Fix potential integer overflow for last frame on IRQ/WQ context

Adam-pi3 · Adam-pi3 · commit b694700ed153 · 2026-01-03T05:15:03.000Z
diff --git a/src/modules/exploit_detection/p_exploit_detection.c b/src/modules/exploit_detection/p_exploit_detection.c
@@ -1515,7 +1515,7 @@ static inline int p_is_obj_on_stack(struct task_struct *p_task, const void *p_ad
 
    void *p_stack = p_task->stack; //task_stack_page(p_task);
 
-   return (p_addr >= p_stack) && (p_addr + p_size < (p_stack + THREAD_SIZE));
+   return (p_addr >= p_stack) && ((unsigned long)p_addr < P_KERNEL_LAST_UNUSED_HOLE) && (p_addr + p_size < (p_stack + THREAD_SIZE));
 }
 
 int p_ed_enforce_pcfi(struct task_struct *p_task, struct p_ed_process *p_orig, struct pt_regs *p_regs) {
diff --git a/src/modules/exploit_detection/p_exploit_detection.h b/src/modules/exploit_detection/p_exploit_detection.h
@@ -18,6 +18,8 @@
 #ifndef P_EXPLOIT_DETECTION_MAIN_H
 #define P_EXPLOIT_DETECTION_MAIN_H
 
+#define P_KERNEL_LAST_UNUSED_HOLE 0xffffffffffe00000
+
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,17,0) && defined(CONFIG_ARCH_HAS_SYSCALL_WRAPPER)
 
   /*

Original file line number	Diff line number	Diff line change
`@@ -1515,7 +1515,7 @@ static inline int p_is_obj_on_stack(struct task_struct p_task, const void p_ad`
`1515`	`1515`
`1516`	`1516`	`void *p_stack = p_task->stack; //task_stack_page(p_task);`
`1517`	`1517`
`1518`		`- return (p_addr >= p_stack) && (p_addr + p_size < (p_stack + THREAD_SIZE));`
	`1518`	`+ return (p_addr >= p_stack) && ((unsigned long)p_addr < P_KERNEL_LAST_UNUSED_HOLE) && (p_addr + p_size < (p_stack + THREAD_SIZE));`
`1519`	`1519`	`}`
`1520`	`1520`
`1521`	`1521`	`int p_ed_enforce_pcfi(struct task_struct p_task, struct p_ed_process p_orig, struct pt_regs *p_regs) {`