From patchwork Mon Aug 12 02:29:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13759999 Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 346A881E; Mon, 12 Aug 2024 02:30:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429838; cv=none; b=A7WJH9MEmODJn2OWO6aqR7WAJjQpjpXtzVdBhEf2FVfkgfugHinZYqHLaep3pQ6NuJq9r84hFG5nnatI61jZWdu1sFAXhQ9q+AStIQnEmFHfq9zmsZZEu6aNvbQX9ua65Cgx96nlbkdq0p31/jDPChFfIbQ8DC/OawBcNhBag4s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429838; c=relaxed/simple; bh=OtCu8tCLyJLMIEL9JGTrh8+dXoRUm59kHwmUusfOtKw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=Z57MeeZ04yDL3JPyVaHBRRipd8dOdYLtSVABZswWCZs0XF4xDtyp8phkgrDH3mOsEHY4D2JXTN7ZCSzX15yo/X4RF9leWgRx09xN9Gc9HkH96qKlrcLIgR1/NJ0dwWc4EIro0mm+Sg9mw0lVxvjyB//lT5XuF2G9i0HEjzaAxtw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Zcq78NXS; arc=none smtp.client-ip=209.85.215.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Zcq78NXS" Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-7bb75419123so2512622a12.3; Sun, 11 Aug 2024 19:30:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723429836; x=1724034636; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=khhjXbPZMt7GBHDJwocHjgjVouiC9Zx1GPF6Kpp8feU=; b=Zcq78NXSk3Y2x0tkF4TVF5oppcstgDdsM1XcvIPwG5kr2OiUyNa7FKraXpdEPgSisO 0wsI/sSVJeBHLD4nENE5Ci65L4YomaUkJ2vY69aTQL5jx+mPVbJlzd9QFExczl7lfEuk tggcZ930r5EPDk625vS/Gbru+c8obwW/R2LKjvuAcJD27r/jShx455hCfvLVa92eQON7 1/iug/sq1k+aPZe3jPBOJXWr8JNC0EoLk91LdOHkznqpYfG23PyxEleyh2/zhAyYo4KN 2wekbOXrWpI5QTmayoAkIqzFMm6lsAONOW7VxvMqLqXblWZ+rNeeqqZImw0VYh3N+z9e 25SA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723429836; x=1724034636; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=khhjXbPZMt7GBHDJwocHjgjVouiC9Zx1GPF6Kpp8feU=; b=Mbgxc2iinTdP0OCnni3nkIz3Cc8SLRcZWTvjAb1io+ibR2OEtO3aIljZjtpQaFVoR/ UI+CJCO8t4N8MBtfncKrLmIQTUBK5ZxtIa2kYOb8fRYxCFwv/0gs7L9bq8DBxQIr9M0G UfqkN0kpJTGUHUUU9WfOfaVglwXmhIUPIe864GtosNmOEPkxOHpFUdAS9lZ9FZiKmR+c 4nzdR2Yyz6P5HOPK/7LvXLuWGTnsQGZloZEShRRLdXFErXAYN+G1fzl5CPfn4/CN3FEe hftcfvpwTBlcUIXSfb3CA7VtIMwAj6LX7HJnQr7axEces7crlizZg4ujYimDQoxD9DPq Y5aA== X-Forwarded-Encrypted: i=1; AJvYcCVlwaF7NxQAqjTC+U2nP+hYwP2Tw6VO+MZGJeTbWF39jplsek8lXfmC6wZbAJysQtqu5JKj5yv73Z6SFFxHgBPyTe65WdI1boeO5syEjJfuj15qQ7EjIn130W58dpBHIlG7EOOHcX7Hl+vyb0ixFRUbN+Vc1QJ/xXWJbz4UJZm6Ry6CmafUgkn/Igt2BileMgx1zuPYo8XDUrdaDJ5dPVqaAppFDrsxNjt9kQrfwknpxYE7Selhk0V+bzkp4cWHpl4PRTL8DZR1yjpEdpRdW5npGOlXA2eFAeFchWG9LyN6ejE5EsTvLMV94Ond8da3qMuXv7nqKA== X-Gm-Message-State: AOJu0Yzmf1LMm702JKGqwUP4PQCu38LHUM8UuGvN/RangnnJGGoHK5/0 SHwOU/yr4MAHPCdXUMHHe5IsKdb0oqA+RmynoJXD0tp6D++MTLdi X-Google-Smtp-Source: AGHT+IHZ0gPVVBMqlR8AM+LuQyCNFAmVaej1h0WqXQaGCWBBgBWQLJgV4NwTDuyMDp98EgrIiW/RCQ== X-Received: by 2002:a17:902:ce83:b0:1fb:3474:9500 with SMTP id d9443c01a7336-200ae56b418mr67022635ad.27.1723429836312; Sun, 11 Aug 2024 19:30:36 -0700 (PDT) Received: from localhost.localdomain ([39.144.39.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-200bb9fed69sm27884765ad.188.2024.08.11.19.30.04 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Aug 2024 19:30:35 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Alejandro Colomar , Alexander Viro , Christian Brauner , Jan Kara , Kees Cook , Matus Jokay , "Serge E. Hallyn" Subject: [PATCH v6 1/9] Get rid of __get_task_comm() Date: Mon, 12 Aug 2024 10:29:25 +0800 Message-Id: <20240812022933.69850-2-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240812022933.69850-1-laoar.shao@gmail.com> References: <20240812022933.69850-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We want to eliminate the use of __get_task_comm() for the following reasons: - The task_lock() is unnecessary Quoted from Linus [0]: : Since user space can randomly change their names anyway, using locking : was always wrong for readers (for writers it probably does make sense : to have some lock - although practically speaking nobody cares there : either, but at least for a writer some kind of race could have : long-term mixed results - The BUILD_BUG_ON() doesn't add any value The only requirement is to ensure that the destination buffer is a valid array. - Zeroing is not necessary in current use cases To avoid confusion, we should remove it. Moreover, not zeroing could potentially make it easier to uncover bugs. If the caller needs a zero-padded task name, it should be explicitly handled at the call site. Suggested-by: Linus Torvalds Link: https://lore.kernel.org/all/CAHk-=wivfrF0_zvf+oj6==Sh=-npJooP8chLPEfaFV0oNYTTBA@mail.gmail.com [0] Link: https://lore.kernel.org/all/CAHk-=whWtUC-AjmGJveAETKOMeMFSTwKwu99v7+b6AyHMmaDFA@mail.gmail.com/ Suggested-by: Alejandro Colomar Link: https://lore.kernel.org/all/2jxak5v6dfxlpbxhpm3ey7oup4g2lnr3ueurfbosf5wdo65dk4@srb3hsk72zwq Signed-off-by: Yafang Shao Cc: Alexander Viro Cc: Christian Brauner Cc: Jan Kara Cc: Eric Biederman Cc: Kees Cook Cc: Alexei Starovoitov Cc: Matus Jokay Cc: Alejandro Colomar Cc: "Serge E. Hallyn" --- fs/exec.c | 10 ---------- fs/proc/array.c | 2 +- include/linux/sched.h | 31 +++++++++++++++++++++++++------ kernel/kthread.c | 2 +- 4 files changed, 27 insertions(+), 18 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index a47d0e4c54f6..2e468ddd203a 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1264,16 +1264,6 @@ static int unshare_sighand(struct task_struct *me) return 0; } -char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk) -{ - task_lock(tsk); - /* Always NUL terminated and zero-padded */ - strscpy_pad(buf, tsk->comm, buf_size); - task_unlock(tsk); - return buf; -} -EXPORT_SYMBOL_GPL(__get_task_comm); - /* * These functions flushes out all traces of the currently running executable * so that a new one can be started diff --git a/fs/proc/array.c b/fs/proc/array.c index 34a47fb0c57f..55ed3510d2bb 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -109,7 +109,7 @@ void proc_task_name(struct seq_file *m, struct task_struct *p, bool