lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20131017152027.GA14098@redhat.com>
Date:	Thu, 17 Oct 2013 17:20:27 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Peter Zijlstra <peterz@...radead.org>
Cc:	Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/2] (Was: perf_event_mmap(vma) && !vma->vm_mm)

On 10/16, Peter Zijlstra wrote:
>
> On Wed, Oct 16, 2013 at 10:58:00PM +0200, Oleg Nesterov wrote:
> > OK. I'll wait for your review on this series, then send the next patch.
> >
>
> Those two patches look good; thanks.

Thanks, can I have your acks for Ingo ?

> How about something like so on top?
>
> ---
> --- a/kernel/events/core.c
> +++ b/kernel/events/core.c
> @@ -5103,18 +5103,16 @@ static void perf_event_mmap_event(struct
>  	struct file *file = vma->vm_file;
>  	int maj = 0, min = 0;
>  	u64 ino = 0, gen = 0;
> -	unsigned int size;
> +	unsigned int size, len;
>  	char tmp[16];
>  	char *buf = NULL;
>  	const char *name;
>  
> -	memset(tmp, 0, sizeof(tmp));
> -
>  	if (file) {
>  		struct inode *inode;
>  		dev_t dev;
>  
> -		buf = kzalloc(PATH_MAX, GFP_KERNEL);
> +		buf = kmalloc(PATH_MAX, GFP_KERNEL);
>  		if (!buf) {
>  			name = strncpy(tmp, "//enomem", sizeof(tmp));
>  			goto got_name;
> @@ -5160,7 +5158,15 @@ static void perf_event_mmap_event(struct
>  	}
>  
>  got_name:
> -	size = ALIGN(strlen(name)+1, sizeof(u64));
> +	/*
> +	 * Since our buffer works in 8 byte units we need to align our string
> +	 * size to a multiple of 8. However, we must guarantee the tail end is
> +	 * zero'd out to avoid leaking random bits to userspace.
> +	 */
> +	len = strlen(name)+1;
> +	size = ALIGN(len, sizeof(u64));
> +	for (; len < size; len++)
> +		name[len] = '\0';

Yes, this is almost what I meant, but:

	- name is "const char *", we need another variable

	- we do not really need "len", we can simply do

		size = strlen(name) + 1;
		while (size % sizeof(u64))
			name[size++] = '\0';

	  although I won't argue if you dislike "size & 7" in while().

	- we can factor out strncpy(tmp, name).

Could you look at 3/2 I'll send in a minute?

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