From patchwork Mon Oct 7 14:49:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13824827 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2EC51CFB43F for ; Mon, 7 Oct 2024 14:50:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BBF426B009C; Mon, 7 Oct 2024 10:50:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B48556B009D; Mon, 7 Oct 2024 10:50:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9C20F6B009E; Mon, 7 Oct 2024 10:50:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 787546B009C for ; Mon, 7 Oct 2024 10:50:15 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 31B5AA0838 for ; Mon, 7 Oct 2024 14:50:15 +0000 (UTC) X-FDA: 82647091590.03.54D68FE Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by imf16.hostedemail.com (Postfix) with ESMTP id CC3BD18001B for ; Mon, 7 Oct 2024 14:50:11 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="hj/YfPfH"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf16.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.215.180 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728312586; a=rsa-sha256; cv=none; b=5RXu0KCJi6BZ62h51x2DvxWwE8EDsZik2nGCzIKbFUjYayFKXxumEoX8jOVqiQ+LT1fFwp I/VUnWxWFLzLfHRT/z9Fz+G6n6T94YYX6YspE2kBa6U50psueEOJHj/7ZWgbUJz7+/W5DD kG7Yoem5qloD8K+GvUCvDci5AnldNHw= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="hj/YfPfH"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf16.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.215.180 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728312586; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mIIMsSPqVp5AusgTbRbdrgF3qEr8ccJBENe3BbQ0UBw=; b=HIW0FE+/krWpB7pTwf7t2JQaYmJp6IT5nrtRUiMSqvDwBvpZVtABA9j34wseylTgMkL83b ftRQIqmVDQ99vptOZz3hGS57CILX1N8s/BNL7e6XHbMpZhHWYdbqAcYrR3rhBkE5XqkkzA pMfY3MF+n4RbvEHjv25aMA547paaZ24= Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-7ea0728475dso770351a12.0 for ; Mon, 07 Oct 2024 07:50:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728312610; x=1728917410; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mIIMsSPqVp5AusgTbRbdrgF3qEr8ccJBENe3BbQ0UBw=; b=hj/YfPfHGjDc3Dfo+dFhsCz/qc1FNLgN9EqOa0ZbgLQL8wcDEAlsZQ9p04u49t0yG4 GvHA+wdnvc9wgJkxV1Ly2rVUnX2t1LvKmkQH7bLsa5JLXRrfO/pvxK9ocZL9LNi9f3kM Yyeq8kkSf8LHwlGrBfvSI2eBB1IcwuHIJpuwDOe8L6b07cQOcJvZ6BHKAlGGfkbjOw8A RLAGMfzlIYe228dU+57uhZnyUL+HMFm3MSqKRUUMuBsLyEjnYsSh753T6lradq0ms2NK ZkAKUmWej0lRFaslKOzqJe3Uc5FNZW+trw7pUkHwpFUVIJyHXBUUJDQBbUwVxyMjcscL +7ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728312610; x=1728917410; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mIIMsSPqVp5AusgTbRbdrgF3qEr8ccJBENe3BbQ0UBw=; b=w7r+waMWVIPTArpHoV0rw83VtRyZSIfCmP0BY0XF1ZmeOq7bZoMhFQbapsI980kEZ5 XjFr74BnhhNwSL+C9arkM5bcDhsbUUZl1NjFgd6YejXZgpssuRJ9m7hi/w0QpseSm1QQ Li5BY0Wz2YbMtCLegs5c82e8gmUcaB6QIVn9gNES+f5orQJBKeoeuHUvboWwmvQ1JfRx 2mym/uqXoBvFjMtyIqW/F0X4QYbutEwE/bC3FUKo1xbxTGgZNttGvB2Lfyzce6tlKdn+ leVhPJhwyhb66VMGzHXPEDf9xy7pedZ0X4x3MynnFWnKIWMiS92Waryo4h6CuNBmZcQ6 tdgQ== X-Forwarded-Encrypted: i=1; AJvYcCVZ2FHvDYr88Nq+grd4dXgK/ITCJ3yuQg0iDl2dw+G+erlSAitjXPrMT9I8tBHUVl46jJ3GeHtSIQ==@kvack.org X-Gm-Message-State: AOJu0YyXb8aC8YG0xKT1YWybjzXYRI0mPt5ZmNmLMX8n+xUquuK7/9Uv LgvSmPLspgv6CGQiU9JwTQQ84aKaTKCIhXxcEX0QqwiBq25a3xVR X-Google-Smtp-Source: AGHT+IH1T8Z0gS8IM4ef+l7Ymhr8kCvYXDO1WRSDOYONvg5988rUz94lZcz2t9FfyyE+YN0pNKr/oQ== X-Received: by 2002:a05:6a21:9204:b0:1d4:fafb:845d with SMTP id adf61e73a8af0-1d6e02b14a1mr18448839637.2.1728312610165; Mon, 07 Oct 2024 07:50:10 -0700 (PDT) Received: from localhost.localdomain ([223.104.210.43]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-71df0d7cf82sm4466432b3a.200.2024.10.07.07.49.57 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Oct 2024 07:50:09 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, keescook@chromium.