On Mon, Nov 27, 2017 at 11:01:28PM +0100, Peter Zijlstra wrote: > On Mon, Nov 27, 2017 at 01:50:30PM -0800, Milind Chabbi wrote: > > The possible checks is infinite > > struct perf_event_attr is very much a finite data type. > > Something as simple as: > > struct perf_event_attr tmp1 = new_attr, tmp2 = event->attr; > > tmp1.bp_type = tmp2.bp_type; > tmp1.bp_addr = tmp2.bp_addr; > tmp1.bp_len = tmp2.bp_len; > > if (memcmp(&tmp1, &tmp2, sizeof(tmp1))) > return -EINVAL; > > would actually do the checks __modify_user_hw_breakpoint() needs to do.
It could fail with uninitialized padding. -Andi
