Re: [PATCH 0/2] (Was: perf_event_mmap(vma) && !vma->vm_mm)
From: Peter Zijlstra
Date: Wed Oct 16 2013 - 17:16:28 EST
On Wed, Oct 16, 2013 at 10:58:00PM +0200, Oleg Nesterov wrote:
> OK. I'll wait for your review on this series, then send the next patch.
>
Those two patches look good; thanks. How about something like so on top?
---
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -5103,18 +5103,16 @@ static void perf_event_mmap_event(struct
struct file *file = vma->vm_file;
int maj = 0, min = 0;
u64 ino = 0, gen = 0;
- unsigned int size;
+ unsigned int size, len;
char tmp[16];
char *buf = NULL;
const char *name;
- memset(tmp, 0, sizeof(tmp));
-
if (file) {
struct inode *inode;
dev_t dev;
- buf = kzalloc(PATH_MAX, GFP_KERNEL);
+ buf = kmalloc(PATH_MAX, GFP_KERNEL);
if (!buf) {
name = strncpy(tmp, "//enomem", sizeof(tmp));
goto got_name;
@@ -5160,7 +5158,15 @@ static void perf_event_mmap_event(struct
}
got_name:
- size = ALIGN(strlen(name)+1, sizeof(u64));
+ /*
+ * Since our buffer works in 8 byte units we need to align our string
+ * size to a multiple of 8. However, we must guarantee the tail end is
+ * zero'd out to avoid leaking random bits to userspace.
+ */
+ len = strlen(name)+1;
+ size = ALIGN(len, sizeof(u64));
+ for (; len < size; len++)
+ name[len] = '\0';
mmap_event->file_name = name;
mmap_event->file_size = size;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/