From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Thu, 11 Apr 2024 02:48:05 +0000 (-0700)
Subject: Merge tag 'probes-fixes-v6.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git... 
X-Git-Tag: for-linus-6.9~105
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=e8c39d0f57f358950356a8e44ee5159f57f86ec5;p=users%2Fdwmw2%2Flinux.git

Merge tag 'probes-fixes-v6.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull probes fixes from Masami Hiramatsu:
 "Fix possible use-after-free issue on kprobe registration.

  check_kprobe_address_safe() uses `is_module_text_address()` and
  `__module_text_address()` separately.

  As a result, if the probed address is in a module that is being
  unloaded, the first `is_module_text_address()` might return true but
  then the `__module_text_address()` call might return NULL if the
  module has been unloaded between the two.

  The result is that kprobe believes the probe is on the kernel text,
  and skips getting a module reference. In this case, when it arms a
  breakpoint on the probe address, it may cause a use-after-free.

  To fix this issue, only use `__module_text_address()` once and get a
  reference to the module then. If it fails, reject the probe"

* tag 'probes-fixes-v6.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  kprobes: Fix possible use-after-free issue on kprobe registration
---

e8c39d0f57f358950356a8e44ee5159f57f86ec5