kretprobe: check re-registration of the same kretprobe earlier

hulk inclusion
category: bugfix
bugzilla: 31369
CVE: NA

---------------------------

Our system encountered a use-after-free when re-register the same
kretprobe, it access the kretprobe_instance in rp->free_instances
which has been released already.

Prevent re-registration has been implemented for kprobe before, but
it's too late for kretprobe. We must check the re-registration before
re-initializing the kretprobe, otherwise it will destroy the data and
struct of the kretprobe registered, it can lead to use-after-free,
memory leak, system crash, and even other unexpected behaviors.

Use check_kprobe_rereg() to check re-registration, also give a warning
message.

Link: https://lkml.org/lkml/2020/3/6/167Signed-off-by: NCheng Jian <cj.chengjian@huawei.com>
Acked-by: NMasami Hiramatsu <mhiramat@kernel.org>
Reviewed-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

kernel/kprobes.c

@@ -1902,6 +1902,14 @@ int register_kretprobe(struct kretprobe *rp)
 		}
 	}
 
+	/*
+	 * Return error if it's being re-registered,
+	 * also give a warning message to the developer.
+	 */
+	ret = check_kprobe_rereg(&rp->kp);
+	if (WARN_ON(ret))
+		return ret;
+
 	rp->kp.pre_handler = pre_handler_kretprobe;
 	rp->kp.post_handler = NULL;
 	rp->kp.fault_handler = NULL;