escape) else if (p->flags & PF_KTHREAD) get_kthread_comm(tcomm, sizeof(tcomm), p); else - __get_task_comm(tcomm, sizeof(tcomm), p); + get_task_comm(tcomm, p); if (escape) seq_escape_str(m, tcomm, ESCAPE_SPACE | ESCAPE_SPECIAL, "\n\\"); diff --git a/include/linux/sched.h b/include/linux/sched.h index 33dd8d9d2b85..e0e26edbda61 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1096,9 +1096,11 @@ struct task_struct { /* * executable name, excluding path. * - * - normally initialized setup_new_exec() - * - access it with [gs]et_task_comm() - * - lock it with task_lock() + * - normally initialized begin_new_exec() + * - set it with set_task_comm() + * - strscpy_pad() to ensure it is always NUL-terminated + * - task_lock() to ensure the operation is atomic and the name is + * fully updated. */ char comm[TASK_COMM_LEN]; @@ -1912,10 +1914,27 @@ static inline void set_task_comm(struct task_struct *tsk, const char *from) __set_task_comm(tsk, from, false); } -extern char *__get_task_comm(char *to, size_t len, struct task_struct *tsk); +/* + * - Why not use task_lock()? + * User space can randomly change their names anyway, so locking for readers + * doesn't make sense. For writers, locking is probably necessary, as a race + * condition could lead to long-term mixed results. + * The strscpy_pad() in __set_task_comm() can ensure that the task comm is + * always NUL-terminated. Therefore the race condition between reader and + * writer is not an issue. + * + * - Why not use strscpy_pad()? + * While strscpy_pad() prevents writing garbage past the NUL terminator, which + * is useful when using the task name as a key in a hash map, most use cases + * don't require this. Zero-padding might confuse users if it’s unnecessary, + * and not zeroing might even make it easier to expose bugs. If you need a + * zero-padded task name, please handle that explicitly at the call site. + * + * - ARRAY_SIZE() can help ensure that @buf is indeed an array. + */ #define get_task_comm(buf, tsk) ({ \ - BUILD_BUG_ON(sizeof(buf) != TASK_COMM_LEN); \ - __get_task_comm(buf, sizeof(buf), tsk); \ + strscpy(buf, (tsk)->comm, ARRAY_SIZE(buf)); \ + buf; \ }) #ifdef CONFIG_SMP diff --git a/kernel/kthread.c b/kernel/kthread.c index f7be976ff88a..7d001d033cf9 100644 --- a/kernel/kthread.c +++ b/kernel/kthread.c @@ -101,7 +101,7 @@ void get_kthread_comm(char *buf, size_t buf_size, struct task_struct *tsk) struct kthread *kthread = to_kthread(tsk); if (!kthread || !kthread->full_name) { - __get_task_comm(buf, buf_size, tsk); + strscpy(buf, tsk->comm, buf_size); return; } From patchwork Mon Aug 12 02:29:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13760026 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A850281E; Mon, 12 Aug 2024 02:30:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429847; cv=none; b=quDl86AjjQ3KWhjQ99COqgxly3wQQkR4jXtn7QgRjID81DwDw3xyUZXXDYJdPRksvA4rnDj7u/oX38tRS4gBnAiCnDAMahUqcKD0HIshTWC3h6PsAV3vaBjO1JCFZt3ltW6UGTLz3WNjNFIrQqIk09GGGLIgPlokeCHHmJH6b2k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429847; c=relaxed/simple; bh=beNIuHvBIJLxfeAFVvySA+VczT+Dl/c43xINcvFR894=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=fDRsu2v3uMVxrXqLtpwHxD6rl0IvO/kE89ocvRNOi44NpYFRpwbp7ZyJb8HB+/J6UC7tyipl3Qnb519VHv7ZmIB6cinKL99u4XxKzrY64bd1X2b5Y3KBb+wWCWHdTzf63IbJnNH7SblLW4AKwJ+h6vmc3tcdsHTsneV5RxykPts= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=kHxHfKGs; arc=none smtp.client-ip=209.85.214.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="kHxHfKGs" Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1fdd6d81812so38567615ad.1; Sun, 11 Aug 2024 19:30:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723429845; x=1724034645; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zoIFivrPmimQFCGo/41HPdx35H3kdQIF/qhwBf2evw8=; b=kHxHfKGsr5kw8CkMMAIS0yrNCH4FcFnfgVvbmaRhPHjW0Sum2C1gLawMMuGOQ890sn NK/qBkPSoCK15aWGfzJPZ39V/isK9BQEkEPu6Op1OyLx8iQzFPw+bH+Hy5FWkMt5uiNy pqw0/WOp62qCgMrmgmJlLtlE26d41tbtMmhCzAML7cO4ChHuUozzMLHE7WQxFq7Wn14O ZcAiaEJcJcDEX7JN9K+wUpii5gmKUeexV0/nsezZy6k6A1tAmAPO6STeLSowxZh6yq3r sqykaBSpsUJS3veuOXDy0bFY4ZdhlxM1mB1VOUzOOIAMZW/SpM9oaoK3qv+zP+141Y9R 5Bcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723429845; x=1724034645; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zoIFivrPmimQFCGo/41HPdx35H3kdQIF/qhwBf2evw8=; b=AaLImuWhftyrSDVZ0Alnrj0RqwvGDvXaf5UBx4uuFKjGqFdn/sJDIlMAxAaeqGrMal Nmyodk7PdZJtMhUewacHTCZ0fQXH8+SkQe3ZNyuXSC+jXeEvKehvjYFux6/Wlqku+LrP OYS6q57wajXWLW+CqZ8qB6fqmwxTapvRREG2vFoUEId5jKtmsE5vAod7JOt5FqYqZjEx RWN4/axJ/zUs/nSvwmTuBkUxCJ0BBOaiAiobpfESlbkBs+pDmx+V6Od9ZiHIYCK9MUFZ UyARWEW6FAgwGF2szjA7KDtT1pKX5JfodKxBD/4wv+g73YasantgpQCUSY3pDtmMb+Yj v7eg== X-Forwarded-Encrypted: i=1; AJvYcCUshc3eLOVUtCnYNIDzJWg1YzMKre0IUxIyUQCzVRP8Pqw6yZMGOlwUD8RpQsGh7V+zproej16qQMCg1aAlSOrAHDb4/kPnpqjm3OaiiwK51HaZsGSINWCPtDcWCYiFov/pRqNa8zx9AdFyXS31oz8o9dxNVHnaJ+DWgRAwMzef4HgQY6xIxCUgQVcqb3MST/nXx8B8nesxCFi7QWTciNodumnfhdPMlmpzevM7OEu4SjUATbSN9BMOYLY6Uj/K2AiZW0RzbqfSTuefwkerplk7WipONaGiNnSF2hfYru+bKfTRCqrKHrhpN519CalZD9wyGaP3YA== X-Gm-Message-State: AOJu0Yx7AMkay3EvFzUcXXf4yVtqDhNPpctBoh8HoCUnRgGqLzZPlXyh KiOrmOp7MhI9bu913iyb+4q6faCDmVJbIqv2dYMSHcbIVpdrr44S X-Google-Smtp-Source: AGHT+IHsiTPfsy98RJjC8wpBNmaXvnlNH5fflWZLUy6tj95HlXDW+LhDZRUML9DQTQa1nKZJvXQLvQ== X-Received: by 2002:a17:902:db05:b0:1fd:a0e9:910 with SMTP id d9443c01a7336-200ae5e811amr99536005ad.62.1723429844807; Sun, 11 Aug 2024 19:30:44 -0700 (PDT) Received: from localhost.localdomain ([39.144.39.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-200bb9fed69sm27884765ad.188.2024.08.11.19.30.