From patchwork Mon Oct 7 14:49:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13824851 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9D3521D416B; Mon, 7 Oct 2024 14:49:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312587; cv=none; b=CGnYxb47i6nYsaDBr95Z/k2F2I+yT+f+bZjDEOGUySL53hIa8h2LStlhhuoPy407nCSZ8KeyYy9xZ4pQkQfB0nFtrQejTad0Q184iWTOmESvPCeZ5LWqwM2x5pqU+vGAuHyC5o9ViBxO2ehgdaNtbJVYI+fuzhyiLrGezHd5bGU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312587; c=relaxed/simple; bh=LdUzXXQ8w1cxGk6eZCeHPTjeQKYbvyuMc5IN1L2pmJk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=AeU9+altLSeXwZWE7UrUArURfQiy+g3xrfr9eE/0BCjquCLRIo5ls1xusx2DlcpF/5owqARXC2TsFaSNrDe8ufPDT2oTmMTyPyuabZ00i2uR57VZ0f4TwvfNevqYqxb5LHYxl1qv75CXtregUyWWPFnTTXJ0moInf6ARt+Wb3T0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GlzFkGkc; arc=none smtp.client-ip=209.85.210.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GlzFkGkc" Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-71e02249621so748973b3a.1; Mon, 07 Oct 2024 07:49:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728312585; x=1728917385; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oVEk6SmaURyo42RvRGYBr53delaAcBEjfSHuuD+Cst4=; b=GlzFkGkcVK0yU5uGVoyoDHvqoGswNz3QeNvFmV9+B3ta2Z1Fe1+Zz37tMI8E+btu93 DOq1Vakzmk57N7fk8V5TIFfEUAhrTqvTURA4yofAFzm9sdhi+czR7WfEX3uFHKgpaEE/ SNzKSoE7CiRsZqD9CI0x7UoiI9AW2al0WfHhfhu6/kRAjZo+UrtX65ThklzWpQ0cM9u6 QnlOePALakfWc8J4z4toK5JmfCPbyq4rNk7I7OyFiGMOaI4jgbykZ8LBUoHECXAKmmc2 AdWit+UniSXgsdXKkdNoqF0Zlw4PpwJc9SLwjgok1FK4hYmrsLZoe2pFrU2T8bs+8spT R9HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728312585; x=1728917385; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=oVEk6SmaURyo42RvRGYBr53delaAcBEjfSHuuD+Cst4=; b=qjeZ67pqOXMAFwIH/H0ejCayzJshrT1bo97wIbvGY8n4J5JmsyMMFiq4VvGgjctKor TQdNLwja3Gas8YVlBzZOu7V699Tu1FYyugmTnt/HNz4RdryB0GO1nqXgsWG2dJu35740 1+0ZQflmYzIErH1Dacc8HpWgw2Bx8+rAhRPxbZs66QQ9PKaz+40QDDo6WnlmfXI2lG96 WYZ0Id0lNis9Ivp/G0TcOt+80fU4oUI7YaLllBJrZotpj4Ec/JljTtJ5RXod6MPco8m5 jEssgLl00DOuSu7Zv6bNvoJSbpz0DOpe93+mE7YuXUG0l4KIktIyleXnc61iSVNnZkE7 9KTA== X-Forwarded-Encrypted: i=1; AJvYcCU40V3TXsQNomPZeLtiq9By+KEviFuxVA7SgADQRK/pNC1vEzJ00K7iLzufzT7w1JvMd55N5rwTCRH5mSUXAzovJhpMdsY3@vger.kernel.org, AJvYcCUGx+b/xyJviZs7HkGNd6jUUMd7Tf7lFeDDdeMpHrgQgyJneyACzxq5RRKLQZi+ACvcKAz9@vger.kernel.org, AJvYcCWkfeIIwON9j1Ce7nKBs7IcG/avYjB1UvMj8N0igbgvebs00PfAOM9Q4peo1/+f0+fSHsghBs+YDgw+m7E93A==@vger.kernel.org, AJvYcCWn18yoLF+XeR7AW6Z5agDT9NR9Ii8AyNGaiDEYhThGQPoVP9u87wzGspwoPtwhPWiYnT6cvg==@vger.kernel.org, AJvYcCWnZCkJpzx4BDePSfxTgIYdCDCqCAtscIv5oTRqn1g65CAxnPRUUiovSMgCmd87WRI00CbQwJyZLvbOqutpzLyq5vP4@vger.kernel.org, AJvYcCXBlwPJUNoBgBWB2LAGgNQcJZP6wkwhPTdSDJXud4Zy/za7caMTENgOrRCHUD0MTcmWdUNeBPnU@vger.kernel.org, AJvYcCXhF6Ge+2BIA3epeq0nZHC6Whf2OHn1VZohsBPQwxcM3Kh6L5+ufmHnHuEXnHHfXCuvSTZ4MEfimQ==@vger.kernel.org X-Gm-Message-State: AOJu0YxYRNZG63PwcQoPl2H7AD6ylqC/X8vhQryWD/y+d7PNS3RJavzd utnb0PIKzI7zjroTPppZACsyylQXp2H+rG6VIitIc50VKPxotSAO X-Google-Smtp-Source: AGHT+IFysx44ym7xeNZ29ZQx56P8LK073YLR3FEq6ZYjPgOvQStiRImQUgMUmAdR1iJQTcm5/XW64g== X-Received: by 2002:a05:6a00:2eaa:b0:718:e162:7374 with SMTP id d2e1a72fcca58-71de239f5e6mr18318586b3a.5.1728312584814; Mon, 07 Oct 2024 07:49:44 -0700 (PDT) Received: from localhost.localdomain ([223.104.210.43]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71df0d7cf82sm4466432b3a.200.2024.10.07.07.49.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Oct 2024 07:49:44 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, keescook@chromium.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Alexander Viro , Christian Brauner , Jan Kara , Matus Jokay , "Serge E. Hallyn" Subject: [PATCH v9 1/7] Get rid of __get_task_comm() Date: Mon, 7 Oct 2024 22:49:05 +0800 Message-Id: <20241007144911.27693-2-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20241007144911.27693-1-laoar.shao@gmail.com> References: <20241007144911.27693-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We want to eliminate the use of __get_task_comm() for the following reasons: - The task_lock() is unnecessary Quoted from Linus [0]: : Since user space can randomly change their names anyway, using locking : was always wrong for readers (for writers it probably does make sense : to have some lock - although practically speaking nobody cares there : either, but at least for a writer some kind of race could have : long-term mixed results Suggested-by: Linus Torvalds Link: https://lore.kernel.org/all/CAHk-=wivfrF0_zvf+oj6==Sh=-npJooP8chLPEfaFV0oNYTTBA@mail.gmail.com [0] Link: https://lore.kernel.org/all/CAHk-=whWtUC-AjmGJveAETKOMeMFSTwKwu99v7+b6AyHMmaDFA@mail.gmail.com/ Signed-off-by: Yafang Shao Cc: Alexander Viro Cc: Christian Brauner Cc: Jan Kara Cc: Eric Biederman Cc: Kees Cook Cc: Alexei Starovoitov Cc: Matus Jokay Cc: Alejandro Colomar Cc: "Serge E. Hallyn" --- fs/exec.c | 10 ---------- fs/proc/array.c | 2 +- include/linux/sched.h | 28 ++++++++++++++++++++++------ kernel/kthread.c | 2 +- 4 files changed, 24 insertions(+), 18 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 6c53920795c2..77364806b48d 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1189,16 +1189,6 @@ static int unshare_sighand(struct task_struct *me) return 0; } -char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk) -{ - task_lock(tsk); - /* Always NUL terminated and zero-padded */ - strscpy_pad(buf, tsk->comm, buf_size); - task_unlock(tsk); - return buf; -} -EXPORT_SYMBOL_GPL(__get_task_comm); - /* * These functions flushes out all traces of the currently running executable * so that a new one can be started diff --git a/fs/proc/array.c b/fs/proc/array.c index 34a47fb0c57f..55ed3510d2bb 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -109,7 +109,7 @@ void proc_task_name(struct seq_file *m, struct task_struct *p, bool escape) else if (p->flags & PF_KTHREAD) get_kthread_comm(tcomm, sizeof(tcomm), p); else - __get_task_comm(tcomm, sizeof(tcomm), p); + get_task_comm(tcomm, p); if (escape) seq_escape_str(m, tcomm, ESCAPE_SPACE | ESCAPE_SPECIAL, "\n\\"); diff --git a/include/linux/sched.h b/include/linux/sched.h index e6ee4258169a..28f92c637abf 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1121,9 +1121,12 @@ struct task_struct { /* * executable name, excluding path. * - * - normally initialized setup_new_exec() - * - access it with [gs]et_task_comm() - * - lock it with task_lock() + * - normally initialized begin_new_exec() + * - set it with set_task_comm() + * - strscpy_pad() to ensure it is always NUL-terminated and + * zero-padded + * - task_lock() to ensure the operation is atomic and the name is + * fully updated. */ char comm[TASK_COMM_LEN]; @@ -1938,10 +1941,23 @@ static inline void set_task_comm(struct task_struct *tsk, const char *from) __set_task_comm(tsk, from, false); } -extern char *__get_task_comm(char *to, size_t len, struct task_struct *tsk); +/* + * - Why not use task_lock()? + * User space can randomly change their names anyway, so locking for readers + * doesn't make sense. For writers, locking is probably necessary, as a race + * condition could lead to long-term mixed results. + * The strscpy_pad() in __set_task_comm() can ensure that the task comm is + * always NUL-terminated and zero-padded. Therefore the race condition between + * reader and writer is not an issue. + * + * - BUILD_BUG_ON() can help prevent the buf from being truncated. + * Since the callers don't perform any return value checks, this safeguard is + * necessary. + */ #define get_task_comm(buf, tsk) ({ \ - BUILD_BUG_ON(sizeof(buf) != TASK_COMM_LEN); \ - __get_task_comm(buf, sizeof(buf), tsk); \ + BUILD_BUG_ON(sizeof(buf) < TASK_COMM_LEN); \ + strscpy_pad(buf, (tsk)->comm); \ + buf; \ }) #ifdef CONFIG_SMP diff --git a/kernel/kthread.c b/kernel/kthread.c index db4ceb0f503c..74d20f46fa30 100644 --- a/kernel/kthread.c +++ b/kernel/kthread.c @@ -101,7 +101,7 @@ void get_kthread_comm(char *buf, size_t buf_size, struct task_struct *tsk) struct kthread *kthread = to_kthread(tsk); if (!kthread || !kthread->full_name) { - __get_task_comm(buf, buf_size, tsk); + strscpy(buf, tsk->comm, buf_size); return; } From patchwork Mon Oct 7 14:49:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13824852 Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 383971D45E0; Mon, 7 Oct 2024 14:49:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312598; cv=none; b=XNgIIZL2uoc1Smgwtx9YCZym9hqDnb7iHOrdmqqgmsrqwOkoh1RhvacdJifnHGt38yp2Yc0e/rZfUocQsn7HoanvD82lDERvYjjz7EvfK3DxZNf9+JRdEq9Hhm24dm26WOCxXdndzjbkzOc1C1iajByhsvhuHfR5GOoSBw6oFn4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312598; c=relaxed/simple; bh=t9WhBzpj3y3CJ8rlJO5jv9hSArYMQate1NnQ3e0C/oY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=fPfx+eOY/HdvokDGxj5u/9sY0zRrd228qxbclbKZsSQBQxZ86KeFtq50eIJ29x+YFyP6AL8w+8u4/7qrnCKV8yB9yH0eTZxSjFuSLvyr7Rz+W/wVTiadUxxEutj3hv71KEf1s4O76QkZMABoTcVRRzbTti79bwbJVXqsmPLHEN8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bA8Y7tfd; arc=none smtp.client-ip=209.85.210.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bA8Y7tfd" Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-71dfccba177so1136022b3a.0; Mon, 07 Oct 2024 07:49:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728312596; x=1728917396; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4ED8sTWekie9637+cHBCmQFpLStnm64j/0llImVgOxU=; b=bA8Y7tfdPirlVKHrNdcCeQnVOw9nz6iMWNHsLrDEuuMZ7L76jfoBSsZHLRqD7NuzSJ E1OLKwCEjGcJhwR+hrP3yzhwjuswzp9NmgiaTbfcjz/aY41KAZaX/UAclMte31qkJUbu JjyX/YCfJGEZfY9w8Q9LcQMBhkDNx8uzTJBjuxbt/SxHSznopEyz5ElKRlLmnojW/r1+ munJMNU8pvgVEe9MBNcRxooPnc+NSTDU8gUPfp3zKQTzzCYJQFI3J/I+Oc5QnzD7gK0c r1JWonebEsqQHTd/QaY0ugBW84YJ+eMlQ3Hc4mUuvOC52M53NNMWWgBGo+uScy/oH8VU RagA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728312596; x=1728917396; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4ED8sTWekie9637+cHBCmQFpLStnm64j/0llImVgOxU=; b=hXrNJv48v8jAIq09+tWuNkWcW1H+g9LK/wnxHZSrCVzQMX5npsvN9yk+9sn2NWpik9 A5bcQ43qVtPzamBhXXPMBdlW/VQ2gPwm0TjZMHSAmfimK0D03PtunpGifuPo2MTSaX46 a9yw13bpSNl1lDFESrZFDuWs7Nh/WPeL79bl+69W1nXklobcGi8qoTeNFXYE6uSlA68y 90y0icO4XPHya0CpYLeHwDMBTJM9HNtClERWeqEXRVLOhM7ncdpP46XoQebMEWkEeACf iKsmWAfiD91ICL21m1ztRZ7KKraj4NmHsee7sUC2/PXN4IVAIGDP8LamWg5BdtGmOEH6 NmNA== X-Forwarded-Encrypted: