From patchwork Sat Aug 17 02:56:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13766959 Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF0E050271; Sat, 17 Aug 2024 02:56:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863420; cv=none; b=J6BpkllxqmYxjTnnBGlM5KVDi3TzTpJM0JPvOmgn9kXASfkyZnklxY90TB0aK5ugnqIoIqVpY1dTLsoEcuu0VZedlxO3IcjEtEIIJOaGhlGiQ27OuhpX89WT/GxKfHIbukBVu95cnDhrSo84BotwRknj0+BgERNdK+vSgbgi9W0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863420; c=relaxed/simple; bh=Xc48Dtsjc3B8gzJAbU2ndnDycZyc8K+FcRb6CqedFFs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=RriKg4XF4l4CJ6pshP6vsse2tJNO+zaeb7WeBbW7KZ98ajklR865XEz/ITJw/VMOYOi79K2J1mWtgi5GXRuPbaQK5sqiwg8x2eppS6PatiLqMEsQRo45TH6q2EJpHqJftXqJft6IjpZrzywdUemf2BKSv+XFFI0Bss5zREkbYvY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=k/Ha9Omc; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="k/Ha9Omc" Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1fd9e6189d5so23703725ad.3; Fri, 16 Aug 2024 19:56:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723863418; x=1724468218; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=iSXeW14jggb39wKxD5hCG2hdCk95xYh67NieDdymzHU=; b=k/Ha9OmcEQJjfEn1YJQHe0NoH1aoZSpWmFs8uYVaKjpN4j9KdLKLKXFZB9vFx31Pc1 JMvpvayCKdWn23oZv0BHI+NQIikyQphSzWoqpV36OSG7PtvWfKcXztxRfAenXDic5P7e Fsqsr8nW78aWiJE7T5d44OkUxkinl4gjh2KFaLiKP++8SGe0o4VEAVLyEdRVJWbqVI8J WNuy0EYOz4jg2EXY0rmHgox9Mtng4wuA76ZGnJMxYFUbi1KeXfGTZvRQ6IIm5GBuIqA3 Cns+/R8MiRPVHnZVznC2vJHnLlGk/pH5gaiXm2NzMs0255mVkXHnqTlb4hHpEbuCJOqr FrAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723863418; x=1724468218; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iSXeW14jggb39wKxD5hCG2hdCk95xYh67NieDdymzHU=; b=lzgcw+E+afR07zLJdfrg+qw88pUwS1GmIq+E17bQG1BZPbQNcAgC63+X78ReoOaBOl 0t4L1rZaCIdaOCA7qQ7z/1BX/mb1CHgjp0bw3uHDb4H/mbXoLp+Q6zPmh0LtYeu4eGbk Xv3rInujCIDMNzgEuVRpf5pm9YLE5ClUNjQA0GOjfwFDz7WtPgVltshOwV9Yjom5JM06 RzlcSofzU+rBtZ0X0rgo66ndh+qR1eSmSLfgO7aAGY15QwK+/i2WtsfJqmAbgnha08A6 T0DINdfwblMlZ9DI1jSnuT0J6/muuDpiVzqwbetezGAm2h9FmzAQLhBxbBSdshiI9FjD cFbg== X-Forwarded-Encrypted: i=1; AJvYcCUSDQBVt5kZN1IuZjeJMIjBCvXOWWJfUXenz0UydK7HV02IXuNtJL3+S05yQf0kKR0kXGGud9no4K+sAH9bLJIplVLZ6Z8oRwEm1VXR0ynn8Ax5XmZPsvFm8CugdjA+KJLiuC4keSao3kLC5R6VE0kp5AtHVmxFH0TW+/Ts8OQKkrVbmMt9YhbHFhH3DPzH52X0rAc/IultOlTRFZy8VOHYNP4R3MQ+sAoY0psjKbujWc2eBMg0FviLH2wiUgzfVBa6NC1FmoRvuiEjM9GAJg6p5inP+nOtn+pc6uIaCBrDKmrLK4SpZZE6naJcdvtvvtZnqFLwLw== X-Gm-Message-State: AOJu0Yye5EUvF3DfnDRRNl7GdKdvngB+Ar6YB/SXONHe1taHsRJXWSY+ okcBdyQL+XBLq0K3GLjAWjTKKrbfOGjcJUnkRin4tp6FHytpbuTx X-Google-Smtp-Source: AGHT+IFVf7h2xaEBLW2CupHL7L7C8Pe40CvC/Mw6eEkJQnE3Swhf1+Ors/i9DDP0sM5dBvy2264FSw== X-Received: by 2002:a17:902:f54b:b0:202:37:f721 with SMTP id d9443c01a7336-20203f454fbmr48859335ad.57.1723863418122; Fri, 16 Aug 2024 19:56:58 -0700 (PDT) Received: from localhost.localdomain ([183.193.177.