提交 b89cbe68 编写于 作者: Z Zheng Yejian 提交者: Yongqiang Liu

livepatch/core: Check klp_func before 'klp_init_object_loaded'

hulk inclusion
category: feature
bugzilla: 186346, https://gitee.com/openeuler/kernel/issues/I4WBFN
CVE: NA

--------------------------------

Refer to following procedure:
  klp_init_object
    klp_init_object_loaded
      klp_find_object_symbol <-- 1. oops happened when old_name is NULL!!!
    klp_init_func  <-- 2. currently old_name is first time check here

This problem was introduced in commit 453d3845 ("livepatch/arm64:
fix func size less than limit") which exchange order of 'klp_init_func'
and 'klp_init_object_loaded' then cause old_name being used before check.

We move these checks before 'klp_init_object_loaded' and add several
logs to tell why check failed.

Fixes: 453d3845 ("livepatch/arm64: fix func size less than limit")
Signed-off-by: NZheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: NCheng Jian <cj.chengjian@huawei.com>
Signed-off-by: NYongqiang Liu <liuyongqiang13@huawei.com>
上级 c61648a1
......@@ -1010,12 +1010,6 @@ static int klp_init_func(struct klp_object *obj, struct klp_func *func)
int ret;
#endif
if (!func->old_name || !func->new_func)
return -EINVAL;
if (strlen(func->old_name) >= KSYM_NAME_LEN)
return -EINVAL;
#ifdef CONFIG_LIVEPATCH_WO_FTRACE
ret = arch_klp_func_can_patch(func);
if (ret)
......@@ -1105,6 +1099,16 @@ static int klp_init_object(struct klp_patch *patch, struct klp_object *obj)
if (klp_is_module(obj) && strlen(obj->name) >= MODULE_NAME_LEN)
return -EINVAL;
klp_for_each_func(obj, func) {
if (!func->old_name || !func->new_func) {
pr_err("old_name or new_func is invalid\n");
return -EINVAL;
}
if (strlen(func->old_name) >= KSYM_NAME_LEN) {
pr_err("old_name is too long\n");
return -EINVAL;
}
}
obj->patched = false;
obj->mod = NULL;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册