kernel_text_address returns ftrace_trampoline, kprobe_insn_slot and bpf_text_address as kprobe legal address. These text are removable and changeable without any notifier to kprobes. Probing on them can trigger some unexpected behavior[1]. Considering that jump_label and static_call text are already be forbiden to probe, kernel_text_address should be replaced with core_kernel_text and is_module_text_address to check other text which is unsafe to kprobe. [1] https://lkml.org/lkml/2022/7/26/1148 Fixes: 5b485629ba0d ("kprobes, extable: Identify kprobes trampolines as kernel text area") Fixes: 74451e66d516 ("bpf: make jited programs visible in traces") Signed-off-by: Chen Zhongjin <chenzhongjin@xxxxxxxxxx> --- v2 -> v3: Remove '-next' carelessly added in title. v1 -> v2: Check core_kernel_text and is_module_text_address rather than only kprobe_insn. Also fix title and commit message for this. See old patch at [1]. --- kernel/kprobes.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/kprobes.c b/kernel/kprobes.c index f214f8c088ed..80697e5e03e4 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -1560,7 +1560,8 @@ static int check_kprobe_address_safe(struct kprobe *p, preempt_disable(); /* Ensure it is not in reserved area nor out of text */ - if (!kernel_text_address((unsigned long) p->addr) || + if (!(core_kernel_text((unsigned long) p->addr) || + is_module_text_address((unsigned long) p->addr)) || within_kprobe_blacklist((unsigned long) p->addr) || jump_label_text_reserved(p->addr, p->addr) || static_call_text_reserved(p->addr, p->addr) || -- 2.17.1
