Re: [PATCH 0/2] (Was: perf_event_mmap(vma) && !vma->vm_mm)
From: Peter Zijlstra
Date: Thu Oct 17 2013 - 12:47:23 EST
On Thu, Oct 17, 2013 at 05:27:17PM +0200, Oleg Nesterov wrote:
> On 10/17, Oleg Nesterov wrote:
> >
> > - we do not really need "len", we can simply do
> >
> > size = strlen(name) + 1;
> > while (size % sizeof(u64))
> > name[size++] = '\0';
> >
> > although I won't argue if you dislike "size & 7" in while().
>
> Or, perhaps,
>
> while (!IS_ALIGNED(size, sizeof(u64)))
> name[size++] = '\0';
>
---
Subject: perf: Change zero-padding of strings in perf_event_mmap_event()
From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Date: Thu Oct 17 00:06:46 CEST 2013
Oleg complained about the excessive 0-ing in perf_event_mmap_event(),
so try and be smarter about it while keeping it fairly fool proof and
avoid leaking random bits out to userspace.
Suggested-by: Oleg Nesterov <oleg@xxxxxxxxxx>
Signed-off-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Link: http://lkml.kernel.org/n/tip-8jirlm99m6if2z13wd6rbyu6@xxxxxxxxxxxxxx
---
kernel/events/core.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5106,15 +5106,13 @@ static void perf_event_mmap_event(struct
unsigned int size;
char tmp[16];
char *buf = NULL;
- const char *name;
-
- memset(tmp, 0, sizeof(tmp));
+ char *name;
if (file) {
struct inode *inode;
dev_t dev;
- buf = kzalloc(PATH_MAX, GFP_KERNEL);
+ buf = kmalloc(PATH_MAX, GFP_KERNEL);
if (!buf) {
name = strncpy(tmp, "//enomem", sizeof(tmp));
goto got_name;
@@ -5137,7 +5135,7 @@ static void perf_event_mmap_event(struct
min = MINOR(dev);
} else {
- name = arch_vma_name(vma);
+ name = (char *)arch_vma_name(vma);
if (name) {
name = strncpy(tmp, name, sizeof(tmp) - 1);
tmp[sizeof(tmp) - 1] = '\0';
@@ -5160,7 +5158,14 @@ static void perf_event_mmap_event(struct
}
got_name:
- size = ALIGN(strlen(name)+1, sizeof(u64));
+ /*
+ * Since our buffer works in 8 byte units we need to align our string
+ * size to a multiple of 8. However, we must guarantee the tail end is
+ * zero'd out to avoid leaking random bits to userspace.
+ */
+ size = strlen(name)+1;
+ while (!IS_ALIGNED(size, sizeof(u64)))
+ name[size++] = '\0';
mmap_event->file_name = name;
mmap_event->file_size = size;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/