diff mbox series

[v2,06/10] mm/kmemleak: Replace strncpy() with __get_task_comm()

Message ID 20240613023044.45873-7-laoar.shao@gmail.com (mailing list archive)
State New
Headers show
Series Improve the copy of task comm | expand

Commit Message

Yafang Shao June 13, 2024, 2:30 a.m. UTC
Using __get_task_comm() to read the task comm ensures that the name is
always NUL-terminated, regardless of the source string. This approach also
facilitates future extensions to the task comm.

Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
---
 mm/kmemleak.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

Comments

Catalin Marinas June 13, 2024, 8:37 a.m. UTC | #1
On Thu, Jun 13, 2024 at 10:30:40AM +0800, Yafang Shao wrote:
> Using __get_task_comm() to read the task comm ensures that the name is
> always NUL-terminated, regardless of the source string. This approach also
> facilitates future extensions to the task comm.
> 
> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> ---
>  mm/kmemleak.c | 8 +-------
>  1 file changed, 1 insertion(+), 7 deletions(-)
> 
> diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> index d5b6fba44fc9..ef29aaab88a0 100644
> --- a/mm/kmemleak.c
> +++ b/mm/kmemleak.c
> @@ -663,13 +663,7 @@ static struct kmemleak_object *__alloc_object(gfp_t gfp)
>  		strncpy(object->comm, "softirq", sizeof(object->comm));
>  	} else {
>  		object->pid = current->pid;
> -		/*
> -		 * There is a small chance of a race with set_task_comm(),
> -		 * however using get_task_comm() here may cause locking
> -		 * dependency issues with current->alloc_lock. In the worst
> -		 * case, the command line is not correct.
> -		 */
> -		strncpy(object->comm, current->comm, sizeof(object->comm));
> +		__get_task_comm(object->comm, sizeof(object->comm), current);
>  	}

You deleted the comment stating why it does not use get_task_comm()
without explaining why it would be safe now. I don't recall the details
but most likely lockdep warned of some potential deadlocks with this
function being called with the task_lock held.

So, you either show why this is safe or just use strscpy() directly here
(not sure we'd need strscpy_pad(); I think strscpy() would do, we just
need the NUL-termination).
Yafang Shao June 13, 2024, 12:10 p.m. UTC | #2
On Thu, Jun 13, 2024 at 4:37 PM Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> On Thu, Jun 13, 2024 at 10:30:40AM +0800, Yafang Shao wrote:
> > Using __get_task_comm() to read the task comm ensures that the name is
> > always NUL-terminated, regardless of the source string. This approach also
> > facilitates future extensions to the task comm.
> >
> > Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> > Cc: Catalin Marinas <catalin.marinas@arm.com>
> > Cc: Andrew Morton <akpm@linux-foundation.org>
> > ---
> >  mm/kmemleak.c | 8 +-------
> >  1 file changed, 1 insertion(+), 7 deletions(-)
> >
> > diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> > index d5b6fba44fc9..ef29aaab88a0 100644
> > --- a/mm/kmemleak.c
> > +++ b/mm/kmemleak.c
> > @@ -663,13 +663,7 @@ static struct kmemleak_object *__alloc_object(gfp_t gfp)
> >               strncpy(object->comm, "softirq", sizeof(object->comm));
> >       } else {
> >               object->pid = current->pid;
> > -             /*
> > -              * There is a small chance of a race with set_task_comm(),
> > -              * however using get_task_comm() here may cause locking
> > -              * dependency issues with current->alloc_lock. In the worst
> > -              * case, the command line is not correct.
> > -              */
> > -             strncpy(object->comm, current->comm, sizeof(object->comm));
> > +             __get_task_comm(object->comm, sizeof(object->comm), current);
> >       }
>
> You deleted the comment stating why it does not use get_task_comm()
> without explaining why it would be safe now. I don't recall the details
> but most likely lockdep warned of some potential deadlocks with this
> function being called with the task_lock held.
>
> So, you either show why this is safe or just use strscpy() directly here
> (not sure we'd need strscpy_pad(); I think strscpy() would do, we just
> need the NUL-termination).

The task_lock was dropped in patch #1 [0]. My apologies for not
including you in the CC for that change. After this modification, it
is now safe to use __get_task_comm().

