On Sat, Aug 28, 2021 at 02:47:03AM +0100, Matthew Wilcox wrote:
> On Fri, Aug 27, 2021 at 12:18:57PM -0700, Suren Baghdasaryan wrote:
> > + anon_name = vma_anon_name(vma);
> > + if (anon_name) {
> > + seq_pad(m, ' ');
> > + seq_puts(m, "[anon:");
> > + seq_write(m, anon_name, strlen(anon_name));
> > + seq_putc(m, ']');
> > + }
Maybe after seq_pad, use: seq_printf(m, "[anon:%s]", anon_name);
>
> ...
>
> > + case PR_SET_VMA_ANON_NAME:
> > + name = strndup_user((const char __user *)arg,
> > + ANON_VMA_NAME_MAX_LEN);
> > +
> > + if (IS_ERR(name))
> > + return PTR_ERR(name);
> > +
> > + for (pch = name; *pch != '\0'; pch++) {
> > + if (!isprint(*pch)) {
> > + kfree(name);
> > + return -EINVAL;
>
> I think isprint() is too weak a check. For example, I would suggest
> forbidding the following characters: ':', ']', '[', ' '. Perhaps
> isalnum() would be better? (permit a-zA-Z0-9) I wouldn't necessarily
> be opposed to some punctuation characters, but let's avoid creating
> confusion. Do you happen to know which characters are actually in use
> today?
There's some sense in refusing [, ], and :, but removing " " seems
unhelpful for reasonable descriptors. As long as weird stuff is escaped,
I think it's fine. Any parser can just extract with m|\[anon:(.*)\]$|
For example, just escape it here instead of refusing to take it. Something
like:
name = strndup_user((const char __user *)arg,
ANON_VMA_NAME_MAX_LEN);
escaped = kasprintf(GFP_KERNEL, "%pE", name);
if (escaped) {
kfree(name);
return -ENOMEM;
}
kfree(name);
name = escaped;
--
Kees Cook
