projects / lttng-modules.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9c66616) | patch
Fix: check reference counts for overflow
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 19 Jan 2016 14:51:55 +0000 (09:51 -0500)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 19 Jan 2016 14:57:25 +0000 (09:57 -0500)
commit4ce9f32b8ec6ff1de14d734607a5f4a20fb743e5
tree2e6027210bff1d4a6c03fdf974f8fe059d5f4dadtree | snapshot
parent9c666164702ea3b2c2b2299b7aaab97203efc0afcommit | diff
Fix: check reference counts for overflow

Linux kernel CVE-2016-0728 is a use-after-free based on overflow of the
reference counting mechanism.

Implement a kref wrapper in lttng that validates overflows, and use it
instead of kref_get(). Also check explicitly for overflows on file
fcount counters.

This should not be an issue in practice in lttng-modules because the ABI
is only exposed to root, but let's err on the safe side.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
lib/ringbuffer/ring_buffer_frontend.c diff | blob | blame | history
lttng-abi.c diff | blob | blame | history
lttng-events.c diff | blob | blame | history
probes/lttng-kretprobes.c diff | blob | blame | history
wrapper/kref.h [new file with mode: 0644] blob
LTTng 2.0/0.x modules
This page took 0.025952 seconds and 4 git commands to generate.