86 lines
3.3 KiB
Diff
86 lines
3.3 KiB
Diff
From 4b28444ed29d730de3b2e145dbd43d9d508deb41 Mon Sep 17 00:00:00 2001
|
||
From: yieux <yangxy79315@sina.com>
|
||
Date: Thu, 23 Nov 2023 14:40:02 +0800
|
||
Subject: fix system crash caused by registration exception
|
||
|
||
---
|
||
.../core/analyze_unit/secDetector_analyze.c | 1 +
|
||
kerneldriver/core/secDetector_manager.c | 17 +++++++++++++----
|
||
2 files changed, 14 insertions(+), 4 deletions(-)
|
||
|
||
diff --git a/kerneldriver/core/analyze_unit/secDetector_analyze.c b/kerneldriver/core/analyze_unit/secDetector_analyze.c
|
||
index 688a5e0..226e245 100644
|
||
--- a/kerneldriver/core/analyze_unit/secDetector_analyze.c
|
||
+++ b/kerneldriver/core/analyze_unit/secDetector_analyze.c
|
||
@@ -17,6 +17,7 @@ analyze_func_t analyze_units[NR_ANALYZE] = {
|
||
[ANALYZE_PRESET_SAVE_CHECK] = analyze_save_check,
|
||
};
|
||
|
||
+// 不使用analyze_status_data的时候,data_type 为0,因此free_analyze_status_data不处理对应的 ANALYZE_STATUS。
|
||
void free_analyze_status_data(analyze_status_t *analyze_status_data)
|
||
{
|
||
switch (analyze_status_data->data.data_type) {
|
||
diff --git a/kerneldriver/core/secDetector_manager.c b/kerneldriver/core/secDetector_manager.c
|
||
index 9304877..4c88386 100644
|
||
--- a/kerneldriver/core/secDetector_manager.c
|
||
+++ b/kerneldriver/core/secDetector_manager.c
|
||
@@ -35,12 +35,14 @@ void secDetector_module_unregister(struct secDetector_module *module)
|
||
mutex_lock(&g_hook_list_array_mutex);
|
||
ret_id = idr_remove(&g_module_idr, (unsigned long)module->id);
|
||
if (ret_id == NULL) {
|
||
+ pr_err("[secDetector] remove module id failed\n");
|
||
goto error;
|
||
}
|
||
|
||
for (i = 0, wf = module->workflow_array; i < module->workflow_array_len;
|
||
i++, wf++) {
|
||
if (wf == NULL) {
|
||
+ pr_err("[secDetector] invalid workflow\n");
|
||
goto error;
|
||
}
|
||
ret = delete_callback(wf);
|
||
@@ -48,15 +50,20 @@ void secDetector_module_unregister(struct secDetector_module *module)
|
||
pr_err("[secDetector] delete callback failed, return %d\n", ret);
|
||
goto error;
|
||
}
|
||
- // workflow在被卸载的时候,需要释放analyze status等申请的内存,特别是使用默认的response list。
|
||
- free_analyze_status_data(&wf->analyze_status);
|
||
- if (wf->response_array_len == 0) {
|
||
+ if (wf->workflow_type == WORKFLOW_PRESET) {
|
||
+ // workflow在被卸载的时候,需要释放analyze status等申请的内存,特别是使用默认的response list。
|
||
+ free_analyze_status_data(&wf->analyze_status);
|
||
+ if (wf->response_array_len == 0) {
|
||
kfree(wf->response_array);
|
||
+ }
|
||
}
|
||
}
|
||
|
||
error:
|
||
- list_del_rcu(&module->list);
|
||
+ //secDetector_module_unregister 的执行流可能来源于 失败的register,因此module此时还未被list_add_rcu
|
||
+ if ((module->list.next != NULL) && (module->list.prev != NULL) &&
|
||
+ ((module->list.next != &module->list) || (module->list.prev != &module->list)))
|
||
+ list_del_rcu(&module->list);
|
||
synchronize_rcu();
|
||
mutex_unlock(&g_hook_list_array_mutex);
|
||
|
||
@@ -125,6 +132,7 @@ int secDetector_module_register(struct secDetector_module *module)
|
||
for (i = 0, wf = module->workflow_array; i < module->workflow_array_len;
|
||
i++, wf++) {
|
||
if (wf == NULL) {
|
||
+ pr_err("[secDetector] invalid workflow\n");
|
||
ret = -EINVAL;
|
||
goto error;
|
||
}
|
||
@@ -148,6 +156,7 @@ int secDetector_module_register(struct secDetector_module *module)
|
||
param->proc_ops, param->data);
|
||
if (!param->entry) {
|
||
pr_err("[secDetector] create proc failed\n");
|
||
+ ret = -EINVAL;
|
||
goto error;
|
||
}
|
||
}
|
||
--
|
||
2.33.0
|
||
|