe, data_size used to allocate space
for storing per-instance private data.
If we use a negative values as data_size, It will register
successfully, then cause slab-out-of-bounds which can be
found by KASAN.
The call trace is like :
6 matches
Mail list logo