[0] https://lore.kernel.org/all/20240613023044.45873-2-laoar.shao@gmail.com/
Catalin Marinas June 14, 2024, 10:57 a.m. UTC | #3
On Thu, Jun 13, 2024 at 08:10:17PM +0800, Yafang Shao wrote:
> On Thu, Jun 13, 2024 at 4:37 PM Catalin Marinas <catalin.marinas@arm.com> wrote:
> > On Thu, Jun 13, 2024 at 10:30:40AM +0800, Yafang Shao wrote:
> > > Using __get_task_comm() to read the task comm ensures that the name is
> > > always NUL-terminated, regardless of the source string. This approach also
> > > facilitates future extensions to the task comm.
> > >
> > > Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> > > Cc: Catalin Marinas <catalin.marinas@arm.com>
> > > Cc: Andrew Morton <akpm@linux-foundation.org>
> > > ---
> > >  mm/kmemleak.c | 8 +-------
> > >  1 file changed, 1 insertion(+), 7 deletions(-)
> > >
> > > diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> > > index d5b6fba44fc9..ef29aaab88a0 100644
> > > --- a/mm/kmemleak.c
> > > +++ b/mm/kmemleak.c
> > > @@ -663,13 +663,7 @@ static struct kmemleak_object *__alloc_object(gfp_t gfp)
> > >               strncpy(object->comm, "softirq", sizeof(object->comm));
> > >       } else {
> > >               object->pid = current->pid;
> > > -             /*
> > > -              * There is a small chance of a race with set_task_comm(),
> > > -              * however using get_task_comm() here may cause locking
> > > -              * dependency issues with current->alloc_lock. In the worst
> > > -              * case, the command line is not correct.
> > > -              */
> > > -             strncpy(object->comm, current->comm, sizeof(object->comm));
> > > +             __get_task_comm(object->comm, sizeof(object->comm), current);
> > >       }
> >
> > You deleted the comment stating why it does not use get_task_comm()
> > without explaining why it would be safe now. I don't recall the details
> > but most likely lockdep warned of some potential deadlocks with this
> > function being called with the task_lock held.
> >
> > So, you either show why this is safe or just use strscpy() directly here
> > (not sure we'd need strscpy_pad(); I think strscpy() would do, we just
> > need the NUL-termination).
> 
> The task_lock was dropped in patch #1 [0]. My apologies for not
> including you in the CC for that change. After this modification, it
> is now safe to use __get_task_comm().
> 
> [0] https://lore.kernel.org/all/20240613023044.45873-2-laoar.shao@gmail.com/

Ah, great. For this patch:

Acked-by: Catalin Marinas <catalin.marinas@arm.com>

You may want to add a comment in the commit log that since
__get_task_comm() no longer takes a long, it's safe to call it from
kmemleak.
Yafang Shao June 14, 2024, 11:45 a.m. UTC | #4
On Fri, Jun 14, 2024 at 6:57 PM Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> On Thu, Jun 13, 2024 at 08:10:17PM +0800, Yafang Shao wrote:
> > On Thu, Jun 13, 2024 at 4:37 PM Catalin Marinas <catalin.marinas@arm.com> wrote:
> > > On Thu, Jun 13, 2024 at 10:30:40AM +0800, Yafang Shao wrote:
> > > > Using __get_task_comm() to read the task comm ensures that the name is
> > > > always NUL-terminated, regardless of the source string. This approach also
> > > > facilitates future extensions to the task comm.
> > > >
> > > > Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> > > > Cc: Catalin Marinas <catalin.marinas@arm.com>
> > > > Cc: Andrew Morton <akpm@linux-foundation.org>
> > > > ---
> > > >  mm/kmemleak.c | 8 +-------
> > > >  1 file changed, 1 insertion(+), 7 deletions(-)
> > > >
> > > > diff --git a/mm/kmemleak.c b/mm/kmemleak.c
> > > > index d5b6fba44fc9..ef29aaab88a0 100644
> > > > --- a/mm/kmemleak.c
> > > > +++ b/mm/kmemleak.c
> > > > @@ -663,13 +663,7 @@ static struct kmemleak_object *__alloc_object(gfp_t gfp)
> > > >               strncpy(object->comm, "softirq", sizeof(object->comm));
> > > >       } else {
> > > >               object->pid = current->pid;
> > > > -             /*
> > > > -              * There is a small chance of a race with set_task_comm(),
> > > > -              * however using get_task_comm() here may cause locking
> > > > -              * dependency issues with current->alloc_lock. In the worst
> > > > -              * case, the command line is not correct.
> > > > -              */
> > > > -             strncpy(object->comm, current->comm, sizeof(object->comm));
> > > > +             __get_task_comm(object->comm, sizeof(object->comm), current);
> > > >       }
> > >
> > > You deleted the comment stating why it does not use get_task_comm()
> > > without explaining why it would be safe now. I don't recall the details
> > > but most likely lockdep warned of some potential deadlocks with this
> > > function being called with the task_lock held.
> > >
> > > So, you either show why this is safe or just use strscpy() directly here
> > > (not sure we'd need strscpy_pad(); I think strscpy() would do, we just
> > > need the NUL-termination).
> >
> > The task_lock was dropped in patch #1 [0]. My apologies for not
> > including you in the CC for that change. After this modification, it
> > is now safe to use __get_task_comm().
> >
> > [0] https://lore.kernel.org/all/20240613023044.45873-2-laoar.shao@gmail.com/
>
> Ah, great. For this patch:
>
> Acked-by: Catalin Marinas <catalin.marinas@arm.com>
>
> You may want to add a comment in the commit log that since
> __get_task_comm() no longer takes a long, it's safe to call it from
> kmemleak.

I will add it. Thanks for your suggestion.
diff mbox series

Patch

diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index d5b6fba44fc9..ef29aaab88a0 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -663,13 +663,7 @@  static struct kmemleak_object *__alloc_object(gfp_t gfp)
 		strncpy(object->comm, "softirq", sizeof(object->comm));
 	} else {
 		object->pid = current->pid;
-		/*
-		 * There is a small chance of a race with set_task_comm(),
-		 * however using get_task_comm() here may cause locking
-		 * dependency issues with current->alloc_lock. In the worst
-		 * case, the command line is not correct.
-		 */
-		strncpy(object->comm, current->comm, sizeof(object->comm));
+		__get_task_comm(object->comm, sizeof(object->comm), current);
 	}
 
 	/* kernel backtrace */