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Aug 2024 19:30:44 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Paul Moore , Eric Paris Subject: [PATCH v6 2/9] auditsc: Replace memcpy() with strscpy() Date: Mon, 12 Aug 2024 10:29:26 +0800 Message-Id: <20240812022933.69850-3-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240812022933.69850-1-laoar.shao@gmail.com> References: <20240812022933.69850-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Using strscpy() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Acked-by: Paul Moore Cc: Eric Paris --- kernel/auditsc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6f0d6fb6523f..7cbcf3327409 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2730,7 +2730,7 @@ void __audit_ptrace(struct task_struct *t) context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); security_task_getsecid_obj(t, &context->target_sid); - memcpy(context->target_comm, t->comm, TASK_COMM_LEN); + strscpy(context->target_comm, t->comm, TASK_COMM_LEN); } /** @@ -2757,7 +2757,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); security_task_getsecid_obj(t, &ctx->target_sid); - memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); + strscpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2778,7 +2778,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); - memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); + strscpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; return 0; From patchwork Mon Aug 12 02:29:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13760027 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 01E9B81E; Mon, 12 Aug 2024 02:30:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429854; cv=none; b=me4XwwYI7u7iqtkHjAG1Sl/Qr3r0neue1MKuo5FhzMUbP2ikOegqggOKxtRqZCLYy0ec+VJ5e+GL7iCMrWEXJPiAsf5p17rIF40QwOSkvH3qLrrX+v9Thj9JJP8H1XAxKERv4LgTjw5s1rBf8945UvLzoPpGsF3HyJ/IjG10nR0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429854; c=relaxed/simple; bh=rwrleKkI2X7xkAWyZx450l1EJ8jX7PhBhqgve4NEBXE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=a7okdaSXtEknVLGmb0ZYGpDEeOmSrPw9nweuSM2NQ/HFnOmXhh64x1htJjywMsmucYfLBNuOKepjofMn7jX2uF2TGL4LmpsG95NoQBiO2Q/U1VBUd7gWuj+hvmYWKwUfjfwlTRglgj11AfREgetfDB0zzOSOsViDeRs4/PJm5m8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=j+PHNP0C; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="j+PHNP0C" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-1fd9e70b592so28944085ad.3; Sun, 11 Aug 2024 19:30:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723429852; x=1724034652; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=9Po06JAJWHpcwq2qZykUbq7VkC01v3704cEIBIqD0N8=; b=j+PHNP0CPKK5LdgpBFwuQ9QDc+WZtYBMA/El+MsUI4t3tJhwtPGJRGCPwWm4Bc3IKb OvugZwIOPWGPj+iQClMkyhDfaEek25twphoD/egC2wk17EmSIzcbg5XAPWKf8xoWhqfV f5KHnHNWY1F9ZZSALwb9MFOO9NsBEJp4DbrLsbaIIgAFiPYeOUy7BGAg5uLMllZLwPfB tfscKMWIseNJvaEVTBjBIyAVnQ5pelDJS8csZojSbHlYki2hh5drduetklwx/LZl1OvM EKGD6qqHJkv2cBNwCnPm5O6GDtJGgkesui3kroTxbwPZu6mzATRtMeYZJ9xzGFWQj+jd 5Y1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723429852; x=1724034652; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9Po06JAJWHpcwq2qZykUbq7VkC01v3704cEIBIqD0N8=; b=wrlILDBoVp+Cxv4Jay8CZRxMBa1zIrUzAkblyCe2jtYISHNGVbg6EpYh/9aKc3N7EW A0OhlIGcu8Xp8OYw8gjFr79B8rwSKcQpbMNdgee13nY53rLh8uoK4F9cmWWZ5VY/3Lqu YZwDaC6+l7LQDDXyxZOKFENQZFpEBE9HAKwASPlc8fMuQ5psCvZiNxy7aWUTk8rVcn5l nHWjJv9W/QMvbMWXvX6ZXXiyRNK6fWx9eKzDMjclO7NrasL9XvFeHdQe71TWYOWpbAjY 7EMjP682F5Xf7n5LE7vxqaq1BWzLBmLAkiXOvf6WwtgmZ9idKy4mG7WYJM4gs0WP1vHU sESQ== X-Forwarded-Encrypted: i=1; AJvYcCXhDOhoEzi/OR2KOk+Hy2FX1unLFEgTQdgcuJGORfcsIe6z9wR7vVIWn0WqGYFwKFH5WH8RrOVR2xTUbRZ5ygxqcmDolq9vuPYnc6cJFfrAk5dU9rxoIFr0go8y5HEwUCXBgq5+OMyGnR8vXfotSOsVhevY42U0RcYEDlHnNRUap45zgbYfFe79IJIjMabWlGUqJ8B4NSgF+nXF4rL0+Dv/qPfsM1nY1UU+MA4NTeZpgzeKO/AdqMMaha9B3kEywzTnMrC7b9dat2bM3DfyN7ulLbnJz7fnJ+4WKGH0jTlk2z6kq2fTfq9lDEFx/XZdFVCtJ5LJsg== X-Gm-Message-State: AOJu0Yzfz20sv7U6HKNW/Ie7KdeLt54pIhQWmaLkehQAvqlQjXPK2Kyl 3yfTVNIp328S3nv0ASu6LgYc15LZDP2GGPaAucT23gq9SGcw33BB X-Google-Smtp-Source: AGHT+IE1xZMlHs3Cuw2myWpVVx1UE/beU7sYLAE8S60uxm8E0L6tTVwuNzgTetxBMMEWFVehNVy1XQ== X-Received: by 2002:a17:902:d2c8:b0:1fd:8eaf:eaa0 with SMTP id d9443c01a7336-200ae550a83mr99817585ad.38.1723429852169; Sun, 11 Aug 2024 19:30:52 -0700 (PDT) Received: from localhost.localdomain ([39.144.39.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-200bb9fed69sm27884765ad.188.2024.08.11.19.30.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Aug 2024 19:30:51 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Paul Moore , James Morris , "Serge E. Hallyn" , Stephen Smalley , Ondrej Mosnacek Subject: [PATCH v6 3/9] security: Replace memcpy() with get_task_comm() Date: Mon, 12 Aug 2024 10:29:27 +0800 Message-Id: <20240812022933.69850-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240812022933.69850-1-laoar.shao@gmail.com> References: <20240812022933.69850-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Quoted from Linus [0]: selinux never wanted a lock, and never wanted any kind of *consistent* result, it just wanted a *stable* result. Using get_task_comm() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao LINK: https://lore.kernel.org/all/CAHk-=wivfrF0_zvf+oj6==Sh=-npJooP8chLPEfaFV0oNYTTBA@mail.gmail.com/ [0] Acked-by: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Stephen Smalley Cc: Ondrej Mosnacek --- security/lsm_audit.c | 4 ++-- security/selinux/selinuxfs.