git.lttng.org Git - lttng-modules.git/commit

]> git.lttng.org Git - lttng-modules.git/commit

author	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
	Tue, 19 Jan 2016 14:51:55 +0000 (09:51 -0500)
committer	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
	Tue, 19 Jan 2016 14:57:25 +0000 (09:57 -0500)
commit	4ce9f32b8ec6ff1de14d734607a5f4a20fb743e5
tree	2e6027210bff1d4a6c03fdf974f8fe059d5f4dad	tree \| snapshot
parent	9c666164702ea3b2c2b2299b7aaab97203efc0af	commit \| diff

Fix: check reference counts for overflow

Linux kernel CVE-2016-0728 is a use-after-free based on overflow of the
reference counting mechanism.

Implement a kref wrapper in lttng that validates overflows, and use it
instead of kref_get(). Also check explicitly for overflows on file
fcount counters.

This should not be an issue in practice in lttng-modules because the ABI
is only exposed to root, but let's err on the safe side.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>

lib/ringbuffer/ring_buffer_frontend.c		diff \| blob \| blame \| history
lttng-abi.c		diff \| blob \| blame \| history
lttng-events.c		diff \| blob \| blame \| history
probes/lttng-kretprobes.c		diff \| blob \| blame \| history
wrapper/kref.h	[new file with mode: 0644]	blob

LTTng 2.0/0.x modules

RSS Atom

This page took 0.030905 seconds and 4 git commands to generate.