On Wed, 9 Jun 2021 19:50:15 +0900
Punit Agrawal <punitagrawal@xxxxxxxxx> wrote:
> debugfs_create_file() takes a pointer argument that can be used during
> file operation callbacks (accessible via i_private in the inode
> structure). An obvious requirement is for the pointer to refer to
> valid memory when used.
>
> When creating the debugfs file to dynamically enable / disable
> kprobes, a pointer to local variable is passed to
> debugfs_create_file(); which will go out of scope when the init
> function returns. The reason this hasn't triggered random memory
> corruption is because the pointer is not accessed during the debugfs
> file callbacks.
>
> Fix the incorrect (and unnecessary) usage of local variable during
> debugfs_file_create() by passing NULL instead.
>
Good catch! Since the enabled state is managed by the kprobes_all_disabled
global variable, it is not needed.
Fixes: bf8f6e5b3e51 ("Kprobes: The ON/OFF knob thru debugfs")
Acked-by: Masami Hiramatsu <mhiramat@xxxxxxxxxx>
Thank you!
> Signed-off-by: Punit Agrawal <punitagrawal@xxxxxxxxx>
> ---
> kernel/kprobes.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/kernel/kprobes.c b/kernel/kprobes.c
> index 745f08fdd7a6..fdb1ea2e963b 100644
> --- a/kernel/kprobes.c
> +++ b/kernel/kprobes.c
> @@ -2816,13 +2816,12 @@ static const struct file_operations fops_kp = {
> static int __init debugfs_kprobe_init(void)
> {
> struct dentry *dir;
> - unsigned int value = 1;
>
> dir = debugfs_create_dir("kprobes", NULL);
>
> debugfs_create_file("list", 0400, dir, NULL, &kprobes_fops);
>
> - debugfs_create_file("enabled", 0600, dir, &value, &fops_kp);
> + debugfs_create_file("enabled", 0600, dir, NULL, &fops_kp);
>
> debugfs_create_file("blacklist", 0400, dir, NULL,
> &kprobe_blacklist_fops);
> --
> 2.30.2
>
--
Masami Hiramatsu <mhiramat@xxxxxxxxxx>