i=1; AJvYcCU86TkYgcmqLcjl/R+0XP/A0d0JE5jPpL/CILO2z9u7KIGeiUvo0wBbLgTB3NRYMmTeYV+Jbl6yvA==@vger.kernel.org, AJvYcCUxXefIf7yFoslmrrd/rnZyZ8HXSOnWol9wS5lsJidP4M/TG9Dg1HWvlWKyhOmHNq4ux5Q0@vger.kernel.org, AJvYcCVBPsuCWBOs2EfwDhupOxZIMubYXEzVHBTM6koaOi+i9NREROtJzREnDaezjN+/anUZrd9CR2RcVYN11IVuIZyqfKWjk3ZN@vger.kernel.org, AJvYcCVdIzPyQLfae2wSNa+WNhu8bJ0n8QNMPn1Qdn/feOHlnFECM+dblKKumfdZDzA/wLNFvX0i1WQsvfgK7tK8rA==@vger.kernel.org, AJvYcCWYJH4+UrWregNJ3mjZycRIch3uzp+EYIfeEl+bSt6Da6TNq9txQslhTDj8cIsrFH6Du7zXmw==@vger.kernel.org, AJvYcCWlx5DSeoGHNG4q1Pw6ncXtyuLKj2wEIJP5nlS4gFQB/FpBtlP/Y717Rv+KQETarubCdNQP8FtU@vger.kernel.org, AJvYcCXzGSgw23kAIBkk/imeP+QmFGf2ghSym5k8Ofh1YyZwUQw8+AJvXTFR0qx9CQh1JDDn4YO7+DOQt65BZEksPznX5Gc5@vger.kernel.org X-Gm-Message-State: AOJu0YyfTqqZEoWZ7hBh7aq5mgOFmlIhKdCNYd6erIyRscROU1kMx1yf zHXAH5zq5nhbOEiNRRh6j+jWaRNdfHN8E38QJaCTfXEoa8EurMpa X-Google-Smtp-Source: AGHT+IFSfr8aGR6hntBNP4HQUskHiw0vm/RzkrWx6VpNUZENgDQ4iLauIOQbi4o7xjraSFHRBCGRjw== X-Received: by 2002:a05:6a00:2316:b0:71e:1ad:a4a2 with SMTP id d2e1a72fcca58-71e01adb733mr6378569b3a.13.1728312596499; Mon, 07 Oct 2024 07:49:56 -0700 (PDT) Received: from localhost.localdomain ([223.104.210.43]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71df0d7cf82sm4466432b3a.200.2024.10.07.07.49.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Oct 2024 07:49:56 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, keescook@chromium.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Paul Moore , Eric Paris Subject: [PATCH v9 2/7] auditsc: Replace memcpy() with strscpy() Date: Mon, 7 Oct 2024 22:49:06 +0800 Message-Id: <20241007144911.27693-3-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20241007144911.27693-1-laoar.shao@gmail.com> References: <20241007144911.27693-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Using strscpy() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Acked-by: Paul Moore Reviewed-by: Justin Stitt Cc: Eric Paris --- kernel/auditsc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index cd57053b4a69..7adc67d5aafb 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2730,7 +2730,7 @@ void __audit_ptrace(struct task_struct *t) context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); security_task_getsecid_obj(t, &context->target_sid); - memcpy(context->target_comm, t->comm, TASK_COMM_LEN); + strscpy(context->target_comm, t->comm); } /** @@ -2757,7 +2757,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); security_task_getsecid_obj(t, &ctx->target_sid); - memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); + strscpy(ctx->target_comm, t->comm); return 0; } @@ -2778,7 +2778,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); - memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); + strscpy(axp->target_comm[axp->pid_count], t->comm); axp->pid_count++; return 0; From patchwork Mon Oct 7 14:49:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13824853 Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26B901D416B; Mon, 7 Oct 2024 14:50:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312612; cv=none; b=S3g0Q8lL85z6qn/S5adNZzQeUbkw14fe48CrSifhEmav0sGpOWklCWb7x6aKX9RgSJeUsySg2kJENB/dH6n3OzXVtrfD9nLV64IxlQF2+5CiynUUtCoQQFwvkdA5dX2crqJsaXYG9UrQLsWqOrg6gvUGCJ2gluVDW5gFQ8O0UzM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312612; c=relaxed/simple; bh=ABhttoS6oXw2j+hmHjcdgyTovB2nFehBatzjdciJ3nM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=DfEKtkFOeBSo3+iUi0hmrSUBxL+HvDcEabbJ8aGf8lUR4+yYhTTUFX3Sc8w/3AL23XAu7Uz/AsyMgPos95sCKI7nOHUBaGCeei4U6jAzqTGjh/6zTvIEFahQUGmvRFJLDDlFmgE3nO7IG40EIEtCTaee6LrihoHXn/cOwLQ8kfQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YsAqLCUJ; arc=none smtp.client-ip=209.85.215.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YsAqLCUJ" Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-7c1324be8easo3993383a12.1; Mon, 07 Oct 2024 07:50:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728312610; x=1728917410; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mIIMsSPqVp5AusgTbRbdrgF3qEr8ccJBENe3BbQ0UBw=; b=YsAqLCUJNB0+8zHwcXeK0Y/hsPEhokIF6a+zjLuaOSj0POs9HPco39Qqyt+l4Ib3cr CALIfUwRrmeSxTJxzpSzc7bSje3ZSZrpJQjFEJSHSVciK7q653ERsyi8zBJnKgY3cuzJ S8OBt1iXcBHe3SyFM7i2lj+hD1GH37h3i1tZzEcMyepaoP/ZGByWCdc9N32AdXHThIZj kmPYo27+9RoZ6Q1RRVMpBAQG+GGccywlJqY1qSq8dBub1OL+yyrKMlCnQ2HBl+sAK8JG 2AdUYUjZtg7/Glni5539xEueO3GNciL6EaGeoLk4/IqM2ZbpioDOBtIZDd50Jz99ZssZ oYTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728312610; x=1728917410; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mIIMsSPqVp5AusgTbRbdrgF3qEr8ccJBENe3BbQ0UBw=; b=l1GSSSIFdBo2uhjCHaWkNEDOeLkd/iDgDap52o2Q4UhqQANfedeYVryIFcTIE+Oa1T vABtuD9eOq7bPJgvz6jWowdqvWolQHf4YRy7hEoauEDxf77fXminoklJg8QwJuW/mxaQ DFdCy3Z5ZzI+8b/u7Z6hVWxuAY46lVvVFD7hx2ygGp0mby7Kkcm2fff4upXTWHdf4i/4 01IleleIalj1p7uYb71jGba8tC/LpZwMr0eCxb1YH6u5Ggo9EN34Zlc0JBU0gK3s9Sbz +hAmbGDdy6WahrDWd/344VfnqoP0S9HGH/JYPkGOYWKUXNVdrsE+00Iwp+BZmPRenJHA 0bDQ== X-Forwarded-Encrypted: i=1; AJvYcCUbqIfrLaFXnMtslCc8OEAIx+YDAaNnG+xDe0+hT9+JJp44LFe5XNhBfc20VqMGkqrttszRYWto@vger.kernel.org, AJvYcCUm4afV1S3HnXotvQxLTzQJihV4gpVBSqreZNLhEHFcLZIJ6Mt7Nwb9AE7s4If0jvEW2Zw4WBv1Ml+g4w+pvQ==@vger.kernel.org, AJvYcCVZmNUeD58kxZqrbJGr9hC9j4RCx5p31HHS3jVheEWdNk8swgU8yL3H3K4ZwZzBHmUw2MPdiA==@vger.kernel.org, AJvYcCWId/ql8tgjp82Hpfzk84x4PtuJapU6T7j0coF57Z6DcJxpfHDg92RVo6LBUQLVAOCCcQ6l5J51mtgx4NhZh2KeToTf@vger.kernel.org, AJvYcCWRLMIElpnt9CZukVlI8w+VDQOSXKPT6g65feEFgvtzBdlUT0H5Pw9ixu5+pSoyALeq2eIAmGQMn6Dv7WJPBH/5VO/+3dv9@vger.kernel.org, AJvYcCXIqx9jAYQKUSBfT8eClrTUWrluMfL76IFPTpRVcJntUSwB5yHlDVAogqdKcwb3VAOPqsCR@vger.kernel.org, AJvYcCXYt8QsrtnCuqB8AMjdxlDtElzxTZMSHj7DkUNAe9Rf0PFViVTjyF7USEvgCvQ0Am9A39gsSeKitg==@vger.kernel.org