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 849e832719e2..9a8352972086 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -207,7 +207,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current)); - audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm))); + audit_log_untrustedstring(ab, get_task_comm(comm, current)); switch (a->type) { case LSM_AUDIT_DATA_NONE: @@ -302,7 +302,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, char comm[sizeof(tsk->comm)]; audit_log_format(ab, " opid=%d ocomm=", pid); audit_log_untrustedstring(ab, - memcpy(comm, tsk->comm, sizeof(comm))); + get_task_comm(comm, tsk)); } } break; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index e172f182b65c..57e014ff3076 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -708,7 +708,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, if (new_value) { char comm[sizeof(current->comm)]; - memcpy(comm, current->comm, sizeof(comm)); + strscpy(comm, current->comm, sizeof(comm)); pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n", comm, current->pid); } From patchwork Mon Aug 12 02:29:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13760028 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4593381E; Mon, 12 Aug 2024 02:30:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429860; cv=none; b=TrlfioQk2QXDi8ZFFf9uOl0sPahKnML1sspaFPnKAfmhnE/O4cDqj+ySDBZyyNLnxLZwSi9KSN6KKopo8xlFWb57to0i2Sl6lu0iqfXzH9lkk3PQb/Zz8efEBpd4B57gDk+99e4lRKmYwxBwg8slB10vGKga1IbygVS6IAgtkCo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429860; c=relaxed/simple; bh=56ESQtaoBbBqZU/saKgTljkr5U/isylgWUhSQpUUDZM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=I3wVDjbBpyQH81tAvDfKTCrydZkWhU1GxL4VUfdML/l1KCIVf1WprbK7/eIzV3Dz9e6h8kL9IphuMiUqQM1JRwnd1w0YPDiC+bU87lD2K/PMn/CJNnQMOlK3Ol7qv6bRiIcDIlfMxG/s192KvgpkpwlxAZ27X+ncs9MAJj57ybQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lkhJrdke; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lkhJrdke" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1fc5549788eso35532125ad.1; Sun, 11 Aug 2024 19:30:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723429858; x=1724034658; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QQdkC9XISn7BWPlTE5/iE7aUj/L2jeLonKoaBsbNpS0=; b=lkhJrdke0FaFrel8b3Eq4wirXXx9WWd6Nsbc3heR8IjNIpnvn2d5DivG6L61VSAAKe fUT1rY1JSueyP5JhTYnkY0XHXK3XGmL35bLM38PWSqabiQ1LQh+uBBPaY4En/I9fadTz V5oC1KGvI5j25X5+YkXlFcF2MtTbFWgUdcSp9//BqlXJE/SjUH25CenLeahjQTWskpWQ +V2TayO18+JFg0iBdxj+3wWe4vdfR3Q9Udf2BkZawUxeCEXkuoVStsrTHN3TJJ9X5310 e0lEw9DhX1C9Y0iI01JWFzUCVUCqARrl+Wnorv0PoKi73QzNtQivWV1yaum4H/daGhIP unsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723429858; x=1724034658; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QQdkC9XISn7BWPlTE5/iE7aUj/L2jeLonKoaBsbNpS0=; b=iD2CQKz5sqhpR0zSM40lXr8QaN7iSaHuVP8yqD2blZLyovWiwVXilA5d8pUoGkc81g Kf5+33K6l676RkUkz0jwRP7OpHCBhL80PvrDXUixAs3Z2MswdHs/wxJ+/M4x5jRUYZNX NA63bLZaemuVbwAf+hkDB3HBs5EuLB8pUONMkd9bVA9w5cOt95Tu0UJCo0c73dxJASs2 hbLxlLmS8tn+YctMHAc8e3/UhTv9I2YD8kPBIlJ8185nehYT585pNFX4qRQsLV1uKtQ8 leyQtMYQdrarhlnhB0Bpgh2SEq8/CI4b7s0v8LchogFBbIHeG7jPo+2KTqJ4wDgiXTKW DoIA== X-Forwarded-Encrypted: i=1; AJvYcCVqqnQ+Hmel69ZHmB85LqUzhKyuaujXK6iSYJFZY9yL4xHvYO8YIOAOk4Y8OiUTeI3kuq/EkYUBCQkcKj8005GtBofInegZjSiyFWVl96CEJMdskuAwCypeXAmI5u6A3wkQbvtiYDYMdDReDzlTkxDg2ImAi+JCfdmoF8HADcD6B01Lw0lES4NBkWST/9IYppwuejux1mRuILKuY/aOd6EKNj83p5eFpy7YpyX1lQ81UhGmXiqGyAl94e6QW8Imtk0LDPe7RX0LcstyDD1rLNC3FKXJjzxwqammlyD54bxZMEn4N7ZEaNBxhcfjPPELuMjF4S1vBw== X-Gm-Message-State: AOJu0YzxQ7vO2hY7ZRIunl4WLNK7CPIqhVAB1bOaTzWjcsvAmPHptD3C qw3EAuQ/v9+1w9EIgXtZeFLaLL1bwWIpx2aKvjH7ueA/2rPZkq5S X-Google-Smtp-Source: AGHT+IEa9lv8MoV6zk/9zF8wCzjKsRZm15PR0yRidIjcflgd8FgwO2+8+6fP26BlJQqb1WyA3rzQJQ== X-Received: by 2002:a17:902:f54b:b0:1fd:d7cd:ee53 with SMTP id d9443c01a7336-200ae540e2fmr93875475ad.28.1723429858561; Sun, 11 Aug 2024 19:30:58 -0700 (PDT) Received: from localhost.localdomain ([39.144.39.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-200bb9fed69sm27884765ad.188.2024.08.11.19.30.52 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Aug 2024 19:30:58 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Quentin Monnet Subject: [PATCH v6 4/9] bpftool: Ensure task comm is always NUL-terminated Date: Mon, 12 Aug 2024 10:29:28 +0800 Message-Id: <20240812022933.69850-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240812022933.69850-1-laoar.shao@gmail.com> References: <20240812022933.69850-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Let's explicitly ensure the destination string is NUL-terminated. This way, it won't be affected by changes to the source string. Signed-off-by: Yafang Shao Reviewed-by: Quentin Monnet --- tools/bpf/bpftool/pids.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/bpf/bpftool/pids.c b/tools/bpf/bpftool/pids.c index 9b898571b49e..23f488cf1740 100644 --- a/tools/bpf/bpftool/pids.c +++ b/tools/bpf/bpftool/pids.c @@ -54,6 +54,7 @@ static void add_ref(struct hashmap *map, struct pid_iter_entry *e) ref = &refs->refs[refs->ref_cnt]; ref->pid = e->pid; memcpy(ref->comm, e->comm, sizeof(ref->comm)); + ref->comm[sizeof(ref->comm) - 1] = '\0'; refs->ref_cnt++; return; @@ -77,6 +78,7 @@ static void add_ref(struct hashmap *map, struct pid_iter_entry *e) ref = &refs->refs[0]; ref->pid = e->pid; memcpy(ref->comm, e->comm, sizeof(ref->comm)); + ref->comm[sizeof(ref->comm) - 1] = '\0'; refs->ref_cnt = 1; refs->has_bpf_cookie = e->has_bpf_cookie; refs->bpf_cookie = e->bpf_cookie; From patchwork Mon Aug 12 02:29:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13760029 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A070681E; Mon, 12 Aug 2024 02:31:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429868; cv=none; b=rs/oqMxh0Ee3HLdlghP5LvUa5y1o8P/4U/lhu6DBpdKm6IR6NhYvik7hmUA76o53hHJRumVpUExcmi+ebBXeBmZrU06sRtomLetwQzrpxl8jeB7p82rfNCKU3pQ1dSwttuXpC3nXddd5DWtcM5hSwcbUsS25/F4xgNOBSf2P5+g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429868; c=relaxed/simple; bh=ads9a+vJAdf3fW1daUgzeFpk3FAtZrgaeqt3aAf0isQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=m3Mdp6cQB16sM4isO5dxeyHZeuEoTMqXTpZJ/A6fqvF7KruI+GuyINEx8Q/N0kaacLTVOKer2IViYVQoet7mbdEPxLS+PWKvf62v/gGXj/9h8P18qRXOorfA5MmpoOOpDXVnl1Yo1WbQ6l/DSDI4TDdG46l8jPkm4Dplhb5BKEc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MJEx7Rch; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MJEx7Rch" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1fd640a6454so28754745ad.3; Sun, 11 Aug 2024 19:31:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723429866; x=1724034666; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Dg8K6fIsZQLFiS7Xpg/1YZlm81yjN4oHJWyrWmInMGw=; b=MJEx7RchUXtd2X0ZD9RP8/gt4Bt8NYNwbgrN0Jrr00AWwWhUrLiIUXB62M8pwrwPZU