Re: [PATCH 4/6] hw_breakpoint: Factor out __modify_user_hw_breakpoint function

From: Peter Zijlstra
Date: Mon Nov 27 2017 - 12:34:31 EST

Next message: Sven Joachim: "Re: [PATCH] objtool: fix build of 64-bit kernel with 32-bit userspace"
Previous message: Takashi Sakamoto: "Re: [PATCH] ALSA: drivers: make array 'names' const, reduces object code size"
In reply to: Jiri Olsa: "Re: [PATCH 4/6] hw_breakpoint: Factor out __modify_user_hw_breakpoint function"
Next in thread: Peter Zijlstra: "Re: [PATCH 4/6] hw_breakpoint: Factor out __modify_user_hw_breakpoint function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 27, 2017 at 06:25:32PM +0100, Jiri Olsa wrote:
> On Mon, Nov 27, 2017 at 06:12:03PM +0100, Peter Zijlstra wrote:
> > But what validates the input attr is the same as the event attr, aside
> > from those fields?
>
> we don't.. the attr serves as a holder to carry those fields
> into the function

Then that's a straight up bug.

> the current kernel interface does not check anything else

Not enough, if the new attr would fail perf_event_open() it should also
fail this modify thing.

> there's one more check in the ioctl path, we check the
> type in perf_event_modify_attr:
>
> if (event->attr.type != attr->type)
> return -EINVAL;

Note how hw_breakpoint_event_init() tests has_branch_stack() and fails
on it.

Ideally we should check a whole lot more and fail, but alas..

Next message: Sven Joachim: "Re: [PATCH] objtool: fix build of 64-bit kernel with 32-bit userspace"
Previous message: Takashi Sakamoto: "Re: [PATCH] ALSA: drivers: make array 'names' const, reduces object code size"
In reply to: Jiri Olsa: "Re: [PATCH 4/6] hw_breakpoint: Factor out __modify_user_hw_breakpoint function"
Next in thread: Peter Zijlstra: "Re: [PATCH 4/6] hw_breakpoint: Factor out __modify_user_hw_breakpoint function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]