X-Gm-Message-State: AOJu0YwK99sFou/N6cOz7cSa/ZaiTXSPGYRwKNSOod3OvMu2K1glzXzI 3XCwBfPVOQgge2ZLCYGP3N1Ey9HNjWBoViibKvjOE7+kUQzy3FNiNjPFJWCQ8Vs= X-Google-Smtp-Source: AGHT+IH1T8Z0gS8IM4ef+l7Ymhr8kCvYXDO1WRSDOYONvg5988rUz94lZcz2t9FfyyE+YN0pNKr/oQ== X-Received: by 2002:a05:6a21:9204:b0:1d4:fafb:845d with SMTP id adf61e73a8af0-1d6e02b14a1mr18448839637.2.1728312610165; Mon, 07 Oct 2024 07:50:10 -0700 (PDT) Received: from localhost.localdomain ([223.104.210.43]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71df0d7cf82sm4466432b3a.200.2024.10.07.07.49.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Oct 2024 07:50:09 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, keescook@chromium.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Paul Moore , James Morris , "Serge E. Hallyn" , Stephen Smalley , Ondrej Mosnacek Subject: [PATCH v9 3/7] security: Replace memcpy() with get_task_comm() Date: Mon, 7 Oct 2024 22:49:07 +0800 Message-Id: <20241007144911.27693-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20241007144911.27693-1-laoar.shao@gmail.com> References: <20241007144911.27693-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Quoted from Linus [0]: selinux never wanted a lock, and never wanted any kind of *consistent* result, it just wanted a *stable* result. Using get_task_comm() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao LINK: https://lore.kernel.org/all/CAHk-=wivfrF0_zvf+oj6==Sh=-npJooP8chLPEfaFV0oNYTTBA@mail.gmail.com/ [0] Acked-by: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Stephen Smalley Cc: Ondrej Mosnacek --- security/lsm_audit.c | 4 ++-- security/selinux/selinuxfs.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 849e832719e2..9a8352972086 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -207,7 +207,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current)); - audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm))); + audit_log_untrustedstring(ab, get_task_comm(comm, current)); switch (a->type) { case LSM_AUDIT_DATA_NONE: @@ -302,7 +302,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, char comm[sizeof(tsk->comm)]; audit_log_format(ab, " opid=%d ocomm=", pid); audit_log_untrustedstring(ab, - memcpy(comm, tsk->comm, sizeof(comm))); + get_task_comm(comm, tsk)); } } break; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index e172f182b65c..c9b05be27ddb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -708,7 +708,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, if (new_value) { char comm[sizeof(current->comm)]; - memcpy(comm, current->comm, sizeof(comm)); + strscpy(comm, current->comm); pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n", comm, current->pid); } From patchwork Mon Oct 7 14:49:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13824854 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7FD6F1D7E41; Mon, 7 Oct 2024 14:50:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312622; cv=none; b=so38UZGRv5DIzwogrfKiiHudY34C1HfNQg73ZgvUpLp/sCMsU290FXswynbyd+pYXKfcoDfakB6KZ5xO8RL1j3O8+dEsRhJneKj4YMu46G3quEr8i+gLXzmTRUHWIgRbCPRkapQzhDo/a+QWBu1nxZhZTY5UsAZfCd6j8gwBJ4g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312622; c=relaxed/simple; bh=56ESQtaoBbBqZU/saKgTljkr5U/isylgWUhSQpUUDZM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=HROxTGOvOkyHIy/10GeBZJ0dtayDd8XpI1TzTNL6dZ61xxhCiDvJp0vYa1vJs+7sFZ7kajpYVDAo3CfnaEYAIjstMwen3kE+pwsELLV4nGaM4J9gDE2ey4XyJ7GcCMDgpNgSQA96pQbHHz9IoD9qpkACnUkzq4n2024ZRFV/lTs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gtrYdtMm; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gtrYdtMm" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-7ea12e0dc7aso576568a12.3; Mon, 07 Oct 2024 07:50:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728312620; x=1728917420; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QQdkC9XISn7BWPlTE5/iE7aUj/L2jeLonKoaBsbNpS0=; b=gtrYdtMmh/ZUka/K778EFWlj2oajBLeN5R3sTnWsm3+KDYj4IIWrBLE0R127i71/IP 3zqnXMpjt0DenzY0GShXCwPJq89pqN2Zu2PQ8il11RJZSnMOuE3zDaXePMzqYd+LtrCa tv++6lZKFWEt0CKqAg02dI/Bh4L1o56bmc/6IS6c21S3Uztk7JJwH41Ask8e/S7NAPn4 BzSmJZeWVs5js36ffwMESJXzXbAkikQSeYEI0Gdyy6ca3JfDwD8umLYQFGfptQj8JuOP 5b94tZsg+mvgTbe5KgsQ++yrXfVfx3RLtFto+p484iMN3fCDePnoBLHs+b07vzrE8mqi Sxcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728312620; x=1728917420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QQdkC9XISn7BWPlTE5/iE7aUj/L2jeLonKoaBsbNpS0=; b=c00UglUVN1bEeYAH6kmwIHNyKVBLlnPfS6m3sy0zUYuR7LzF8NhY3sEWhvqn1wPZrd ympy6hXHUwSjpc0oSVpC73mLORYkwWf3z5oYd8VEO1Zd31OP2NK/+XPvx39NtiyZZWcM /2p+G9GwmAxDFhMy4Et8kxso+BvNvM/6XqHgDkpfTST8u8LVZEOIckXR9rRR9FwPEFuH DsVFLErLMxNJzOcsDJXoPEC/I66a+P38uJJpreoXOUrQQMwWPK5rwh8IAUmtywp2s96r qEy5iTZ5rucb+G0aJM/j8Nm+jbSSbkX4/32G7ArhGTOW2WR4ayxWlHJJTzHPca+N5Swg PLUA== X-Forwarded-Encrypted: