| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202108272228.7D36F0373@keescook>
Date: Fri, 27 Aug 2021 22:52:33 -0700
From: Kees Cook <keescook@...omium.org>
To: Matthew Wilcox <willy@...radead.org>
Cc: Suren Baghdasaryan <surenb@...gle.com>, akpm@...ux-foundation.org,
ccross@...gle.com, sumit.semwal@...aro.org, mhocko@...e.com,
dave.hansen@...el.com, kirill.shutemov@...ux.intel.com,
vbabka@...e.cz, hannes@...xchg.org, corbet@....net,
viro@...iv.linux.org.uk, rdunlap@...radead.org,
kaleshsingh@...gle.com, peterx@...hat.com, rppt@...nel.org,
peterz@...radead.org, catalin.marinas@....com,
vincenzo.frascino@....com, chinwen.chang@...iatek.com,
axelrasmussen@...gle.com, aarcange@...hat.com, jannh@...gle.com,
apopple@...dia.com, jhubbard@...dia.com, yuzhao@...gle.com,
will@...nel.org, fenghua.yu@...el.com, thunder.leizhen@...wei.com,
hughd@...gle.com, feng.tang@...el.com, jgg@...pe.ca, guro@...com,
tglx@...utronix.de, krisman@...labora.com, chris.hyser@...cle.com,
pcc@...gle.com, ebiederm@...ssion.com, axboe@...nel.dk,
legion@...nel.org, eb@...ix.com, songmuchun@...edance.com,
viresh.kumar@...aro.org, thomascedeno@...gle.com,
sashal@...nel.org, cxfcosmos@...il.com, linux@...musvillemoes.dk,
linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-doc@...r.kernel.org, linux-mm@...ck.org,
kernel-team@...roid.com
Subject: Re: [PATCH v8 2/3] mm: add a field to store names for private
anonymous memory
On Sat, Aug 28, 2021 at 02:47:03AM +0100, Matthew Wilcox wrote:
> On Fri, Aug 27, 2021 at 12:18:57PM -0700, Suren Baghdasaryan wrote:
> > + anon_name = vma_anon_name(vma);
> > + if (anon_name) {
> > + seq_pad(m, ' ');
> > + seq_puts(m, "[anon:");
> > + seq_write(m, anon_name, strlen(anon_name));
> > + seq_putc(m, ']');
> > + }
Maybe after seq_pad, use: seq_printf(m, "[anon:%s]", anon_name);
>
> ...
>
> > + case PR_SET_VMA_ANON_NAME:
> > + name = strndup_user((const char __user *)arg,
> > + ANON_VMA_NAME_MAX_LEN);
> > +
> > + if (IS_ERR(name))
> > + return PTR_ERR(name);
> > +
> > + for (pch = name; *pch != '\0'; pch++) {
> > + if (!isprint(*pch)) {
> > + kfree(name);
> > + return -EINVAL;
>
> I think isprint() is too weak a check. For example, I would suggest
> forbidding the following characters: ':', ']', '[', ' '. Perhaps
> isalnum() would be better? (permit a-zA-Z0-9) I wouldn't necessarily
> be opposed to some punctuation characters, but let's avoid creating
> confusion. Do you happen to know which characters are actually in use
> today?
There's some sense in refusing [, ], and :, but removing " " seems
unhelpful for reasonable descriptors. As long as weird stuff is escaped,
I think it's fine. Any parser can just extract with m|\[anon:(.*)\]$|
For example, just escape it here instead of refusing to take it. Something
like:
name = strndup_user((const char __user *)arg,
ANON_VMA_NAME_MAX_LEN);
escaped = kasprintf(GFP_KERNEL, "%pE", name);
if (escaped) {
kfree(name);
return -ENOMEM;
}
kfree(name);
name = escaped;
--
Kees Cook
Powered by blists - more mailing lists