On Mon, Nov 27, 2017 at 3:07 PM, Andi Kleen <[email protected]> wrote: > On Mon, Nov 27, 2017 at 11:01:28PM +0100, Peter Zijlstra wrote: >> On Mon, Nov 27, 2017 at 01:50:30PM -0800, Milind Chabbi wrote: >> > The possible checks is infinite >> >> struct perf_event_attr is very much a finite data type. >> >> Something as simple as: >> >> struct perf_event_attr tmp1 = new_attr, tmp2 = event->attr; >> >> tmp1.bp_type = tmp2.bp_type; >> tmp1.bp_addr = tmp2.bp_addr; >> tmp1.bp_len = tmp2.bp_len; >> >> if (memcmp(&tmp1, &tmp2, sizeof(tmp1))) >> return -EINVAL; >> >> would actually do the checks __modify_user_hw_breakpoint() needs to do. > > It could fail with uninitialized padding. > > > -Andi >
Hm... How about we zero out __reserved_1 and __reserved_2 before memcmp()?