i=1; AJvYcCUGaKKnr2Qm/j7nzbnEMXKxEcTF4e0ki5pJ09ALhHxFn/wVXdCxBCutsAeJcR7zSefgncMnDjbqMVvd4OzoLA==@vger.kernel.org, AJvYcCUm1x//w0AD1/4hTiUHuZZDkjhSK+NQmE1eqQ+mGwHhqGGp3z31SJzsgrovvvWVkd1fUgKC@vger.kernel.org, AJvYcCV+QKgnbaYh2vjNUPoljvJsBWxSZNBqAJ1neTXcQkAnyGtYsvcrcX9dXjLMntyUVswQPYwom42nvjv5dUj2KFGS2s3ghZ8h@vger.kernel.org, AJvYcCVyxY17vbnEA8U7/EHQ7wy6UT/a6r3j+Vc8W7W28R7WdaiAja+YyIGBbAJ5jBPzrhK402asnmbKig==@vger.kernel.org, AJvYcCWDIpMiO3r5LdswIszRErk54zUCs71qBzevZ83pjkdnmAbZd1Kx/WNCEQbTWLo79TuyMSJrughqhpkKFwoqUJaIbNtV@vger.kernel.org, AJvYcCWROuQ+ZrdRatouGdD07Isua7I40/w10wQvMUPZddFobXv2z+rA7t6kLKBPI6qg7lNnWy9zQ0Ta@vger.kernel.org, AJvYcCWoQWRfmJ34/Qyj+AjvaN7AFRQwZTwZa+QUOagyoiLEml6oRGi2vQbCcenFwux/5sGu6UqOZw==@vger.kernel.org X-Gm-Message-State: AOJu0Yw52il1YnzVR68dSgGWUPPiPfOZSgWFX7uHtZ2oNHUoZ5Q6lhJ8 ihwAG/Cv86KutR09ZiqOIAaWb7dE7y+W6l1k+JLAFesOWVgSApiH X-Google-Smtp-Source: AGHT+IGdJ8333QIHr9VJupVLpNtoPXxXbiV/WsIALKPyiyHXyFn3qrINZ3iUgrsX4T7ZKXd0XBWepw== X-Received: by 2002:a05:6a21:9201:b0:1d5:1729:35ec with SMTP id adf61e73a8af0-1d6dfa27a24mr21138343637.7.1728312619784; Mon, 07 Oct 2024 07:50:19 -0700 (PDT) Received: from localhost.localdomain ([223.104.210.43]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71df0d7cf82sm4466432b3a.200.2024.10.07.07.50.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Oct 2024 07:50:19 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, keescook@chromium.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Quentin Monnet Subject: [PATCH v9 4/7] bpftool: Ensure task comm is always NUL-terminated Date: Mon, 7 Oct 2024 22:49:08 +0800 Message-Id: <20241007144911.27693-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20241007144911.27693-1-laoar.shao@gmail.com> References: <20241007144911.27693-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Let's explicitly ensure the destination string is NUL-terminated. This way, it won't be affected by changes to the source string. Signed-off-by: Yafang Shao Reviewed-by: Quentin Monnet --- tools/bpf/bpftool/pids.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/bpf/bpftool/pids.c b/tools/bpf/bpftool/pids.c index 9b898571b49e..23f488cf1740 100644 --- a/tools/bpf/bpftool/pids.c +++ b/tools/bpf/bpftool/pids.c @@ -54,6 +54,7 @@ static void add_ref(struct hashmap *map, struct pid_iter_entry *e) ref = &refs->refs[refs->ref_cnt]; ref->pid = e->pid; memcpy(ref->comm, e->comm, sizeof(ref->comm)); + ref->comm[sizeof(ref->comm) - 1] = '\0'; refs->ref_cnt++; return; @@ -77,6 +78,7 @@ static void add_ref(struct hashmap *map, struct pid_iter_entry *e) ref = &refs->refs[0]; ref->pid = e->pid; memcpy(ref->comm, e->comm, sizeof(ref->comm)); + ref->comm[sizeof(ref->comm) - 1] = '\0'; refs->ref_cnt = 1; refs->has_bpf_cookie = e->has_bpf_cookie; refs->bpf_cookie = e->bpf_cookie; From patchwork Mon Oct 7 14:49:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13824855 Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 84E165338D; Mon, 7 Oct 2024 14:50:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312632; cv=none; b=XDt+E/LkByS724rGCoT/lpN96MnWoHB+7cMb2UrmcoJwX962oP2jmJED4ysIktj1yffnMbK9XeaofyLVjcjopndMsCQZkZxgsW5Hy0kl+cflS7MDqkWJCMrHdWvPduQTCdlV51wpTe2X6O8v+O+xyym+qkXAx+bjXqE/kx8ukL8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312632; c=relaxed/simple; bh=CSn+g/DUlfag0y0O0cUb+f8BNmi1oTrRRW24RVQtgBo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=DWj9alAP7oaiiYq+C7BaeGcBN9zh4hnPTiQYr0vHVPU1OK50sO/65RbhJAqID2woOj4YJkYmXK/kKPB2ZfnnEATh84dphUFgJ9DiR2Jc2k+zug/qcohX3Hgnd+fNLzMOSA4Rc8n7MZDhWPjTtKkXqlGSqYU0gfgN7pBdn5dQ4JE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nifDS4gy; arc=none smtp.client-ip=209.85.215.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nifDS4gy" Received: by mail-pg1-f181.google.com with SMTP id 41be03b00d2f7-7c3e1081804so1925680a12.3; Mon, 07 Oct 2024 07:50:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728312630; x=1728917430; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rOSaWXUvmAwO/V+X4Wf8hE6beLEX5jMwcQWbLUwGe5Q=; b=nifDS4gyeKs79AmgxiGRME7MQty0COix8jM5+6WOoyfMCtHd43NyyEEIEAeRmFm4y2 kiUS/i26DyNoJYbjXHlCVUpWYj25ogaEjyOav5cbpzDkgt9T7gL0nwnzj7uXmRfXGFlu 5u43ogfr91ssUIjhC+KIpfCSxgrC6r0gyZvB0C8SjsH92aMblBNt9tsswYFnDPXqNdk+ 366TobA3QtfHpxk7pvmRsly9MrnIGlkQCEPJTxqcsH6sMdfCwobP1LZkrLi8Z929vvlf 16V9zkvO8QdNPfEqDT6eLYGkXphR/5O/atQjrM3IR6yrs/tEiWSM8LBYL3681wS+6oQH ivaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728312630; x=1728917430; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rOSaWXUvmAwO/V+X4Wf8hE6beLEX5jMwcQWbLUwGe5Q=; b=mm42SKLAI6554qaSCHETYpoXKK2Z+//ZLcyYMZnr5Fe9zhcYsOxk5bxoRpXggtA0xF GNHz8EADrOsAH1fSF+j1b+L5uypOOYE7fuRBjV3jx7g+oAerEDkLsUb23y2SOlcp/864 W3W9x/IfoaalpJsJ8SL++Hhbq9vn1FsLjnAPEmJ8kpaKjeTQXylpqiQBO8dhrBJJxwCb Wbao8aHv5MXalUtKoqCGe4w4qiE4cLTDlqs7czCgDY9W6l9UMcShlO7nixCBbh/x0BT0 VzeWFk9M5Ifdtdd5haFIfAqvOBKA+eikxSL9LBrsN6+Ur6+qP6ON6WWmQlPHYFuHVLPL ch/A== X-Forwarded-Encrypted: i=1; AJvYcCU3uAAevuR1YryBavybchPU0BG1RZgu+FNtTroMt2GNe8dUrL5xWskpFEgAcAWkArfYqW9TtkD+rpsGHqhHDw==@vger.kernel.org, AJvYcCVhnueL3W9b17N2DRFsJrNwUeCQ+tYilgRhXxm5MJAX+06PvQuZU/5u/rihRMB10g4gIZ+JvMJ/@vger.kernel.org, AJvYcCW6vNYi2/RDqG92P4ENpXi5XEjiTjNdMvyPACAf1CWbFRNJt91MbjlDqk5BzvZBXWchwylS@vger.kernel.org, AJvYcCWRfK32qB3z8W8SSHp6IryhD0+E5isc4+eQM8dXK4yJ7SUpfPiYSKNjI+eXwx74bCUq6cmU4TXuu/e3/f4DkrmaNhCp@vger.kernel.org, AJvYcCXD/DMfREcdWUKOxqXGV9eDnIrG16y3cwjWivF1hITY/G/b1uuUwI4qlXB9ufV0l/1+p1K+5BgazA==@vger.kernel.org, AJvYcCXE3PkoHjKhhMW7wnKOWitLTnpTLTSMzl9YAeGc8nE8hQsAkC9b028ZKqhV5tQUIAzTWcGtvA==@vger.kernel.org, AJvYcCXOkcJgeTCyrUnFAdIG7ie8sdYbnXaBmNjJ5q4BC8u5eKJ4kpqsYSGEhDPn5XT1zNhKQev0rbq9CKW9DVFcEVR9tDZQeQI/@vger.kernel.org