Ox7FFs0W144uXLhg4OfGJ5wVUL5JrlvFdXQz40MQa3Jv+AsIdY8nLyTgwpPnllYkhaO2 nLgCu7kB9teV3O2tFWmyKPzq17Xj3hf2jyKm+Miqi2FBbDN6wdmeQV4H+uW8mhWFefgH 20ZwEtLwJwrDgF/yvrD4yZJ/G2C71vHVAH4ehaduTz2vXaGgos0H+jTyuSN08HGpFbE0 GCYXRabEW1ohmLBNTA4ZTj+/UxB1Uey8Eb4+wTGzx7xIUmFnECw20ApmTZPFayfeGw2N e8ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723429866; x=1724034666; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Dg8K6fIsZQLFiS7Xpg/1YZlm81yjN4oHJWyrWmInMGw=; b=Fqkv7koM6sYNPm+9IRdQrDe02dtFN3uFScc3+sxX1uomkGUselcdHWmxWBHYv/FiWQ vRJ+vn5fMhx5ZdvA/VT0DVyiyPYK+Bu8KbyhQQ6t+yMyWkpUAzoVlOkiX1Q7rEoN7G0O o3mDBCUxY8utCq1Bp9DISki+7fSmrvjboX9RWylIOBo2ASkECBZaNBrrmh155K3JJ6zK CsBtLEwkyhsgkiwoqEdTGCyUqdJMF3px0PzQG16blfC/CZgc+St0eLxMh2psNE8jzjdS oZAka9fxZX6LAEMQ54VpPMDyuWy8+LiZ5nYeR9AD8VA3W0dWBEjC2591ZGiuwjPzhmcL Jftw== X-Forwarded-Encrypted: i=1; AJvYcCUHz5DNPikUz6vnpm9ciVLAoqOZiRBwjbiqPbXa6qp9RQvWtg+pT8vgGEulTfwau3CVIZkiy2t7BkJ8TWdmk+MmvbkM79MBClauTVYlDXW8QNuCObJFk6ya2U8bsESZaR4pLHirc5TskSpaEDC0wdtC8YJ/kP2lZDiud8rjmAzBqoxoKvniI0+WZIZfdDv+7wesmy+ts4+2KhOjFBXr3ZtXaLROYpNa+Ee1eNa9K1kr6e8TNqVVi34eZf8NGnv43e+w23Tax5ZAhat1LWnaiN0oEA8sqmLThR3vyy4UTWKegp79ngVfacWf3wEsMxnzoTMnAqs0Uw== X-Gm-Message-State: AOJu0YwFb/F3RVrzP1XuL5VRb6uM3LwTChVqIgAza/LRZ/us3MMplv8Q hmDlnXsb0Pu4apEay8/1WuccyAMfe+sIyU2LAwGCVaMXO18kjv6P X-Google-Smtp-Source: AGHT+IGpTCkxya5k7tDP0eeWIg02IZrGkBb+Xs7WqcLI3e7hWnKKPF02puCEAAGLT4aj9e0Erpx/iw== X-Received: by 2002:a17:902:cccf:b0:1f7:1655:825c with SMTP id d9443c01a7336-200ae5a8934mr50792845ad.36.1723429865812; Sun, 11 Aug 2024 19:31:05 -0700 (PDT) Received: from localhost.localdomain ([39.144.39.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-200bb9fed69sm27884765ad.188.2024.08.11.19.30.59 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Aug 2024 19:31:05 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao Subject: [PATCH v6 5/9] mm/util: Fix possible race condition in kstrdup() Date: Mon, 12 Aug 2024 10:29:29 +0800 Message-Id: <20240812022933.69850-6-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240812022933.69850-1-laoar.shao@gmail.com> References: <20240812022933.69850-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In kstrdup(), it is critical to ensure that the dest string is always NUL-terminated. However, potential race condidtion can occur between a writer and a reader. Consider the following scenario involving task->comm: reader writer len = strlen(s) + 1; strlcpy(tsk->comm, buf, sizeof(tsk->comm)); memcpy(buf, s, len); In this case, there is a race condition between the reader and the writer. The reader calculate the length of the string `s` based on the old value of task->comm. However, during the memcpy(), the string `s` might be updated by the writer to a new value of task->comm. If the new task->comm is larger than the old one, the `buf` might not be NUL-terminated. This can lead to undefined behavior and potential security vulnerabilities. Let's fix it by explicitly adding a NUL-terminator. Signed-off-by: Yafang Shao Cc: Andrew Morton --- mm/util.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mm/util.c b/mm/util.c index 983baf2bd675..4542d8a800d9 100644 --- a/mm/util.c +++ b/mm/util.c @@ -62,8 +62,14 @@ char *kstrdup(const char *s, gfp_t gfp) len = strlen(s) + 1; buf = kmalloc_track_caller(len, gfp); - if (buf) + if (buf) { memcpy(buf, s, len); + /* During memcpy(), the string might be updated to a new value, + * which could be longer than the string when strlen() is + * called. Therefore, we need to add a null termimator. + */ + buf[len - 1] = '\0'; + } return buf; } EXPORT_SYMBOL(kstrdup); From patchwork Mon Aug 12 02:29:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13760030 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D008E74BE1; Mon, 12 Aug 2024 02:31:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429874; cv=none; b=ZENwWoD16X+9jGg8vZzREgbZhpk5eUT78ChMtEou/Hs2dV3q4wzWyzwv0sqDvPLSoPRv4fyIgQPEp0swubLDar07XuvWgt6CkYEzZ28kkeR9tAKgDwiHtrZdnJLKL0xvV2ua9D+W87kutsGOUsFRgWM7sGkFAeb/nd2EWalywC8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429874; c=relaxed/simple; bh=5WV7uCuVFeiQhB6uPkorf9Ro8xX/Kt/wufZ1+PzCENI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=PKWR8fCZfcNV5+Nc4S0KKe/nNJ4a2Uf8B8XuhlH/6OybtzLSIK6uI2/X0qCo7JFSVHiq0IJZ7t2X4uFUVr8nDZ+BsdOZ4+O8TyBBoTBJH4Hr9ByilSVudgzE02i+WyOen6OCWJCHTMhbB1/h52sPQVEL8QIZ+Vp+M5p59t2YdJQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bhQEtGVL; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bhQEtGVL" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1fc569440e1so35476085ad.3; Sun, 11 Aug 2024 19:31:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723429872; x=1724034672; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mY4VRCvd9L4i067FYJCdAQbgb2obGf5r9hy8hsyaNQ4=; b=bhQEtGVLkFkmefwPn+/1+jt/l3pbsvjwUrQaOCbqFiFAA+CqnxXCchq+D4mfIV10/c wQ/MN/kOdKF4NZghZDZx0XkOuBGAVxtYL/OGLze4F1Z2wGqjd8o+PKiqwungGFKXMwhA 0SdPDKImAp2aRmSwt0jI93DeMDP2F+zzmCjv1TU8zScy9UnHDoLjgZx7OZDKOemoD9eM YqcTZBtFezeITYfQUh73PBB77FIxMKhd1jdt3s2ZTSHmNnSzrDdg4x2Z981liyf705oP vHALtYofgQxVVfvYRNPLUe63q4b7cmh8VTrL6rSAL6HcQYqFysNs1U7mFEk2p16uIuFH PcMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723429872; x=1724034672; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mY4VRCvd9L4i067FYJCdAQbgb2obGf5r9hy8hsyaNQ4=; b=GOlrVEWeDUicTKfwrgtF54rLQZ04Ym+B8TutwJ/VeWI4XUwJzkTY1sr+r1xUX/Srrm 0QYIyQt7o3qdon9Pn5n3ItgvTrudULzm9+FX9JceIHh2G5WuHAI3dfuP7qqqabF9/z60 RrxmC2BTst/4lLIVuh2eSgkG9weei7gkHfnyKRE4T+d0IskO19sIP9BC5dJ5Q7BQBZ/z e7HkhovZgfTue961+a99t1Q7mfuG60au5F/noow6yYXERtrJvl3oDWc7Spr8M6e5CQ6K TlcyObaBpKrFJsAE+vJvEwKwQDZ+roidGz4GNiP+vJ7vyJBZ/2HS9ndBrwSbJjK9yT3W PTcw== X-Forwarded-Encrypted: i=1; AJvYcCWKGXjkBifeIfhz8abWPJayuKIUuoXq+IZB32Tnyn1rmUDlvmp+trVADyD7deUVgWiQ0acpO1WAZNUmRcF7BdNJZT4cT9doaRHKNkJ5jv8S4HxPN+CliQf2RGDLRSMy9fnNfdKPJ5EBktWKnGPwdO+/3WT4RdMrHGgiCtlN7Q9a/juefgOz1lIlACCZA1AUM/PlvuF7nkETDHp53VBa4pPFGP8/uSDP2AqYvxwOc5GrKVfNSYL39q0a4p4qI3CMQLakfFAgh04G+/nO5x9BGWr3MyovdbuwYEA6JOorOG8S/KQaU4FlU+NXxtS4QuWX/XJQkB+KPA== X-Gm-Message-State: AOJu0YzR3DHAMvsx07z9uu3CNHXN26+vkqlIlrjoL00EF3d3SYWoOFDb 5FkZr8qhQITgpyPIOn0Swv/u/RrIlDLze3WAYQi2fMZCVETRKVhk X-Google-Smtp-Source: AGHT+IGDYbe0RTpouvyRH8j57LNI0ygI4N2QpIwMJo/CclCqBa2C0H4JAnlCXTMiS2Sh5vz84U44EQ== X-Received: by 2002:a17:902:dac3:b0:1fb:48c6:a2b0 with SMTP id d9443c01a7336-200ae4dbc8amr93864745ad.5.1723429872026; Sun, 11 Aug 2024 19:31:12 -0700 (PDT) Received: from localhost.localdomain ([39.144.39.