uprobes: Fix utask->xol_vaddr leak in pre_ssout()

pre_ssout() should do xol_free_insn_slot() if arch_uprobe_pre_xol() fails, otherwise nobody will free the allocated slot. Signed-off-by: N Oleg Nesterov <oleg@redhat.com> Acked-by: N Anton Arapov <anton@redhat.com> Acked-by: N Srikar Dronamraju <srikar@linux.vnet.ibm.com>

uprobes: Fix utask->xol_vaddr leak in pre_ssout()
pre_ssout() should do xol_free_insn_slot() if arch_uprobe_pre_xol() fails, otherwise nobody will free the allocated slot. Signed-off-by: N Oleg Nesterov <oleg@redhat.com> Acked-by: N Anton Arapov <anton@redhat.com> Acked-by: N Srikar Dronamraju <srikar@linux.vnet.ibm.com>
aba51024 · Oleg Nesterov · a6cb3f6d · aba51024
隐藏空白更改
内联并排

Showing with 8 addition and 1 deletion

kernel/events/uprobes.c kernel/events/uprobes.c +8 -1

未找到文件。
--- a/kernel/events/uprobes.c
+++ b/kernel/events/uprobes.c
@@ -1306,6 +1306,7 @@ pre_ssout(struct uprobe *uprobe, struct pt_regs *regs, unsigned long bp_vaddr)
 {
 	struct uprobe_task *utask;
 	unsigned long xol_vaddr;
+	int err;

 	utask = current->utask;

@@ -1316,7 +1317,13 @@ pre_ssout(struct uprobe *uprobe, struct pt_regs *regs, unsigned long bp_vaddr)
 	utask->xol_vaddr = xol_vaddr;
 	utask->vaddr = bp_vaddr;

-	return arch_uprobe_pre_xol(&uprobe->arch, regs);
+	err = arch_uprobe_pre_xol(&uprobe->arch, regs);
+	if (unlikely(err)) {
+		xol_free_insn_slot(current);
+		return err;
+	}
+
+	return 0;
 }

 /*