Commit 7cbc5b8d authored by Jiri Olsa's avatar Jiri Olsa Committed by Steven Rostedt
Browse files

jump_label: Check entries limit in __jump_label_update 



When iterating the jump_label entries array (core or modules),
the __jump_label_update function peeks over the last entry.

The reason is that the end of the for loop depends on the key
value of the processed entry. Thus when going through the
last array entry, we will touch the memory behind the array
limit.

This bug probably will never be triggered, since most likely the
memory behind the jump_label entries will be accesable and the
entry->key will be different than the expected value.

Signed-off-by: default avatarJiri Olsa <jolsa@redhat.com>
Acked-by: default avatarJason Baron <jbaron@redhat.com>
Link: http://lkml.kernel.org/r/20110510104346.GC1899@jolsa.brq.redhat.com


Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
parent 9905ce8a

kernel/jump_label.c

+13 −5
Original line number Diff line number Diff line
@@ -105,9 +105,12 @@ static int __jump_label_text_reserved(struct jump_entry *iter_start, 
}



static void __jump_label_update(struct jump_label_key *key,

		struct jump_entry *entry, int enable)

				struct jump_entry *entry,

				struct jump_entry *stop, int enable)

{

	for (; entry->key == (jump_label_t)(unsigned long)key; entry++) {

	for (; (entry < stop) &&

	      (entry->key == (jump_label_t)(unsigned long)key);

	      entry++) {

		/*

		 * entry->code set to 0 invalidates module init text sections

		 * kernel_text_address() verifies we are not in core kernel
@@ -181,7 +184,11 @@ static void __jump_label_mod_update(struct jump_label_key *key, int enable) 
	struct jump_label_mod *mod = key->next;



	while (mod) {

		__jump_label_update(key, mod->entries, enable);

		struct module *m = mod->mod;



		__jump_label_update(key, mod->entries,

				    m->jump_entries + m->num_jump_entries,

				    enable);

		mod = mod->next;

	}

}
@@ -245,7 +252,8 @@ static int jump_label_add_module(struct module *mod) 
		key->next = jlm;



		if (jump_label_enabled(key))

			__jump_label_update(key, iter, JUMP_LABEL_ENABLE);

			__jump_label_update(key, iter, iter_stop,

					    JUMP_LABEL_ENABLE);

	}



	return 0;
@@ -371,7 +379,7 @@ static void jump_label_update(struct jump_label_key *key, int enable) 


	/* if there are no users, entry can be NULL */

	if (entry)

		__jump_label_update(key, entry, enable);

		__jump_label_update(key, entry, __stop___jump_table, enable);



#ifdef CONFIG_MODULES

	__jump_label_mod_update(key, enable);

CRA Git | Maintained and supported by SUSTech CRA and CCSE