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Paul Moore , James Morris , "Serge E. Hallyn" , Stephen Smalley , Ondrej Mosnacek Subject: [PATCH v9 3/7] security: Replace memcpy() with get_task_comm() Date: Mon, 7 Oct 2024 22:49:07 +0800 Message-Id: <20241007144911.27693-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20241007144911.27693-1-laoar.shao@gmail.com> References: <20241007144911.27693-1-laoar.shao@gmail.com> MIME-Version: 1.0 X-Rspam-User: X-Stat-Signature: pp3z4jouuiggracybz6t7zmo6ix5zotg X-Rspamd-Queue-Id: CC3BD18001B X-Rspamd-Server: rspam02 X-HE-Tag: 1728312611-437891 X-HE-Meta: U2FsdGVkX1/K5jTQCcNrqKeRCZh/saTpNnu7NuYfDra3c2mRz5jWjAA+u3WueG4IKXJ8of3o4sVxUpJuRdgMrp2ucEIi3SNXoc2Fu3dBRPFagVaBtccr9WiAE0XpcluJKZaLTJwE3O5RJuXssyOcUM0P0Mjcu32Qxz7kJYuglHUz3BJwhaAdBmgcekyWpJNsx0pb6L2A86LvQTM+hU/hJF2AeXe9cEgK7liPYga6A5LTUIXV1KG65rn3jj4xKYk9yYL6aLfi7trvEq4KHxYtP6FAM7VZMQN9sj9G6s3C5SsLvJhavmYvQhokDbjyACE67SjGRlk5VbB+5p8ZpS9pgngB4Ax4m791KwsE6MhQRj/MfDVw8B47JGvWvoT59Kcn6b1xljVoIHOyH+0oeyjqAxMR9smim5KYUalenZNxZlynms1xGYJFkShfH+McUi+j8K8GWEFHWwVq4Edp9t3e0ANCYUuUM5rD/E8kRF7cOGzKEbR5P0nFUQUbffcjedjhZWnR58UJzonu9PiLiQAHRcx1NJ0b33F8yxAzSdthN+3KBFw5HhgjuEQfNqI1e8Suh1NRbx5IqNMNvllS+xSNOBIuOL5PNOEbZxCtvlH1axaCqQz6PgaaPdJcdTLI8EP1esgyBRa03MNTzPcuBHGo72Z22PPMoq1kTjeHc5eGn8xCr8h5Ny32CASzV4c5CVrGIOVoL/XDhEniGjwohSOMy6krf5uVKs+63MtUxo1iz1iarHV+h51lYSKTR7/4IoBJTMRl+kmXtzuQ+v6i9Rw0Lw5gU/YBUivSwugDSPt7PvqOYtBmoMOaNdj/eJ9hWfpWmFiBmG/xz9g/PDcbHTxAn+uMmXX3sVcvtltnI+3vXHnitC/5cwDY4I1SPERsGVS1p5oCrD4zmKDDYS2d4iYl3zbUVxnMfPFVkTod/E6tFWdyrD1tAGAcddXgv1a1PkaDaRT3zH92n5UKD7cXoud XiWrkfui OkIe08PLjtM3moAQSYpJQEEkSI889wMGn6498xW+JFSnPpyTKI66ZfIasO0B6tag4rlrMs67m6Vr+VamtYhP1fp5EoJ97Gf8vt5z2ADpvkO6zmxlupfwECKOq+DO7aZ3sEmvMZauHJxvfWMo1v0MEBcmm/cGryWPgTFLtjMADbL40lOBhGo8EmfLbF+XaJ0rdbqbSdyJjtgUehhrXUolmFXBUnokbjYhg7q7h1Fg7xTlJ9KXW3yHzY++H4mOyHH5e7oh0wZKyrYTnHPa96I99u+cXoDCBv9cJEd5uNq289pDcQVwHRuV0CCacwjyxlGTDjsW6mN2zEeNKmxTNNPgRFWP/UAa7W3ZPrdwP0uAowhzF/OCGGn166Xtbu4uYvNLlg5VY67eLQoiWStjEKc1eJW7whIK3k2rcWKIKmwIqL0vKvlRZFawahmk4oFUzA981KBMrq8K3ryU/t0XRqWXApfF4V783J17ZEw3QhC4C1Wn7wCWH22my5fwXReyWrDUxcgZ7tDBQVy0M//WkM3ltPH/2AC1ry1TEpvfc94JD3sqxGf/cFbQII3ptlakDct5qQkF7QDtvlZzIHBpUeQruilVhd2GwPUoTnLjRPirdCP30jQ4e8KnY6EMOjLydCc712slpAc2+EOGgfnH/WqFlUamSg23kC5iOIoi0cO1LuLZz3ZKi6CKw5m3jLlicceW/0BotsV8WWdFJHbrhejJg1heVKY8A8SaRudHzqvU4xfiOqprnSArODL3nSg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Quoted from Linus [0]: selinux never wanted a lock, and never wanted any kind of *consistent* result, it just wanted a *stable* result. Using get_task_comm() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao LINK: https://lore.kernel.org/all/CAHk-=wivfrF0_zvf+oj6==Sh=-npJooP8chLPEfaFV0oNYTTBA@mail.gmail.com/ [0] Acked-by: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Stephen Smalley Cc: Ondrej Mosnacek --- security/lsm_audit.c | 4 ++-- security/selinux/selinuxfs.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 849e832719e2..9a8352972086 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -207,7 +207,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current)); - audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm))); + audit_log_untrustedstring(ab, get_task_comm(comm, current)); switch (a->type) { case LSM_AUDIT_DATA_NONE: @@ -302,7 +302,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, char comm[sizeof(tsk->comm)]; audit_log_format(ab, " opid=%d ocomm=", pid); audit_log_untrustedstring(ab, - memcpy(comm, tsk->comm, sizeof(comm))); + get_task_comm(comm, tsk)); } } break; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index e172f182b65c..c9b05be27ddb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -708,7 +708,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, if (new_value) { char comm[sizeof(current->comm)]; - memcpy(comm, current->comm, sizeof(comm)); + strscpy(comm, current->comm); pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n", comm, current->pid); }