X-Gm-Message-State: AOJu0YxIY2cgnrWahllZof2nO2jPbjxGQ6hUTAzY0zyOuh2LTbvoCvcH 2gHhSqpRWWskm1/7Z91DZRtyg58yjLI5Fkt4bEkOtSIZOrOfU9cJ X-Google-Smtp-Source: AGHT+IHqOdUcOlcgWNq7VMpvl6yahiIrnpFyiw3ojJd2mp7haZXT77OIrOQnvCwSUS5AAO7Cn/LNdA== X-Received: by 2002:a05:6a20:9d91:b0:1c8:a5ba:d2ba with SMTP id adf61e73a8af0-1d6dfa44e04mr19075009637.22.1728312629925; Mon, 07 Oct 2024 07:50:29 -0700 (PDT) Received: from localhost.localdomain ([223.104.210.43]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71df0d7cf82sm4466432b3a.200.2024.10.07.07.50.20 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Oct 2024 07:50:29 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, keescook@chromium.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Andy Shevchenko Subject: [PATCH v9 5/7] mm/util: Fix possible race condition in kstrdup() Date: Mon, 7 Oct 2024 22:49:09 +0800 Message-Id: <20241007144911.27693-6-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20241007144911.27693-1-laoar.shao@gmail.com> References: <20241007144911.27693-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In kstrdup(), it is critical to ensure that the dest string is always NUL-terminated. However, potential race condition can occur between a writer and a reader. Consider the following scenario involving task->comm: reader writer len = strlen(s) + 1; strlcpy(tsk->comm, buf, sizeof(tsk->comm)); memcpy(buf, s, len); In this case, there is a race condition between the reader and the writer. The reader calculates the length of the string `s` based on the old value of task->comm. However, during the memcpy(), the string `s` might be updated by the writer to a new value of task->comm. If the new task->comm is larger than the old one, the `buf` might not be NUL-terminated. This can lead to undefined behavior and potential security vulnerabilities. Let's fix it by explicitly adding a NUL terminator after the memcpy. It is worth noting that memcpy() is not atomic, so the new string can be shorter when memcpy() already copied past the new NUL. Signed-off-by: Yafang Shao Cc: Andrew Morton Cc: Alejandro Colomar Cc: Andy Shevchenko --- mm/util.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/mm/util.c b/mm/util.c index 4f1275023eb7..858a9a2f57e7 100644 --- a/mm/util.c +++ b/mm/util.c @@ -62,8 +62,15 @@ char *kstrdup(const char *s, gfp_t gfp) len = strlen(s) + 1; buf = kmalloc_track_caller(len, gfp); - if (buf) + if (buf) { memcpy(buf, s, len); + /* + * During memcpy(), the string might be updated to a new value, + * which could be longer than the string when strlen() is + * called. Therefore, we need to add a NUL terminator. + */ + buf[len - 1] = '\0'; + } return buf; } EXPORT_SYMBOL(kstrdup); From patchwork Mon Oct 7 14:49:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13824856 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 31D3D1D86F0; Mon, 7 Oct 2024 14:50:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312643; cv=none; b=HTc970wFWKygRKjyfHuJ9OrFFcf/Td/65aCy6tfHMO6KM8O83VpD63YNtko1rJBbcWleKNB7ykD8hbpTHEMVv/PKMMsvw1IHW3e7aZusVGhk2o0Y8FnMOpxqGAr7VD5M9/2GWAY8UnyS29hXvblS7jPSO6PawbR8CRfcfwNm4+8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312643; c=relaxed/simple; bh=c5U2Exviiu6Srl3rXG6VqnIZy3pE3F88q4hZx/ZFdtc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=d5DfhdqfFE8dNnrVbzlMRZ84QeA/tYgtSrS5ALMprW63H3dLYCgwXTQK0iOXxoL7YiN7NQ1FlDj0bgoNBzvqGQr7luxLw4PNUfUYbWLeZyABUQ2J29rHRVHUuyYGbDVx+KL+d01OHSJd8oKWEInMZ/9lYozGQZF7boSb+HBQtY4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=QZ8glgve; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="QZ8glgve" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-7db54269325so3686890a12.2; Mon, 07 Oct 2024 07:50:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728312641; x=1728917441; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fBFkTCCgw4nKzS/UQclQt52OlK7datrkk2Sl/mMl9SE=; b=QZ8glgve80KXfDl47oe49zH3KqODXChyaUElx9SQ+PRXEdvzPVYoJXc54F5ulr+GOs muMlFTeVPYNPGBegSFLHu/K/2pGx0DIkOqqDVzvc7IiCkzS+H9SoGj4FgumrH1WHj0H5 IhZlZo1Y5c0uWpAehiNlGjF+CG/UCyVm6/k8ZWkfUMf68Ce4gOOglyDFoRNbxSOffwLN PiXdhhbnBj1JyqESAIc+kQS8ZblV90c+HF1//ghJGrrS6XJWGYMRhbo1r4jsEllXVsoX rsItvuNpfZOqR30QLtuEeqbQHnnq8rucCD+FvorV+HXcNqS4Eyqgf4bwOfSuhpDka06y fl9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728312641; x=1728917441; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fBFkTCCgw4nKzS/UQclQt52OlK7datrkk2Sl/mMl9SE=; b=whYDLHruUwDn96gImMVGKNw1Eh5jp60qF/aw0DAS8wuVGSb8KWYFfgeu8mSr+0BhmW DvBX4h66kfP9kuzJuHfTzj6RdmAXkQn1QYJIeDICu17a/SZesM4q+hZi4Zd+kgWyGzWP tFpCWsn+1oqyBBQR9aFXym0LkbRLzGgB7hS+W5W1WPVCCIB1xkDGBnFT4cU1oD88ORkl NY6iX3h8+ZmX46HWbVsa0AxQgZCOqI8VdPdaSLykZcCEo+yEG9bsD2J2nQeAbbFWXg2J liri37l3nJ8ByR9hhMbYJrT4SiGz7D3bgWolu1bPrIlHUg81TrfgMevnccFDi2LAhHy4 m2Lw== X-Forwarded-Encrypted: