From patchwork Mon Nov  8 08:38:35 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yafang Shao <laoar.shao@gmail.com>
X-Patchwork-Id: 12608051
Return-Path: <SRS0=Ztt1=P3=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 50C2FC433FE
	for <linux-mm@archiver.kernel.org>; Mon,  8 Nov 2021 08:39:35 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 052AD61163
	for <linux-mm@archiver.kernel.org>; Mon,  8 Nov 2021 08:39:34 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 052AD61163
Authentication-Results: mail.kernel.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 9C4B26B0073; Mon,  8 Nov 2021 03:39:34 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 974D46B0078; Mon,  8 Nov 2021 03:39:34 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 83CBF6B007D; Mon,  8 Nov 2021 03:39:34 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0040.hostedemail.com
 [216.40.44.40])
	by kanga.kvack.org (Postfix) with ESMTP id 758B16B0073
	for <linux-mm@kvack.org>; Mon,  8 Nov 2021 03:39:34 -0500 (EST)
Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 285D92D00F
	for <linux-mm@kvack.org>; Mon,  8 Nov 2021 08:39:34 +0000 (UTC)
X-FDA: 78785114226.27.36C2BEC
Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com
 [209.85.215.170])
	by imf25.hostedemail.com (Postfix) with ESMTP id 40B22B0002AD
	for <linux-mm@kvack.org>; Mon,  8 Nov 2021 08:39:23 +0000 (UTC)
Received: by mail-pg1-f170.google.com with SMTP id p17so14533888pgj.2
        for <linux-mm@kvack.org>; Mon, 08 Nov 2021 00:39:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=pMvCN74ycpQtuiyiIco6Y7Jz+XXe+RFDsv6G89oMXm4=;
        b=c4A9tarfW3eVsp46QAt4AR1nyCmnNvt5dVVK234LNS0uX8r6BsOgCAPOiCqxs3LbUI
         /xWgGIqLh2OFP7JQsuQo+ZLqMNeVgfvziBtdZX5JhzsuGdtdqaaxCxHM7qKw1C3YfZkC
         R6YX/9r1i0bRp1jS95bazWORKKTyRrBUaW+OYJ6diyZOpiEb1XzRVjFpt0iSBloqkEj7
         +9O7AK5eq6iCFNB1e/+QF6pB/lqRQMh6JiqbE3SJ+0zLZXu53alxkrc643rYYLBfiR7o
         K0qCPuYXgyr+5VXUb+tYHHviFwCxfChPpGq41G69PJ3BPQy6cyCeHN+MTGDK9BlCtGSB
         Jk9A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=pMvCN74ycpQtuiyiIco6Y7Jz+XXe+RFDsv6G89oMXm4=;
        b=z8eJDRwLrr3dkq3cFyWGeA0gNWrWzG113Q8iioGauxC+bWWDSn2nNttT3GG9rFE5Fc
         2eQTfiXF7+AJMxeGrMkiXTO7s+XnW6LN1ion3uGMSbWBhAqqeduISYDRFlda69XDP5fw
         B2fa1VoMhOPjZUHSm9reIz36eb+/MwbGOQxqexTQ/opTREAfJEssmvg8cAeBhPE4qmJk
         7V6UoOKRrjOFNXsibWBMn5a+X5W+v7mylmgqYWmMsGakGdnx6a4tgBLn2m8Os9rcYQl3
         I73fI63yHQsbAvC20DXMCuqFWUf17esmdUQFFGvYO5yyYmMscTl3WJPYPgGeRPfu0NHF
         S2iw==
X-Gm-Message-State: AOAM533RH0O6EWQxwiLNZ5WRUXBAWlvns1A5ruHv/ioeGYosQZe/24UL
	7J8C3R1+vhl7+nsFSl87GDw=
X-Google-Smtp-Source: 
 ABdhPJwHHU5s/XJqHJ5mA3bH36SqqIoONZM5F5Gk6ynW4tqq/51O2I2aSuIIWykfZ34KJrCRSlkf8g==
X-Received: by 2002:a05:6a00:216f:b0:49f:dcb7:2bf2 with SMTP id
 r15-20020a056a00216f00b0049fdcb72bf2mr4101842pff.19.1636360773086;
        Mon, 08 Nov 2021 00:39:33 -0800 (PST)
Received: from localhost.localdomain ([45.63.124.202])
        by smtp.gmail.com with ESMTPSA id
 w3sm12253206pfd.195.2021.11.08.00.39.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 08 Nov 2021 00:39:32 -0800 (PST)
From: Yafang Shao <laoar.shao@gmail.com>
To: akpm@linux-foundation.org
Cc: netdev@vger.kernel.org,
	bpf@vger.kernel.org,
	linux-perf-users@vger.kernel.org,
	linux-fsdevel@vger.kernel.org,
	linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	oliver.sang@intel.com,
	lkp@intel.com,
	Yafang Shao <laoar.shao@gmail.com>,
	Kees Cook <keescook@chromium.org>,
	Steven Rostedt <rostedt@goodmis.org>,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Arnaldo Carvalho de Melo <arnaldo.melo@gmail.com>,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	Andrii Nakryiko <andrii.nakryiko@gmail.com>,
	Michal Miroslaw <mirq-linux@rere.qmqm.pl>,
	Peter Zijlstra <peterz@infradead.org>,
	Matthew Wilcox <willy@infradead.org>,
	David Hildenbrand <david@redhat.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Petr Mladek <pmladek@suse.com>
Subject: [PATCH 2/7] fs/exec: make __get_task_comm always get a nul terminated
 string
Date: Mon,  8 Nov 2021 08:38:35 +0000
Message-Id: <20211108083840.4627-3-laoar.shao@gmail.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20211108083840.4627-1-laoar.shao@gmail.com>
References: <20211108083840.4627-1-laoar.shao@gmail.com>
MIME-Version: 1.0
Authentication-Results: imf25.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=c4A9tarf;
	spf=pass (imf25.hostedemail.com: domain of laoar.shao@gmail.com designates
 209.85.215.170 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 40B22B0002AD
X-Stat-Signature: 7qwggfouqt1j6i7qnj6hb9iowgsshkqq
X-HE-Tag: 1636360763-199656
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

If the dest buffer size is smaller than sizeof(tsk->comm), the buffer
will be without null ternimator, that may cause problem. Using
strscpy_pad() instead of strncpy() in __get_task_comm() can make the string
always nul ternimated.

Suggested-by: Kees Cook <keescook@chromium.org>
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Arnaldo Carvalho de Melo <arnaldo.melo@gmail.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: Michal Miroslaw <mirq-linux@rere.qmqm.pl>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Hildenbrand <david@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Kees Cook <keescook@chromium.org>
Cc: Petr Mladek <pmladek@suse.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
---
 fs/exec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/exec.c b/fs/exec.c
index 404156b5b314..013b707d995d 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1209,7 +1209,8 @@ static int unshare_sighand(struct task_struct *me)
 char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk)
 {
 	task_lock(tsk);
-	strncpy(buf, tsk->comm, buf_size);
+	/* Always NUL terminated and zero-padded */
+	strscpy_pad(buf, tsk->comm, buf_size);
 	task_unlock(tsk);
 	return buf;
 }