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-200bb9fed69sm27884765ad.188.2024.08.11.19.31.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Aug 2024 19:31:11 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Simon Horman , Matthew Wilcox Subject: [PATCH v6 6/9] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul} Date: Mon, 12 Aug 2024 10:29:30 +0800 Message-Id: <20240812022933.69850-7-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240812022933.69850-1-laoar.shao@gmail.com> References: <20240812022933.69850-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 These three functions follow the same pattern. To deduplicate the code, let's introduce a common helper __kmemdup_nul(). Suggested-by: Andrew Morton Signed-off-by: Yafang Shao Cc: Simon Horman Cc: Matthew Wilcox --- mm/util.c | 67 +++++++++++++++++++++---------------------------------- 1 file changed, 26 insertions(+), 41 deletions(-) diff --git a/mm/util.c b/mm/util.c index 4542d8a800d9..310c7735c617 100644 --- a/mm/util.c +++ b/mm/util.c @@ -45,33 +45,40 @@ void kfree_const(const void *x) EXPORT_SYMBOL(kfree_const); /** - * kstrdup - allocate space for and copy an existing string - * @s: the string to duplicate + * __kmemdup_nul - Create a NUL-terminated string from @s, which might be unterminated. + * @s: The data to copy + * @len: The size of the data, including the null terminator * @gfp: the GFP mask used in the kmalloc() call when allocating memory * - * Return: newly allocated copy of @s or %NULL in case of error + * Return: newly allocated copy of @s with NUL-termination or %NULL in + * case of error */ -noinline -char *kstrdup(const char *s, gfp_t gfp) +static __always_inline char *__kmemdup_nul(const char *s, size_t len, gfp_t gfp) { - size_t len; char *buf; - if (!s) + buf = kmalloc_track_caller(len, gfp); + if (!buf) return NULL; - len = strlen(s) + 1; - buf = kmalloc_track_caller(len, gfp); - if (buf) { - memcpy(buf, s, len); - /* During memcpy(), the string might be updated to a new value, - * which could be longer than the string when strlen() is - * called. Therefore, we need to add a null termimator. - */ - buf[len - 1] = '\0'; - } + memcpy(buf, s, len); + /* Ensure the buf is always NUL-terminated, regardless of @s. */ + buf[len - 1] = '\0'; return buf; } + +/** + * kstrdup - allocate space for and copy an existing string + * @s: the string to duplicate + * @gfp: the GFP mask used in the kmalloc() call when allocating memory + * + * Return: newly allocated copy of @s or %NULL in case of error + */ +noinline +char *kstrdup(const char *s, gfp_t gfp) +{ + return s ? __kmemdup_nul(s, strlen(s) + 1, gfp) : NULL; +} EXPORT_SYMBOL(kstrdup); /** @@ -106,19 +113,7 @@ EXPORT_SYMBOL(kstrdup_const); */ char *kstrndup(const char *s, size_t max, gfp_t gfp) { - size_t len; - char *buf; - - if (!s) - return NULL; - - len = strnlen(s, max); - buf = kmalloc_track_caller(len+1, gfp); - if (buf) { - memcpy(buf, s, len); - buf[len] = '\0'; - } - return buf; + return s ? __kmemdup_nul(s, strnlen(s, max) + 1, gfp) : NULL; } EXPORT_SYMBOL(kstrndup); @@ -192,17 +187,7 @@ EXPORT_SYMBOL(kvmemdup); */ char *kmemdup_nul(const char *s, size_t len, gfp_t gfp) { - char *buf; - - if (!s) - return NULL; - - buf = kmalloc_track_caller(len + 1, gfp); - if (buf) { - memcpy(buf, s, len); - buf[len] = '\0'; - } - return buf; + return s ? __kmemdup_nul(s, len + 1, gfp) : NULL; } EXPORT_SYMBOL(kmemdup_nul); From patchwork Mon Aug 12 02:29:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13760031 Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9706B79CD; Mon, 12 Aug 2024 02:31:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429880; cv=none; b=JNliJ1Cycyo6ut2jkp40OXiqIC5niQvDaZ3/KuoqRJ8fdY+NSzgwPaPI/S3fwR19ilcmsPuIZ5cQu37S+7JKDJ7eqYYVgZf1nD7cg7ct9sREC/pQ9ulDVnemvo/UXKksj/thBXB5U7lTZx4I85YNtOegjk6rZ7hja7ONotQnx8s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429880; c=relaxed/simple; bh=elilKSeW7RC/r2eDi1ZiMc5m3lD+uUhK1+n2V/KSBmM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ET+PtF6OeL8gPUj3YO8KM3XqGAWwyPtLPJUXksljJv/dPk5ALH2c0TP73uwgVpynxNKFNQbxUV0PvsVJBaZ/Mk3BD5AO9NckEhQnbS6K5MuyR6TLOIMLy1IHZOhUJdI2CniC0YmXHbp5N1i1Nvt/qdwIOwQgHbwbboW3dfhj14A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lqepQF8E; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lqepQF8E" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-1fd9e6189d5so28754945ad.3; Sun, 11 Aug 2024 19:31:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723429878; x=1724034678; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qdEfItmwefU07w76SDkXtsO/LaxPCVZAR+StHmo8iTc=; b=lqepQF8EvumDl8aj1vFqEbEkxLbEaG8Dk+q6XyYqBov5SOKvuiw7t85CzJYyfOv/gp S5XnzO3lhTO4WqlxMBVBPQ7wpeUFRK5I6mfutEwqDJKYJPSwzSk7iVN2Gqv2zDV68ksQ OW4eMTCLfXwXoQMxdocQhIOnaHcjk0r5vcOCcXmmklioXsT4o006MEZZTYBNc7inHbRN zGQg7oSQIL9FUH+syfzh4hnFqHr6sEYi/2s57CaN052fsWAX9irhlQDxLs43795OiRwT BQYx7YRgHdbUl1egFvlr3M/Vnaaxh9Mm0uwKF9xcIuHyEgU+OG98FrVbrKSeiDLhFxsl yRKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723429878; x=1724034678; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qdEfItmwefU07w76SDkXtsO/LaxPCVZAR+StHmo8iTc=; b=xMik287QhAJGVjULEGXDLXp4br3iAcTgwySRmFL9R4ujrvIzC2xllQwj3tc6MjWFOR MZQwAGC596dwJ5M4/Tz/Wj7l0gq6ESsAlf72al0eaA6W1uY8uuolGnxZsGcsn4wciRu0 XdF0zMeTPJPD5QT5T4CApNpQ8SdRrPrAuEM2Ws0t91djAZVPseOsNy/cbojWGZShh5Va