Dmitry Vyukov
unread,Jan 22, 2018, 3:25:25 AM1/22/18Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ak...@linux-foundation.org, sp3...@columbia.edu, andre...@columbia.edu, Dmitry Vyukov, syzk...@googlegroups.com, linu...@kvack.org, linux-...@vger.kernel.org
Currently KCOV_ENABLE does not check if the current task is already
associated with another kcov descriptor. As the result it is possible
to associate a single task with more than one kcov descriptor, which
later leads to a memory leak of the old descriptor. This relation is
really meant to be one-to-one (task has only one back link).
Extend validation to detect such misuse.
Signed-off-by: Dmitry Vyukov <
dvy...@google.com>
Reported-by: Shankara Pailoor <
sp3...@columbia.edu>
Fixes: 5c9a8750a640 ("kernel: add kcov code coverage")
Cc:
syzk...@googlegroups.com
Cc:
linu...@kvack.org
Cc:
linux-...@vger.kernel.org
---
kernel/kcov.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/kcov.c b/kernel/kcov.c
index 7594c033d98a..2c16f1ab5e10 100644
--- a/kernel/kcov.c
+++ b/kernel/kcov.c
@@ -358,7 +358,8 @@ static int kcov_ioctl_locked(struct kcov *kcov, unsigned int cmd,
*/
if (kcov->mode != KCOV_MODE_INIT || !kcov->area)
return -EINVAL;
- if (kcov->t != NULL)
+ t = current;
+ if (kcov->t != NULL || t->kcov != NULL)
return -EBUSY;
if (arg == KCOV_TRACE_PC)
kcov->mode = KCOV_MODE_TRACE_PC;
@@ -370,7 +371,6 @@ static int kcov_ioctl_locked(struct kcov *kcov, unsigned int cmd,
#endif
else
return -EINVAL;
- t = current;
/* Cache in task struct for performance. */
t->kcov_size = kcov->size;
t->kcov_area = kcov->area;
--
2.16.0.rc1.238.g530d649a79-goog