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201f031c5e1sm31801785ad.94.2024.08.16.19.56.47 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Aug 2024 19:56:57 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Alexander Viro , Christian Brauner , Jan Kara , Kees Cook , Matus Jokay , "Serge E. Hallyn" Subject: [PATCH v7 1/8] Get rid of __get_task_comm() Date: Sat, 17 Aug 2024 10:56:17 +0800 Message-Id: <20240817025624.13157-2-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240817025624.13157-1-laoar.shao@gmail.com> References: <20240817025624.13157-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We want to eliminate the use of __get_task_comm() for the following reasons: - The task_lock() is unnecessary Quoted from Linus [0]: : Since user space can randomly change their names anyway, using locking : was always wrong for readers (for writers it probably does make sense : to have some lock - although practically speaking nobody cares there : either, but at least for a writer some kind of race could have : long-term mixed results - The BUILD_BUG_ON() doesn't add any value The only requirement is to ensure that the destination buffer is a valid array. - Zeroing is not necessary in current use cases To avoid confusion, we should remove it. Moreover, not zeroing could potentially make it easier to uncover bugs. If the caller needs a zero-padded task name, it should be explicitly handled at the call site. Suggested-by: Linus Torvalds Link: https://lore.kernel.org/all/CAHk-=wivfrF0_zvf+oj6==Sh=-npJooP8chLPEfaFV0oNYTTBA@mail.gmail.com [0] Link: https://lore.kernel.org/all/CAHk-=whWtUC-AjmGJveAETKOMeMFSTwKwu99v7+b6AyHMmaDFA@mail.gmail.com/ Suggested-by: Alejandro Colomar Link: https://lore.kernel.org/all/2jxak5v6dfxlpbxhpm3ey7oup4g2lnr3ueurfbosf5wdo65dk4@srb3hsk72zwq Signed-off-by: Yafang Shao Cc: Alexander Viro Cc: Christian Brauner Cc: Jan Kara Cc: Eric Biederman Cc: Kees Cook Cc: Alexei Starovoitov Cc: Matus Jokay Cc: Alejandro Colomar Cc: "Serge E. Hallyn" --- fs/exec.c | 10 ---------- fs/proc/array.c | 2 +- include/linux/sched.h | 32 ++++++++++++++++++++++++++------ kernel/kthread.c | 2 +- 4 files changed, 28 insertions(+), 18 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index a47d0e4c54f6..2e468ddd203a 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1264,16 +1264,6 @@ static int unshare_sighand(struct task_struct *me) return 0; } -char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk) -{ - task_lock(tsk); - /* Always NUL terminated and zero-padded */ - strscpy_pad(buf, tsk->comm, buf_size); - task_unlock(tsk); - return buf; -} -EXPORT_SYMBOL_GPL(__get_task_comm); - /* * These functions flushes out all traces of the currently running executable * so that a new one can be started diff --git a/fs/proc/array.c b/fs/proc/array.c index 34a47fb0c57f..55ed3510d2bb 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -109,7 +109,7 @@ void proc_task_name(struct seq_file *m, struct task_struct *p, bool escape) else if (p->flags & PF_KTHREAD) get_kthread_comm(tcomm, sizeof(tcomm), p); else - __get_task_comm(tcomm, sizeof(tcomm), p); + get_task_comm(tcomm, p); if (escape) seq_escape_str(m, tcomm, ESCAPE_SPACE | ESCAPE_SPECIAL, "\n\\"); diff --git a/include/linux/sched.h b/include/linux/sched.h index 33dd8d9d2b85..5f1c8a58bb76 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1096,9 +1096,12 @@ struct task_struct { /* * executable name, excluding path. * - * - normally initialized setup_new_exec() - * - access it with [gs]et_task_comm() - * - lock it with task_lock() + * - normally initialized begin_new_exec() + * - set it with set_task_comm() + * - strscpy_pad() to ensure it is always NUL-terminated and + * zero-padded + * - task_lock() to ensure the operation is atomic and the name is + * fully updated. */ char comm[TASK_COMM_LEN]; @@ -1912,10 +1915,27 @@ static inline void set_task_comm(struct task_struct *tsk, const char *from) __set_task_comm(tsk, from, false); } -extern char *__get_task_comm(char *to, size_t len, struct task_struct *tsk); +/* + * - Why not use task_lock()? + * User space can randomly change their names anyway, so locking for readers + * doesn't make sense. For writers, locking is probably necessary, as a race + * condition could lead to long-term mixed results. + * The strscpy_pad() in __set_task_comm() can ensure that the task comm is + * always NUL-terminated and zero-padded. Therefore the race condition between + * reader and writer is not an issue. + * + * - Why not use strscpy_pad()? + * While strscpy_pad() prevents writing garbage past the NUL terminator, which + * is useful when using the task name as a key in a hash map, most use cases + * don't require this. Zero-padding might confuse users if it’s unnecessary, + * and not zeroing might even make it easier to expose bugs. If you need a + * zero-padded task name, please handle that explicitly at the call site. + * + * - ARRAY_SIZE() can help ensure that @buf is indeed an array. + */ #define get_task_comm(buf, tsk) ({ \ - BUILD_BUG_ON(sizeof(buf) != TASK_COMM_LEN); \ - __get_task_comm(buf, sizeof(buf), tsk); \ + strscpy(buf, (tsk)->comm, ARRAY_SIZE(buf)); \ + buf; \ }) #ifdef CONFIG_SMP diff --git a/kernel/kthread.c b/kernel/kthread.c index f7be976ff88a..7d001d033cf9 100644 --- a/kernel/kthread.c +++ b/kernel/kthread.c @@ -101,7 +101,7 @@ void get_kthread_comm(char *buf, size_t buf_size, struct task_struct *tsk) struct kthread *kthread = to_kthread(tsk); if (!kthread || !kthread->full_name) { - __get_task_comm(buf, buf_size, tsk); + strscpy(buf, tsk->comm, buf_size); return; } From patchwork Sat Aug 17 02:56:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13766960 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1D42E567; Sat, 17 Aug 2024 02:57:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863429; cv=none; b=L9UPFkpRbVNAQQhusyLKrbAMiDY11H+VhmUs1IoEvsLd4LE9kB6loou7O3rcq/dvmR+gLUz+Gjt97NqmgIh4rddpSaLj3JKWWx/i9V+8V/bm8XuXUbRXDEllyYFDkuFAXsB6pqfOklWFGaCFHo17QYDLZsoJMMKv0ZIdbgbmYm4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863429; c=relaxed/simple; bh=mCSSieTexVEhRe5gQHXuwUO8PEAZIQurKnIO9AahPJw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=an2ACEoHsKaPTkHNWmi1FcCbqx0VrubXT6cDz7nW/3fM+yuTs3NizNBSudBEqlZYlcqJZFrmPNPDs4NSMWRqXZWelMzbLB0r6pCDqj70SqizxO+DmpjjVCox9TEFjSGHdJcMvb5h2W5NB+ml8IWkAs0xCQ7ATrbQLivt5bkp2FU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NiVluZD2; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NiVluZD2" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-202146e9538so7972355ad.3; Fri, 