i=1; AJvYcCUM1RArpcYzljJIoPoao3a6oDN/0uCtgPlOnH75SAgyS9W0ihAt8DcpdLk6xQs7yzRjInwFsKoEVUcuHp9O0fvasp9Dtr41@vger.kernel.org, AJvYcCUUs/A0qK75H7M7HZQCMw98FI7o4EIfzU7LXJuL9c3l5FuM6fgBO1U9AJreshLm+4y3V2xu0qxnG9ululYtYw==@vger.kernel.org, AJvYcCW0BjQ79M2ksht0coRKULFXljRulhqwpsOqX5tdJ91ngZXvTAI5+RjSjDXlMaKUELpjL9tl6UK5nYoh8BPZZ4NRhRqx@vger.kernel.org, AJvYcCWCHWmt/sFo0SeVd5BnT11a/HV5q4ZMxpZvRvInJ+U1U2NZVJW5jZxj/1LfWvjWxvAtnufqM5JBkg==@vger.kernel.org, AJvYcCXByDPTjo0mBG9BveVInlfsObuxmbN02PtavMjxPc4l1201VGSm100eUIUgVvA456tKts+Qdw==@vger.kernel.org, AJvYcCXDxmENVC7IghhFgsPuaMD5dZfoPPd1KJ5GF+9w1F9T4nvAaviT92jYAWAgZYjQ2vTgy4mTViSI@vger.kernel.org, AJvYcCXEfJD8ADKdpN4KdcjypBIGV4ffCuAy3SPoF7vyf6hPBuGNfATJOItPpb5IHRhSMoR5MXDO@vger.kernel.org X-Gm-Message-State: AOJu0YzkCji9e4DjweBUfJ3s2D3kBGEuF+rpgHx2gbXPleQcS+12pnkM +0zx5kMjgXkLi2WpMIkP2ts2+Iy5wE+0IY61SB6cMeysTYhQUxbo X-Google-Smtp-Source: AGHT+IGsy7J8upAtizdqT7cwdExa0Ot6GSfKRh917J35OaiwbZMAM2iFolVRA0oRI0wvfYtn8vWlEw== X-Received: by 2002:a05:6a20:9f8f:b0:1d3:e4e:ff55 with SMTP id adf61e73a8af0-1d6dfa22f17mr20436900637.7.1728312641423; Mon, 07 Oct 2024 07:50:41 -0700 (PDT) Received: from localhost.localdomain ([223.104.210.43]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71df0d7cf82sm4466432b3a.200.2024.10.07.07.50.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Oct 2024 07:50:40 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, keescook@chromium.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Simon Horman , Matthew Wilcox Subject: [PATCH v9 6/7] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul} Date: Mon, 7 Oct 2024 22:49:10 +0800 Message-Id: <20241007144911.27693-7-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20241007144911.27693-1-laoar.shao@gmail.com> References: <20241007144911.27693-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 These three functions follow the same pattern. To deduplicate the code, let's introduce a common helper __kmemdup_nul(). Suggested-by: Andrew Morton Signed-off-by: Yafang Shao Cc: Simon Horman Cc: Matthew Wilcox Cc: Alejandro Colomar --- mm/util.c | 69 ++++++++++++++++++++++--------------------------------- 1 file changed, 27 insertions(+), 42 deletions(-) diff --git a/mm/util.c b/mm/util.c index 858a9a2f57e7..c7d851c40843 100644 --- a/mm/util.c +++ b/mm/util.c @@ -45,34 +45,41 @@ void kfree_const(const void *x) EXPORT_SYMBOL(kfree_const); /** - * kstrdup - allocate space for and copy an existing string - * @s: the string to duplicate + * __kmemdup_nul - Create a NUL-terminated string from @s, which might be unterminated. + * @s: The data to copy + * @len: The size of the data, not including the NUL terminator * @gfp: the GFP mask used in the kmalloc() call when allocating memory * - * Return: newly allocated copy of @s or %NULL in case of error + * Return: newly allocated copy of @s with NUL-termination or %NULL in + * case of error */ -noinline -char *kstrdup(const char *s, gfp_t gfp) +static __always_inline char *__kmemdup_nul(const char *s, size_t len, gfp_t gfp) { - size_t len; char *buf; - if (!s) + /* '+1' for the NUL terminator */ + buf = kmalloc_track_caller(len + 1, gfp); + if (!buf) return NULL; - len = strlen(s) + 1; - buf = kmalloc_track_caller(len, gfp); - if (buf) { - memcpy(buf, s, len); - /* - * During memcpy(), the string might be updated to a new value, - * which could be longer than the string when strlen() is - * called. Therefore, we need to add a NUL terminator. - */ - buf[len - 1] = '\0'; - } + memcpy(buf, s, len); + /* Ensure the buf is always NUL-terminated, regardless of @s. */ + buf[len] = '\0'; return buf; } + +/** + * kstrdup - allocate space for and copy an existing string + * @s: the string to duplicate + * @gfp: the GFP mask used in the kmalloc() call when allocating memory + * + * Return: newly allocated copy of @s or %NULL in case of error + */ +noinline +char *kstrdup(const char *s, gfp_t gfp) +{ + return s ? __kmemdup_nul(s, strlen(s), gfp) : NULL; +} EXPORT_SYMBOL(kstrdup); /** @@ -107,19 +114,7 @@ EXPORT_SYMBOL(kstrdup_const); */ char *kstrndup(const char *s, size_t max, gfp_t gfp) { - size_t len; - char *buf; - - if (!s) - return NULL; - - len = strnlen(s, max); - buf = kmalloc_track_caller(len+1, gfp); - if (buf) { - memcpy(buf, s, len); - buf[len] = '\0'; - } - return buf; + return s ? __kmemdup_nul(s, strnlen(s, max), gfp) : NULL; } EXPORT_SYMBOL(kstrndup); @@ -193,17 +188,7 @@ EXPORT_SYMBOL(kvmemdup); */ char *kmemdup_nul(const char *s, size_t len, gfp_t gfp) { - char *buf; - - if (!s) - return NULL; - - buf = kmalloc_track_caller(len + 1, gfp); - if (buf) { - memcpy(buf, s, len); - buf[len] = '\0'; - } - return buf; + return s ? __kmemdup_nul(s, len, gfp) : NULL; } EXPORT_SYMBOL(kmemdup_nul); From patchwork Mon Oct 7 14:49:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13824857 Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69EFC1D88C2; Mon, 7 Oct 2024 14:50:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.173 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312655; cv=none; b=IpHl58Dv+U6xLP8qW7ilh6Y5stKl0S0FXt1k5q8RBN+zB0xWtBl08D4BAVeoMBFbwzyHhUmEXuQ2P6GjKWrRTYVEPAwED73sPkpzBHM4TznswAYpOmGeMlIYiZnSGbhCuOV2Ytod4Fn2PvvWBL4q/Pz8Cqc4pcaqx/72EHwPFhg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728312655; c=relaxed/simple; bh=OZEyX4n+Td0PTF363pltBKc8zrr6moif+9ekNUxMXtA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=lMpfJMhrpy8HKw08YoOOwk6IhkGvpV15owebjtep+64JhEmDZVmPQ4HYyIm2S29tYj4meRb5nlO402UL0k6KK60W/U98GbGleksOhZb8pqiauJoXIIN7L9b8hcsrm0+MIzceO+p3vTMdaDGIXdTxUTwbLxdkzLfyJjxmlqvoH+U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MJQXWdP4; arc=none smtp.client-ip=209.85.215.