C4FMGJSbLOPiDCRT3iBvVqNCAI6P7+3akW/MNg3FUc1T6bFBw7dkBed3CHf4nq23w2si kK1cPY2V3jiqBWuzxJPF1+Ex4qC+HN67PWjwx3wjmvO5HmKIPdgG4oPWOKYMwnnuZK/V X3PA== X-Forwarded-Encrypted: i=1; AJvYcCXSYVWEsfW8y1krM1q62iIxZ/8c5jjj/uCqAzTvq4lit4Vl14aCBJ7EJ2zg0VYT9KIsTbweu4UVYxf7B12eSwfAuFh3OjNL5unuvYWJiyfBJxtCLCfCb1/uepkRwmDj18nFInyak8veAtErJGGW/io8IiCOVBGPA+dST5+X5DxoJhPMMVpl4xSh8KFPD3mffMo2ZK42sp484MLjBnkWFwtFIujGVG2gmSlckR0C2oUintAeUz3pADcLgoxnqXgGScieTvNgDJndaPvWF8R4N5sAYy9f5IanMudUYshfcnZE9i7bhYGGPSJJ3+3NZY1kYdxQ/LNgow== X-Gm-Message-State: AOJu0Yzdv0F0WIklJ5AQjcH3Nr9IuB+jhu6knBqP9iPNg4KtsRSujU9Y n3Mq+PeJfCOI2onW3eyez06vmtJfSnM0SrjrBAeCWdWC4JipOQDd X-Google-Smtp-Source: AGHT+IGvMeJ1WDvZRyKICOlWBdf489ybDgp4ZGppLiFztYYS3nDRhT+W8sx80+j2UnrjElUuwI0I0g== X-Received: by 2002:a17:902:e804:b0:1fc:57b7:995c with SMTP id d9443c01a7336-200ae4dba44mr56315805ad.7.1723429877770; Sun, 11 Aug 2024 19:31:17 -0700 (PDT) Received: from localhost.localdomain ([39.144.39.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-200bb9fed69sm27884765ad.188.2024.08.11.19.31.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Aug 2024 19:31:17 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Masami Hiramatsu , Mathieu Desnoyers Subject: [PATCH v6 7/9] tracing: Replace strncpy() with strscpy() Date: Mon, 12 Aug 2024 10:29:31 +0800 Message-Id: <20240812022933.69850-8-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240812022933.69850-1-laoar.shao@gmail.com> References: <20240812022933.69850-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Using strscpy() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Acked-by: Masami Hiramatsu (Google) Cc: Steven Rostedt Cc: Mathieu Desnoyers --- kernel/trace/trace.c | 2 +- kernel/trace/trace_events_hist.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 578a49ff5c32..1b2577f9d734 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -1907,7 +1907,7 @@ __update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu) max_data->critical_start = data->critical_start; max_data->critical_end = data->critical_end; - strncpy(max_data->comm, tsk->comm, TASK_COMM_LEN); + strscpy(max_data->comm, tsk->comm, TASK_COMM_LEN); max_data->pid = tsk->pid; /* * If tsk == current, then use current_uid(), as that does not use diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index 6ece1308d36a..4cd24c25ce05 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1599,7 +1599,7 @@ static inline void save_comm(char *comm, struct task_struct *task) return; } - strncpy(comm, task->comm, TASK_COMM_LEN); + strscpy(comm, task->comm, TASK_COMM_LEN); } static void hist_elt_data_free(struct hist_elt_data *elt_data) From patchwork Mon Aug 12 02:29:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13760032 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9AACA81727; Mon, 12 Aug 2024 02:31:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429887; cv=none; b=toeub9qyFMXffJez3BNn/IbnUJkDg43CEZoRB/yBkILlT8mkB1ddO4g2WZFCzCdZPmR9A3+uTY9hGpfAXIt2zEL09GMMg+R8BfKo4ca33BlbDrKIgOEy656Mn+bFKno+uz80Lrx2cWbOipbUoQY01eAsblMRe/lwdpntpR+i/uw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429887; c=relaxed/simple; bh=jQ7E8uYbAv5L24HExgIrPa8kYHHiE/gtmM47BqiJcJU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=kYbJKMZv7a7dVUKNfJ9eX6PXtWnxy5e2KAwvZBfsFTRnc8zy2pqkiCb4WZvFMaqm6RncXUEVQzwm5FqsH4bI1VSX5wLG+zjtIgqbEhCui1mNLntJJoy5PdjIKtpBfv/GUVj+mUP143PUQ8NNyJeWlvSo1Otebn8uBp+sM9dGUbs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VvCCspZ1; arc=none smtp.client-ip=209.85.214.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VvCCspZ1" Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1fee6435a34so26516275ad.0; Sun, 11 Aug 2024 19:31:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723429885; x=1724034685; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=lQq52x1okLoFlEdSdcWpS9opM5nCjcuUg5Jqdy6Utiw=; b=VvCCspZ1Hj47RgfERGu5k6icxdVFsBtlRou+dsDXmcv3elA5DFKZRpMP98jIvHCEPF 6gobr+l8XcnaaqTpjp4TTrlNPY8d46NSoLv1926bTaEb1VdUIUaMtcHH0abT3G6pj3Qk noIPgEp6uyWZqvs0KIEWysl0Mr2pGj7wa9F3eiJScBCSJpfYUNay9DLXvxMU5MwatPa0 ynwnJbgVlHuey2KE+8D+qQLRlKLqa+L5W4HEAzUUkm/TP/iHQkfP0NX3E/Gdxf+Psl56 P//ixLir17p9rtx+/e93MNBhP1lMuI81pzWlbQzeyuGiC07reAK2UPOsX4fAOWx7n0U/ A4Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723429885; x=1724034685; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lQq52x1okLoFlEdSdcWpS9opM5nCjcuUg5Jqdy6Utiw=; b=S2Vuq+DILJ9g6BEc7D7cY1A3euvkCph0ejZGVp0oz9XaxjVhAEx1AgZeDO6t3h3WdV X5fkb1FlTbiOyKCr+BFrRFHlQIsbVe8rDnzcPVn3/ga379CNvzhSB4ALZIRUTbzN/BV8 SYkG0C1TV1Q3BjaKEC4v94aQ4Obxr1VGEzK6Hdu14+ZxJ0VLMh0/TNN8pln99L/baYsF yam3qRvYjNGrrLd2ajF265xpP3KqYY941Eo2OA3qgOZ5493cN60V8hnIytiQEoQr9mUT /dFvrP2ufwPL5k5u3RjSOI3deZEld4E1yB0B4cauXd+NmYo1DC8XRKBdCwlB5YkeobST SK2w== X-Forwarded-Encrypted: i=1; AJvYcCWweAbN7feCwTZBisjTy7Zc+5YfTlC3F6qnF8mY3RFw5wfx0zCsg2RbTGvz0R6skh4GgFfxsyQQsbuOKRVSc2tq3mCQeD/HYZEl5iLUFGOGU4dhBm9ESpSvymH79fyIiBlYDhbdd2IvPtU4DMo3zttsxH+2klsWBM31LOR8g7VPDax5ssPw0HGPwBsrNALqiTF61E4CqFfn/q1V+D9e/3tPU1fS8GSbFadldCgzzxrDPLIQ1NXvuFP1MulwIOS5vTGMn/56ZSmv+YumEDHuTv9VomS/MB+sC7xZI6MNgp+F04O3UBF0oizYnYxQ8a+ydvwdvA5hmQ== X-Gm-Message-State: AOJu0YxMb7Xkg/aPfDWxnU+y6t2KzPE2NTCiW3d4ugi1pWcyo8KRAEWR NEPEBK5oqD4FCHocw9f43op8nZAv+ffepc9lc/l/GSwie1tY43O7 X-Google-Smtp-Source: AGHT+IHaetHTBTCym7N0t424xRy6qtmLiFL/7ctUucHwtwIF7cfl/lI/MF8VrMeOi3ytURGCyHANzQ== X-Received: by 2002:a17:903:249:b0:1fd:7664:d891 with SMTP id d9443c01a7336-200ae5cfb6amr57289655ad.44.1723429884796; Sun, 11 Aug 2024 19:31:24 -0700 (PDT) Received: from localhost.localdomain ([39.144.39.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-200bb9fed69sm27884765ad.188.2024.08.11.19.31.18 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Aug 2024 19:31:24 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni Subject: [PATCH v6 8/9] net: Replace strcpy() with strscpy() Date: Mon, 12 Aug 2024 10:29:32 +0800 Message-Id: <20240812022933.69850-9-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240812022933.69850-1-laoar.shao@gmail.com> References: <20240812022933.69850-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org To prevent errors from occurring when the src string is longer than the dst string in strcpy(), we should use strscpy() instead. