aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorJiri Olsa <jolsa@redhat.com>2011-05-10 06:43:46 -0400
committerSteven Rostedt <rostedt@goodmis.org>2011-05-25 19:56:36 -0400
commit7cbc5b8d4a775a43875a09e29c49a2a8195b5b2d (patch)
treeb172a445ca84bd463abc6006233799e0a5f422b2 /kernel
parent9905ce8ad7b79dddd23c7b4753d0b2cdb65bde3c (diff)
jump_label: Check entries limit in __jump_label_update
When iterating the jump_label entries array (core or modules), the __jump_label_update function peeks over the last entry. The reason is that the end of the for loop depends on the key value of the processed entry. Thus when going through the last array entry, we will touch the memory behind the array limit. This bug probably will never be triggered, since most likely the memory behind the jump_label entries will be accesable and the entry->key will be different than the expected value. Signed-off-by: Jiri Olsa <jolsa@redhat.com> Acked-by: Jason Baron <jbaron@redhat.com> Link: http://lkml.kernel.org/r/20110510104346.GC1899@jolsa.brq.redhat.com Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/jump_label.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/kernel/jump_label.c b/kernel/jump_label.c
index 74d1c099fbd1..fa27e750dbc0 100644
--- a/kernel/jump_label.c
+++ b/kernel/jump_label.c
@@ -105,9 +105,12 @@ static int __jump_label_text_reserved(struct jump_entry *iter_start,
105} 105}
106 106
107static void __jump_label_update(struct jump_label_key *key, 107static void __jump_label_update(struct jump_label_key *key,
108 struct jump_entry *entry, int enable) 108 struct jump_entry *entry,
109 struct jump_entry *stop, int enable)
109{ 110{
110 for (; entry->key == (jump_label_t)(unsigned long)key; entry++) { 111 for (; (entry < stop) &&
112 (entry->key == (jump_label_t)(unsigned long)key);
113 entry++) {
111 /* 114 /*
112 * entry->code set to 0 invalidates module init text sections 115 * entry->code set to 0 invalidates module init text sections
113 * kernel_text_address() verifies we are not in core kernel 116 * kernel_text_address() verifies we are not in core kernel
@@ -181,7 +184,11 @@ static void __jump_label_mod_update(struct jump_label_key *key, int enable)
181 struct jump_label_mod *mod = key->next; 184 struct jump_label_mod *mod = key->next;
182 185
183 while (mod) { 186 while (mod) {
184 __jump_label_update(key, mod->entries, enable); 187 struct module *m = mod->mod;
188
189 __jump_label_update(key, mod->entries,
190 m->jump_entries + m->num_jump_entries,
191 enable);
185 mod = mod->next; 192 mod = mod->next;
186 } 193 }
187} 194}
@@ -245,7 +252,8 @@ static int jump_label_add_module(struct module *mod)
245 key->next = jlm; 252 key->next = jlm;
246 253
247 if (jump_label_enabled(key)) 254 if (jump_label_enabled(key))
248 __jump_label_update(key, iter, JUMP_LABEL_ENABLE); 255 __jump_label_update(key, iter, iter_stop,
256 JUMP_LABEL_ENABLE);
249 } 257 }
250 258
251 return 0; 259 return 0;
@@ -371,7 +379,7 @@ static void jump_label_update(struct jump_label_key *key, int enable)
371 379
372 /* if there are no users, entry can be NULL */ 380 /* if there are no users, entry can be NULL */
373 if (entry) 381 if (entry)
374 __jump_label_update(key, entry, enable); 382 __jump_label_update(key, entry, __stop___jump_table, enable);
375 383
376#ifdef CONFIG_MODULES 384#ifdef CONFIG_MODULES
377 __jump_label_mod_update(key, enable); 385 __jump_label_mod_update(key, enable);