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MJQXWdP4" Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-7cd8803fe0aso3101987a12.0; Mon, 07 Oct 2024 07:50:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728312654; x=1728917454; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7VwBx3mFnKYzOzVHPezqvf6E6t3GSTY/lMuePwrb08s=; b=MJQXWdP4MsNAqlLA0QbrgUBdjt08l3YS6AzWq5ETPtfLyKyne2WUcWiPLKAY3wAxav HAQOPFUvrrz41lRTcWrzn/fEMzmZkwhghjIz7hkVm4V69mEfMXKmvpFeUUR1o4d3aYrX DSUkWMUo63N+Cm9+5bcJBEZY6++m7nqznUBtMVnDQRJwnAbcYaaJpmdNLGcHzv0TYIdp +DOqCF0CY6plmxbLNLDkpIaY8qO1nGBwmhla9R4HPiHKpG5EuDXKmNOrXl68mF/wSDL9 0SXYmBW2lIPb5LCzcy8cGBhhYbenskBZ0GqRQf/mNskrSq3koSGkwhHZ2PgJFYNhXJc6 80OA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728312654; x=1728917454; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7VwBx3mFnKYzOzVHPezqvf6E6t3GSTY/lMuePwrb08s=; b=EiNWMT/7Mx3eEtSsqiNzOyNdXK4CGgMw1XlCLaLt3Gu41m0/v8dYBptOTpjk8/PnG3 AkRYzCi2H6OjbTYv7Bhg5XPylaBO5FI4nU9oaleVFmwc8ldTWeg9cGfpHRiaxkJqkq7D 9+Y9+nAPUvkhxkS1lYS1/UKz22AoTHPeF2CNb8rHwX74mQfdYGy1u8O9uZpHp5jdx69t cwJ/nCCj0iFfZzBZQTJD/k52sV+Onhx5YaDgmnpDta3/sURismVZxAUgOoVKXI/lTZ9T xGI1Tb4aEqc46mlmxyBOROhPCfAs8ndPWef28u9PK/CKZhPZ4k5lc2oyAKzYgy2RsM1B kmrQ== X-Forwarded-Encrypted: i=1; AJvYcCUFcmtv0nPk/2kbzMZLdbCivUQYVDVu2Ism6CPLMhJFFj2YnsMNGhxlEuH1wvupT1qksq9y6y0PtT80UEeHwRusb1gx@vger.kernel.org, AJvYcCVNBL4YrxGfhiKiuS05hFFtHulQjI/KzAjTtAPuaHVcr7tzQpnfLfmAs1QMEVQ5CUqLxTiSBv7l4Q==@vger.kernel.org, AJvYcCW1v8eWRHzeY8mW1qLl4+ucpdAF6XTAm9EJiRMg6EaseZ7miH9euPhvOppCKkUjlZCbG8E9Yw==@vger.kernel.org, AJvYcCW9FBrv/mAQFSVgkZ+8z7TN8Swcu9eNF1tOlSw42VU/Lf7UqhKolHuR9dkkgVQ9GOyLsfTd@vger.kernel.org, AJvYcCWVG9XJrU5gHYsBwK7pUzElLVRkNKz3y9pkHtlvE0deoU2BrjExN91z6P9EOESh6uv8yI5Di2ax@vger.kernel.org, AJvYcCXRx7qJImsHnNmvO9nfwzvIDD8r5dINlCE2STez3GP9tFaA26FEylcG2JU+bMLxhfOunb/f1ZUbc3LgUR4xtQ==@vger.kernel.org, AJvYcCXloclypBpq5EwXkwttAFV/aGSXcqB2gGk3OD5PU5DUrV/drAPM1fGf/aLVB6GOi/W6Lc1D+dCXF7d2+CLMYIb0DHjO8wRi@vger.kernel.org X-Gm-Message-State: AOJu0YyNQ3oDKDUJm0r57JyMgURZP60sBTnlmT9/hyj8/ZIPEj5C8E6I AgSR8IZhrNe/AyfCrNz8Dsihv6VDBSr+5349ggO7eIRCZn8VBt1N X-Google-Smtp-Source: AGHT+IEwpXCzalPlyOY9Cdfli1GLzxvFvEupvvujLKDDOEy0H0EsRpGoLeoHLvpBbBHNCnkbeHqgcw== X-Received: by 2002:a05:6a20:9f8f:b0:1d2:eb9d:997d with SMTP id adf61e73a8af0-1d6dfa23bccmr18227823637.7.1728312653634; Mon, 07 Oct 2024 07:50:53 -0700 (PDT) Received: from localhost.localdomain ([223.104.210.43]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71df0d7cf82sm4466432b3a.200.2024.10.07.07.50.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Oct 2024 07:50:53 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, keescook@chromium.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Daniel Vetter , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , David Airlie Subject: [PATCH v9 7/7] drm: Replace strcpy() with strscpy() Date: Mon, 7 Oct 2024 22:49:11 +0800 Message-Id: <20241007144911.27693-8-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20241007144911.27693-1-laoar.shao@gmail.com> References: <20241007144911.27693-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To prevent errors from occurring when the src string is longer than the dst string in strcpy(), we should use strscpy() instead. This approach also facilitates future extensions to the task comm. Suggested-by: Justin Stitt Signed-off-by: Yafang Shao Acked-by: Daniel Vetter Reviewed-by: Justin Stitt Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: Thomas Zimmermann Cc: David Airlie --- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/i915/i915_gpu_error.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/drm_framebuffer.c b/drivers/gpu/drm/drm_framebuffer.c index 888aadb6a4ac..2d6993539474 100644 --- a/drivers/gpu/drm/drm_framebuffer.c +++ b/drivers/gpu/drm/drm_framebuffer.c @@ -868,7 +868,7 @@ int drm_framebuffer_init(struct drm_device *dev, struct drm_framebuffer *fb, INIT_LIST_HEAD(&fb->filp_head); fb->funcs = funcs; - strcpy(fb->comm, current->comm); + strscpy(fb->comm, current->comm); ret = __drm_mode_object_add(dev, &fb->base, DRM_MODE_OBJECT_FB, false, drm_framebuffer_free); diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 6469b9bcf2ec..9d4b25b2cd39 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -1113,7 +1113,7 @@ i915_vma_coredump_create(const struct intel_gt *gt, } INIT_LIST_HEAD(&dst->page_list); - strcpy(dst->name, name); + strscpy(dst->name, name); dst->next = NULL; dst->gtt_offset = vma_res->start; @@ -1413,7 +1413,7 @@ static bool record_context(struct i915_gem_context_coredump *e, rcu_read_lock(); task = pid_task(ctx->pid, PIDTYPE_PID); if (task) { - strcpy(e->comm, task->comm); + strscpy(e->comm, task->comm); e->pid = task->pid; } rcu_read_unlock(); @@ -1459,7 +1459,7 @@ capture_vma_snapshot(struct intel_engine_capture_vma *next, return next; } - strcpy(c->name, name); + strscpy(c->name, name); c->vma_res = i915_vma_resource_get(vma_res); c->next = next;