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Cc: "David S. Miller" Cc: David Ahern Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni --- net/ipv6/ndisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index 254b192c5705..bf969a4773c0 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -1942,7 +1942,7 @@ static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl, static char warncomm[TASK_COMM_LEN]; static int warned; if (strcmp(warncomm, current->comm) && warned < 5) { - strcpy(warncomm, current->comm); + strscpy(warncomm, current->comm, sizeof(warncomm)); pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", warncomm, func, dev_name, ctl->procname, From patchwork Mon Aug 12 02:29:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13760033 Received: from mail-pg1-f176.google.com (mail-pg1-f176.google.com [209.85.215.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60445130495; Mon, 12 Aug 2024 02:31:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429896; cv=none; b=apZYoQEn3MAuMhHc4DMM/0cHlkLbRR+yDriCX6IvIK0sCpljxCcZ+zbrRwVeIgs6Dk8ITfbHHSqJ/CPaQ30TkA4z5/6h/m/1m1f5rQHr+KON85kc66BgoAHYo6RPsbU9uZj2OwudtWVs6O2B6pke0vyZbUNLCRg2+G4KB+BZSII= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723429896; c=relaxed/simple; bh=jPqIfx5S0Qm/nWYbQ6kouB0I6PeJnKoCsF8vfwSHWTc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=h8/tFK3R8ZZoxPUTp4W/yYp2IL4hHqH3rZUG0njtrWNeWhWjsy380jI0Mulj2xd04Z60X1zV/e7DhmhYaodf8fgF2fvi/p79I+YYnRapRexTFWHeJiQoHZxInhjkZ5KfE6LnsNqZFqeKTTU2WplqrTlYhrbaengWwpI1T7Duzas= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=RMf+uBW4; arc=none smtp.client-ip=209.85.215.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="RMf+uBW4" Received: by mail-pg1-f176.google.com with SMTP id 41be03b00d2f7-76cb5b6b3e4so2473385a12.1; Sun, 11 Aug 2024 19:31:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723429895; x=1724034695; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zZu3KZG3iOINXwUvnWcZKbey2aLH0BWohtl6uQ29mP4=; b=RMf+uBW4sxFLUX3cCivR3zxx3+1yfKOe8+fM959PJO8tvrt7gNLao9QJfguSbAqcI5 yNsRW/IQN6LLwSelbbg9jzI5k9ticQxNPuPN0UqC5YxnUeWlT6KUJP4fdMW08ILVeSsZ ws7Fc+JD5BW2aiV2NlGnTuUMPfLIncdd7YSFvhxGAB7x3x2OwQsOV4niS41JKFLgvC/U BRJ2cHnv/DX7TGro2w7f3TaXjNlRxHqIiLX14x5ogqoGA1yyW4PTtTOgmRTUaB63Vrqq 6yxxKp1VGS5A0n0Kx/iK/3uOdOhy09Q+nO4chgguTokpVRioqd4cSVurT5YosoAZvObK 475g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723429895; x=1724034695; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zZu3KZG3iOINXwUvnWcZKbey2aLH0BWohtl6uQ29mP4=; b=FfEs/nmh2WS4OuXPUmTpgMlUZEVEvxjKOIGuc+bcbfhE8aa6AH+A2cpoFzLALe+HTO hAiGbKfyyhUNpdJ+InylZATxphT9plFDGmsDp/Dm5/qRCtoF6d+ocj1Jw+StOBLvlrdW xxglr19iIdn8vtiKZ62pbW4SwkWPbh/ynImSc4eV9v6lPdqOh8niqSX9/h6TlVt55W2z 1OSnkgwE/i613LEd5DzCiLxMFiTiepinigEmy5RaQioJR5aAiDFwvpfik5Txo9z1mW0j NastlsQIFKTGwyNhh7avL7YLpymzuE5wGPdOnYaHCqD/8tIqjTvZCxUKlNresFcmBxav E4AA== X-Forwarded-Encrypted: i=1; AJvYcCW1VrkdGCs5o9Khy6/twURfh/c13Xcx8HFvPjbYP4HJ1ABb64b/MHGVxkp9jvxoUgnjN0gzq0u0idBTwMj+2pdz7x01QYApwcGoO+MBULPsK4djkv5fOgj4f5zAjardzQ1/VS5MTs+TZb0WJ1XH/bcEUrQ4apofrVG/kFN334QqvbYTDSmlVotP/YMRGkI0trXa+bM4vhcZbmcdHn29CxzpNFxbV6TlQuzRthwsjaTkHAfSsPpCR+4sWV7ySbqRJXcmZAffYLwrUSt5V9RdkLJeeoL5GKkkvPt5dzZsAD8dJrenQQwFygOZuqngf1xRAxBNOpj3jQ== X-Gm-Message-State: AOJu0Yzx/mD1uDSjswVpgxOaumRS32vNat8kKlXMajeZcxR6uE92cC80 I8l9r4Tly4m8YWjRK8xQYjuE27ySuT1dYrBMw+lYH4L6uAy+znOx X-Google-Smtp-Source: AGHT+IHdX1dJ6B1gxMt4DoIS5gsxO+K0m5bSRRhjzARSl7z6wL1zfkA/bgMgo4cA342XfY8E/QA2Rw== X-Received: by 2002:a05:6a21:b85:b0:1c6:fc56:744 with SMTP id adf61e73a8af0-1c89fd26229mr6526380637.31.1723429894568; Sun, 11 Aug 2024 19:31:34 -0700 (PDT) Received: from localhost.localdomain ([39.144.39.162]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-200bb9fed69sm27884765ad.188.2024.08.11.19.31.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Aug 2024 19:31:34 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Daniel Vetter , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , David Airlie Subject: [PATCH v6 9/9] drm: Replace strcpy() with strscpy() Date: Mon, 12 Aug 2024 10:29:33 +0800 Message-Id: <20240812022933.69850-10-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240812022933.69850-1-laoar.shao@gmail.com> References: <20240812022933.69850-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To prevent erros from occurring when the src string is longer than the dst string in strcpy(), we should use strscpy() instead. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Acked-by: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: Thomas Zimmermann Cc: David Airlie --- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/i915/i915_gpu_error.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_framebuffer.c b/drivers/gpu/drm/drm_framebuffer.c index 888aadb6a4ac..71bf8997eddf 100644 --- a/drivers/gpu/drm/drm_framebuffer.c +++ b/drivers/gpu/drm/drm_framebuffer.c @@ -868,7 +868,7 @@ int drm_framebuffer_init(struct drm_device *dev, struct drm_framebuffer *fb, INIT_LIST_HEAD(&fb->filp_head); fb->funcs = funcs; - strcpy(fb->comm, current->comm); + strscpy(fb->comm, current->comm, sizeof(fb->comm)); ret = __drm_mode_object_add(dev, &fb->base, DRM_MODE_OBJECT_FB, false, drm_framebuffer_free); diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 625b3c024540..97424a53bf9e 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -1411,7 +1411,7 @@ static bool record_context(struct i915_gem_context_coredump *e, rcu_read_lock(); task = pid_task(ctx->pid, PIDTYPE_PID); if (task) { - strcpy(e->comm, task->comm); + strscpy(e->comm, task->comm, sizeof(e->comm)); e->pid = task->pid; } rcu_read_unlock();