From: Kees Cook <keescook@chromium.org>
To: Matthew Wilcox <willy@infradead.org>
Cc: Suren Baghdasaryan <surenb@google.com>,
akpm@linux-foundation.org, ccross@google.com,
sumit.semwal@linaro.org, mhocko@suse.com, dave.hansen@intel.com,
kirill.shutemov@linux.intel.com, vbabka@suse.cz,
hannes@cmpxchg.org, corbet@lwn.net, viro@zeniv.linux.org.uk,
rdunlap@infradead.org, kaleshsingh@google.com, peterx@redhat.com,
rppt@kernel.org, peterz@infradead.org, catalin.marinas@arm.com,
vincenzo.frascino@arm.com, chinwen.chang@mediatek.com,
axelrasmussen@google.com, aarcange@redhat.com, jannh@google.com,
apopple@nvidia.com, jhubbard@nvidia.com, yuzhao@google.com,
will@kernel.org, fenghua.yu@intel.com,
thunder.leizhen@huawei.com, hughd@google.com,
feng.tang@intel.com, jgg@ziepe.ca, guro@fb.com,
tglx@linutronix.de, krisman@collabora.com,
chris.hyser@oracle.com, pcc@google.com, ebiederm@xmission.com,
axboe@kernel.dk, legion@kernel.org, eb@emlix.com,
songmuchun@bytedance.com, viresh.kumar@linaro.org,
thomascedeno@google.com, sashal@kernel.org, cxfcosmos@gmail.com,
linux@rasmusvillemoes.dk, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-mm@kvack.org, kernel-team@android.com
Subject: Re: [PATCH v8 2/3] mm: add a field to store names for private anonymous memory
Date: Fri, 27 Aug 2021 22:52:33 -0700 [thread overview]
Message-ID: <202108272228.7D36F0373@keescook> (raw)
In-Reply-To: <YSmVl+DEPrU6oUR4@casper.infradead.org>
On Sat, Aug 28, 2021 at 02:47:03AM +0100, Matthew Wilcox wrote:
> On Fri, Aug 27, 2021 at 12:18:57PM -0700, Suren Baghdasaryan wrote:
> > + anon_name = vma_anon_name(vma);
> > + if (anon_name) {
> > + seq_pad(m, ' ');
> > + seq_puts(m, "[anon:");
> > + seq_write(m, anon_name, strlen(anon_name));
> > + seq_putc(m, ']');
> > + }
Maybe after seq_pad, use: seq_printf(m, "[anon:%s]", anon_name);
>
> ...
>
> > + case PR_SET_VMA_ANON_NAME:
> > + name = strndup_user((const char __user *)arg,
> > + ANON_VMA_NAME_MAX_LEN);
> > +
> > + if (IS_ERR(name))
> > + return PTR_ERR(name);
> > +
> > + for (pch = name; *pch != '\0'; pch++) {
> > + if (!isprint(*pch)) {
> > + kfree(name);
> > + return -EINVAL;
>
> I think isprint() is too weak a check. For example, I would suggest
> forbidding the following characters: ':', ']', '[', ' '. Perhaps
> isalnum() would be better? (permit a-zA-Z0-9) I wouldn't necessarily
> be opposed to some punctuation characters, but let's avoid creating
> confusion. Do you happen to know which characters are actually in use
> today?
There's some sense in refusing [, ], and :, but removing " " seems
unhelpful for reasonable descriptors. As long as weird stuff is escaped,
I think it's fine. Any parser can just extract with m|\[anon:(.*)\]$|
For example, just escape it here instead of refusing to take it. Something
like:
name = strndup_user((const char __user *)arg,
ANON_VMA_NAME_MAX_LEN);
escaped = kasprintf(GFP_KERNEL, "%pE", name);
if (escaped) {
kfree(name);
return -ENOMEM;
}
kfree(name);
name = escaped;
--
Kees Cook
next prev parent reply other threads:[~2021-08-28 5:52 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-27 19:18 [PATCH v8 0/3] Anonymous VMA naming patches Suren Baghdasaryan
2021-08-27 19:18 ` [PATCH v8 1/3] mm: rearrange madvise code to allow for reuse Suren Baghdasaryan
2021-08-28 0:14 ` Kees Cook
2021-08-28 0:58 ` Suren Baghdasaryan
2021-08-28 16:19 ` Cyrill Gorcunov
2021-08-28 21:59 ` Suren Baghdasaryan
2021-08-27 19:18 ` [PATCH v8 2/3] mm: add a field to store names for private anonymous memory Suren Baghdasaryan
2021-08-28 1:47 ` Matthew Wilcox
2021-08-28 5:52 ` Kees Cook [this message]
2021-08-28 21:47 ` Suren Baghdasaryan
2021-08-30 8:12 ` Rasmus Villemoes
2021-08-30 16:16 ` Suren Baghdasaryan
2021-08-30 16:59 ` Matthew Wilcox
2021-08-31 17:21 ` Suren Baghdasaryan
2021-08-28 21:28 ` Cyrill Gorcunov
2021-08-28 21:53 ` Suren Baghdasaryan
2021-09-01 8:09 ` Michal Hocko
2021-09-01 15:28 ` Suren Baghdasaryan
2021-09-01 8:10 ` Michal Hocko
2021-09-01 15:42 ` Suren Baghdasaryan
2021-09-03 11:49 ` Michal Hocko
2021-09-03 15:47 ` Suren Baghdasaryan
2021-08-27 19:18 ` [PATCH v8 3/3] mm: add anonymous vma name refcounting Suren Baghdasaryan
2021-08-28 5:28 ` Kees Cook
2021-08-28 21:13 ` Suren Baghdasaryan
2021-08-30 7:03 ` Rolf Eike Beer
2021-08-30 7:03 ` Rolf Eike Beer
2021-08-30 16:12 ` Suren Baghdasaryan
2021-08-28 12:48 ` [PATCH v8 0/3] Anonymous VMA naming patches Pavel Machek
2021-08-28 22:06 ` Suren Baghdasaryan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202108272228.7D36F0373@keescook \
--to=keescook@chromium.org \
--cc=aarcange@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=apopple@nvidia.com \
--cc=axboe@kernel.dk \
--cc=axelrasmussen@google.com \
--cc=catalin.marinas@arm.com \
--cc=ccross@google.com \
--cc=chinwen.chang@mediatek.com \
--cc=chris.hyser@oracle.com \
--cc=corbet@lwn.net \
--cc=cxfcosmos@gmail.com \
--cc=dave.hansen@intel.com \
--cc=eb@emlix.com \
--cc=ebiederm@xmission.com \
--cc=feng.tang@intel.com \
--cc=fenghua.yu@intel.com \
--cc=guro@fb.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=jannh@google.com \
--cc=jgg@ziepe.ca \
--cc=jhubbard@nvidia.com \
--cc=kaleshsingh@google.com \
--cc=kernel-team@android.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=krisman@collabora.com \
--cc=legion@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@rasmusvillemoes.dk \
--cc=mhocko@suse.com \
--cc=pcc@google.com \
--cc=peterx@redhat.com \
--cc=peterz@infradead.org \
--cc=rdunlap@infradead.org \
--cc=rppt@kernel.org \
--cc=sashal@kernel.org \
--cc=songmuchun@bytedance.com \
--cc=sumit.semwal@linaro.org \
--cc=surenb@google.com \
--cc=tglx@linutronix.de \
--cc=thomascedeno@google.com \
--cc=thunder.leizhen@huawei.com \
--cc=vbabka@suse.cz \
--cc=vincenzo.frascino@arm.com \
--cc=viresh.kumar@linaro.org \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=yuzhao@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.