Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1040216AbdDVFz0 (ORCPT ); Sat, 22 Apr 2017 01:55:26 -0400 Received: from ozlabs.org ([103.22.144.67]:33359 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751009AbdDVFzY (ORCPT ); Sat, 22 Apr 2017 01:55:24 -0400 From: Michael Ellerman To: "Naveen N. Rao" , Masami Hiramatsu Cc: Ananth N Mavinakayanahalli , Ingo Molnar , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v4 3/7] kprobes: validate the symbol name provided during probe registration In-Reply-To: <20170421123234.6895-1-naveen.n.rao@linux.vnet.ibm.com> References: <6e14d22994530fb5200c74d1593e73541d3b8028.1492604782.git.naveen.n.rao@linux.vnet.ibm.com> <20170421123234.6895-1-naveen.n.rao@linux.vnet.ibm.com> User-Agent: Notmuch/0.21 (https://notmuchmail.org) Date: Sat, 22 Apr 2017 15:55:21 +1000 Message-ID: <87inlxyoja.fsf@concordia.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 870 Lines: 23 "Naveen N. Rao" writes: > When a kprobe is being registered, we use the symbol_name field to > lookup the address where the probe should be placed. Since this is a > user-provided field, let's ensure that the length of the string is > within expected limits. What are we actually trying to protect against here? If you ignore powerpc for a moment, kprobe_lookup_name() is just kallsyms_lookup_name(). All kallsyms_lookup_name() does with name is strcmp() it against a legitimate symbol name which is at most KSYM_NAME_LEN. So I don't think any of this validation helps in that case? In the powerpc version of kprobe_lookup_name() we do need to do some string juggling, for which it helps to know the input is sane. But I think we should just make that code more robust by checking the input before we do anything with it. cheers