CVE-2023-52978

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> riscv: kprobe: Fixup kernel panic when probing an illegal position<br /> <br /> The kernel would panic when probed for an illegal position. eg:<br /> <br /> (CONFIG_RISCV_ISA_C=n)<br /> <br /> echo &amp;#39;p:hello kernel_clone+0x16 a0=%a0&amp;#39; &gt;&gt; kprobe_events<br /> echo 1 &gt; events/kprobes/hello/enable<br /> cat trace<br /> <br /> Kernel panic - not syncing: stack-protector: Kernel stack<br /> is corrupted in: __do_sys_newfstatat+0xb8/0xb8<br /> CPU: 0 PID: 111 Comm: sh Not tainted<br /> 6.2.0-rc1-00027-g2d398fe49a4d #490<br /> Hardware name: riscv-virtio,qemu (DT)<br /> Call Trace:<br /> [] dump_backtrace+0x38/0x48<br /> [] show_stack+0x50/0x68<br /> [] dump_stack_lvl+0x60/0x84<br /> [] dump_stack+0x20/0x30<br /> [] panic+0x160/0x374<br /> [] generic_handle_arch_irq+0x0/0xa8<br /> [] sys_newstat+0x0/0x30<br /> [] sys_clone+0x20/0x30<br /> [] ret_from_syscall+0x0/0x4<br /> ---[ end Kernel panic - not syncing: stack-protector:<br /> Kernel stack is corrupted in: __do_sys_newfstatat+0xb8/0xb8 ]---<br /> <br /> That is because the kprobe&amp;#39;s ebreak instruction broke the kernel&amp;#39;s<br /> original code. The user should guarantee the correction of the probe<br /> position, but it couldn&amp;#39;t make the kernel panic.<br /> <br /> This patch adds arch_check_kprobe in arch_prepare_kprobe to prevent an<br /> illegal position (Such as the middle of an instruction).