perf: Change zero-padding of strings in perf_event_mmap_event()
authorPeter Zijlstra <peterz@infradead.org>
Wed, 16 Oct 2013 22:06:46 +0000 (00:06 +0200)
committerIngo Molnar <mingo@kernel.org>
Tue, 29 Oct 2013 11:02:53 +0000 (12:02 +0100)
Oleg complained about the excessive 0-ing in perf_event_mmap_event(),
so try and be smarter about it while keeping it fairly fool proof and
avoid leaking random bits out to userspace.

Suggested-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/n/tip-8jirlm99m6if2z13wd6rbyu6@git.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
kernel/events/core.c

index b409e757cadc37c675a55dfc53702415e3499bd4..85a8bbde64814bdf4ab15356b8d59468811e87b0 100644 (file)
@@ -5106,15 +5106,13 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
        unsigned int size;
        char tmp[16];
        char *buf = NULL;
-       const char *name;
-
-       memset(tmp, 0, sizeof(tmp));
+       char *name;
 
        if (file) {
                struct inode *inode;
                dev_t dev;
 
-               buf = kzalloc(PATH_MAX, GFP_KERNEL);
+               buf = kmalloc(PATH_MAX, GFP_KERNEL);
                if (!buf) {
                        name = strncpy(tmp, "//enomem", sizeof(tmp));
                        goto got_name;
@@ -5137,7 +5135,7 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
                min = MINOR(dev);
 
        } else {
-               name = arch_vma_name(vma);
+               name = (char *)arch_vma_name(vma);
                if (name) {
                        name = strncpy(tmp, name, sizeof(tmp) - 1);
                        tmp[sizeof(tmp) - 1] = '\0';
@@ -5160,7 +5158,14 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
        }
 
 got_name:
-       size = ALIGN(strlen(name)+1, sizeof(u64));
+       /*
+        * Since our buffer works in 8 byte units we need to align our string
+        * size to a multiple of 8. However, we must guarantee the tail end is
+        * zero'd out to avoid leaking random bits to userspace.
+        */
+       size = strlen(name)+1;
+       while (!IS_ALIGNED(size, sizeof(u64)))
+               name[size++] = '\0';
 
        mmap_event->file_name = name;
        mmap_event->file_size = size;