summaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorAnton Arapov <anton@redhat.com>2013-04-03 18:00:37 +0200
committerOleg Nesterov <oleg@redhat.com>2013-04-13 15:31:58 +0200
commitded49c55309a37129dc30a5f0e85b8a64e5c1716 (patch)
tree7734bd75b1b95c22457c0671c6d9968b131fb5b1 /include/linux
parentfec8898d86ad0fb4d2161fc89885fa52da1e8b72 (diff)
downloadop-kernel-dev-ded49c55309a37129dc30a5f0e85b8a64e5c1716.zip
op-kernel-dev-ded49c55309a37129dc30a5f0e85b8a64e5c1716.tar.gz
uretprobes: Limit the depth of return probe nestedness
Unlike the kretprobes we can't trust userspace, thus must have protection from user space attacks. User-space have "unlimited" stack, and this patch limits the return probes nestedness as a simple remedy for it. Note that this implementation leaks return_instance on siglongjmp until exit()/exec(). The intention is to have KISS and bare minimum solution for the initial implementation in order to not complicate the uretprobes code. In the future we may come up with more sophisticated solution that remove this depth limitation. It is not easy task and lays beyond this patchset. Signed-off-by: Anton Arapov <anton@redhat.com> Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com> Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/uprobes.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/uprobes.h b/include/linux/uprobes.h
index b0507f2..06f28be 100644
--- a/include/linux/uprobes.h
+++ b/include/linux/uprobes.h
@@ -38,6 +38,8 @@ struct inode;
#define UPROBE_HANDLER_REMOVE 1
#define UPROBE_HANDLER_MASK 1
+#define MAX_URETPROBE_DEPTH 64
+
enum uprobe_filter_ctx {
UPROBE_FILTER_REGISTER,
UPROBE_FILTER_UNREGISTER,
@@ -72,6 +74,7 @@ struct uprobe_task {
struct arch_uprobe_task autask;
struct return_instance *return_instances;
+ unsigned int depth;
struct uprobe *active_uprobe;
unsigned long xol_vaddr;
OpenPOWER on IntegriCloud