Skip to content

Commit

Permalink
uretprobes: Limit the depth of return probe nestedness
Browse files Browse the repository at this point in the history 
Unlike the kretprobes we can't trust userspace, thus must have
protection from user space attacks. User-space have  "unlimited"
stack, and this patch limits the return probes nestedness as a
simple remedy for it.

Note that this implementation leaks return_instance on siglongjmp
until exit()/exec().

The intention is to have KISS and bare minimum solution for the
initial implementation in order to not complicate the uretprobes
code.

In the future we may come up with more sophisticated solution that
remove this depth limitation. It is not easy task and lays beyond
this patchset.

Signed-off-by: Anton Arapov <anton@redhat.com>
Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
  • Loading branch information
Anton Arapov authored and Oleg Nesterov committed Apr 13, 2013
1 parent fec8898 commit ded49c5
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
3 changes: 3 additions & 0 deletions include/linux/uprobes.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ struct inode;
#define UPROBE_HANDLER_REMOVE 1
#define UPROBE_HANDLER_MASK 1

#define MAX_URETPROBE_DEPTH 64

enum uprobe_filter_ctx {
UPROBE_FILTER_REGISTER,
UPROBE_FILTER_UNREGISTER,
Expand Down Expand Up @@ -72,6 +74,7 @@ struct uprobe_task {
struct arch_uprobe_task autask;

struct return_instance *return_instances;
unsigned int depth;
struct uprobe *active_uprobe;

unsigned long xol_vaddr;
Expand Down
11 changes: 11 additions & 0 deletions kernel/events/uprobes.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1404,6 +1404,13 @@ static void prepare_uretprobe(struct uprobe *uprobe, struct pt_regs *regs)
if (!utask)
return;

if (utask->depth >= MAX_URETPROBE_DEPTH) {
printk_ratelimited(KERN_INFO "uprobe: omit uretprobe due to"
" nestedness limit pid/tgid=%d/%d\n",
current->pid, current->tgid);
return;
}

ri = kzalloc(sizeof(struct return_instance), GFP_KERNEL);
if (!ri)
goto fail;
Expand Down Expand Up @@ -1439,6 +1446,8 @@ static void prepare_uretprobe(struct uprobe *uprobe, struct pt_regs *regs)
ri->orig_ret_vaddr = orig_ret_vaddr;
ri->chained = chained;

utask->depth++;

/* add instance to the stack */
ri->next = utask->return_instances;
utask->return_instances = ri;
Expand Down Expand Up @@ -1681,6 +1690,8 @@ static bool handle_trampoline(struct pt_regs *regs)
if (!chained)
break;

utask->depth--;

BUG_ON(!ri);
}

Expand Down

0 comments on commit ded49c5

Please sign in to comment.