16 Aug 2024 19:57:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723863427; x=1724468227; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+RcIZVYUDMrvydSLTObUn9UWjAdkDM4CrmA64YTz3G4=; b=NiVluZD2wfkXWa74ZVvrmAG9UL3/foobku03KrbIyjhPqcBmbtKvU7oZyoJuZnpZYp vbdJtbyv3s36g0OlTjmxyJ1kaxm+Nku26+eeCoK/+/lN3SgEqdmqB7IlxcLUzVrU5IfT GhG3wwl+7F4/QHUvUfya2CYN775yZDPF0/ieMZnlBfF+MeE4qAt7hb+okxAo6J7AMZHm ODAdMQGfxPSHtgKLi+Vx6tmTaXz8ZUeDgPQmK0TOdqUwNC5t7ppAb1/1XnqIEXJz4bB+ t2XvzhoBXuNgJ2vdyHKOm3yRCaRbP2zXjJMZDTOxAD3brmdP62N3uKBDLImJ+K3m0V/o Tibw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723863427; x=1724468227; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+RcIZVYUDMrvydSLTObUn9UWjAdkDM4CrmA64YTz3G4=; b=WxBQIPuC2+d7Wsb7yvJDmep1oE3pP34LEwEt5vccf753WcF0cnpvSM8EJ4JgY7/t2A 1KehQEyE/f71nGOL30DvQyOhBa0FCmM5BRWZ3e1yGzQjQLwotelnsCWN+nM4UmyFblJO nnKzSWRXEGk7+gMyv0HJGJv7q7mLQZAj1wAa5t2YpDMhz5M4FXN8oyKnCEbn9kVkmqxB W0Ccto8VIDD4AjSdlj0+0RF/zQWJetIf5cT8pzpoO/M6T0wF+8A6e+zwNYTOMdF1joQm /I/LeF7I8nZc+ZkO/C9adAvrqq4+uJcjoqQiBKgCSwwP+Wi7xLm+j42BXauj+ubPXcA/ UosQ== X-Forwarded-Encrypted: i=1; AJvYcCW2sANLTH++xIcXuzlCLDGrW0++GNCR+2qwhIAw5kVfoe4LL5vxuv6m0crPHf8X+arQTUb+aWenhtO0sAJFJyaOK86HCJIRYZ6mn8/GGOrB634147aOujH1Kyym7kPIFegcvVOw8P+4g6OJFjAc391JWGwos4nU98gt7q6AT99Dd6CNIhGpIlPS2VlNvMxN8iIv31eANLWbgQhNhd9ZeudhTqctTck3e8O+teEih6PNqefvLISVuPBkBGdaARZdIIy9zNQ2L8FfUVn0wyGlEYgw6+2zSwisqoHsCuV032HemJylMKOiBo2+a62X3OrUM65WsdsJBg== X-Gm-Message-State: AOJu0YytxG170YciNncvJOGn+b+lSavEsXdljtUmv+xkfpseiax66ZfB yw5VfIpnimZkkNeVDeJ2NoJlhfXOfQWts5B4FJy/n3Xq9rFFZKAW X-Google-Smtp-Source: AGHT+IGloZlxC12N+ArnDbFHNJc7Yrc4w00KFUrCatU21ag0p56SeEdkfwKvEveNvVnkzBGuU5AKpQ== X-Received: by 2002:a17:903:32c9:b0:202:bc3:3e6e with SMTP id d9443c01a7336-2020bc33fc8mr44372525ad.33.1723863427201; Fri, 16 Aug 2024 19:57:07 -0700 (PDT) Received: from localhost.localdomain ([183.193.177.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201f031c5e1sm31801785ad.94.2024.08.16.19.56.58 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Aug 2024 19:57:06 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Paul Moore , Eric Paris Subject: [PATCH v7 2/8] auditsc: Replace memcpy() with strscpy() Date: Sat, 17 Aug 2024 10:56:18 +0800 Message-Id: <20240817025624.13157-3-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240817025624.13157-1-laoar.shao@gmail.com> References: <20240817025624.13157-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Using strscpy() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Acked-by: Paul Moore Cc: Eric Paris --- kernel/auditsc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6f0d6fb6523f..e4ef5e57dde9 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2730,7 +2730,7 @@ void __audit_ptrace(struct task_struct *t) context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); security_task_getsecid_obj(t, &context->target_sid); - memcpy(context->target_comm, t->comm, TASK_COMM_LEN); + strscpy(context->target_comm, t->comm); } /** @@ -2757,7 +2757,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); security_task_getsecid_obj(t, &ctx->target_sid); - memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); + strscpy(ctx->target_comm, t->comm); return 0; } @@ -2778,7 +2778,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); - memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); + strscpy(axp->target_comm[axp->pid_count], t->comm); axp->pid_count++; return 0; From patchwork Sat Aug 17 02:56:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13766961 Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7A94925634; Sat, 17 Aug 2024 02:57:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863438; cv=none; b=hok367P0unbkJ0Vw7+iAJP9yfXlIOJcEO54RnGluI19UAE4heOL+0nZLiz3NtpXpe0xXKZYCRCfkfCfrtFR+4M1+j/jXHTq7rXEELZhBoZ5DxoJgI0Ix1T53bmQzA0x+paWNTGifmn0Y3bqfu482aZbuw2abbq8p470j7+nHk0w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863438; c=relaxed/simple; bh=ABhttoS6oXw2j+hmHjcdgyTovB2nFehBatzjdciJ3nM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OQYumgHdJW5iSr1z/kFBkHpKb9ybCn5drTpYb+T7CGk829d+guNeJXgBQ1er1oiEl/JivxMY5/rAx571P6tbObzr6PNKz2VwariAl4PgKcHt/YosZ+/+CYFFl84z3//572RVlGG7gKswPaOKCtFNZI2k6+yggAv9br6KWSmwpQw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=g0aneAIQ; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="g0aneAIQ" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-202089e57d8so7763085ad.0; Fri, 16 Aug 2024 19:57:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723863437; x=1724468237; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mIIMsSPqVp5AusgTbRbdrgF3qEr8ccJBENe3BbQ0UBw=; b=g0aneAIQoQXpLova8lZvawQ7YfE9HYtr7yt3BCNeX+5ae+hPmrF0YCbKJDSrWdbeog uCIpHaArqv4Fv+q1by1ZMhcsIkESfljgKg4VNp9K/ENrIXxBdaJEZj7v1/qqjlDJSzbP vcmwx7MX8FHdy/rKooS9ZkUpNjrhC2+rsD1vks8uUVs7WRum5X0SBjkxIltB/gI31WzC hJFJoDq2xWX2RCBwvYWOJ4UDIQxnsvsdT7prpUwdPlSsNJBqXkeIWYqV/EQMvNckozh9 ewG0uJnonlOPjvA8ZT7Wv7ZoMDIX+19yygDEZhV1h/o0A6ThnSUgVicqSuV60mLW1US8 hNHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723863437; x=1724468237; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mIIMsSPqVp5AusgTbRbdrgF3qEr8ccJBENe3BbQ0UBw=; b=ZILEuiX6N26NTTL9LUF1fkkaCo287bGM1qAeGxpBW6d2Vd/z7KEWG1hBM5hFr42wKD 2H2mxb9Cbd3sgigk1L9VsiPii6HMGXoNM1qfrhDvzWyPZ1xJRZw1ftnUR8/2u3Bh+UH0 uFZ0OtSbA+/5AafFIJ4xxlhkinJ1JN3MAFJtdml0eAb+uxWF2Il4ZzGmQizuzMgXOCSd yYyLzFekXgqf1YSwLXUz5SJ3CT4rcGsIh1bzR0b3yZ0Jilxm8qW+45jD3drcAqtqIzmV mHEDXDcAIsHlb8RR+Z8zM88sH3Tsa7hKdeiWH8Nxd24gvu+TwfQpiKk9mWTcQnppqz17 Ptng== X-Forwarded-Encrypted: i=1; AJvYcCU6OBIQqAugEqlL/ck7bqP332b+qSu+1SMIDYcx66Sfn1KBxgIxyouEMj1jZT8YxBuGx/3QXb7PbnRO8p9MUHU1+x3agw2zLDucCMMzBy+HO1yLBozUxe2L/pxoqjT5ir2NX9NkoPAiVNsiqkKQB9HEXTdQPnrueymsEkPquZMwmMpwNTMg0HCSFogjnYgeijlTe76t3iFxpcU4t1cctXodgINTdi9BPfbbecCb3EmNDB4bJi3/CUYiUBzVD6u28BkFiBeSSLraZemoeUuCCW8hatOVc5MDIjVD98S6FyxrukZMFpKe2yjXkGuxPD0oo30qwj9HNg== X-Gm-Message-State: AOJu0YytfD9JOCfyHpCI9qelQf7QRTNekUpiGmJzcFDZl9byP37VlPvr gyZ/oKH4ghjT2d1qLy2pTV0bOKrMCUJS8YQmXtDSZjn4TvDb0Cwai9tyNR3XdSg= X-Google-Smtp-Source: AGHT+IEzug8bsagNMxwK7nm29ecXIwIfZ9FH+TLEi6IcVkbHtwlg4mlyU3SBLgFEVqycM3+Rn/pQ8Q== X-Received: by 2002:a17:903:2303:b0:1fb:9b91:d7d9 with SMTP id d9443c01a7336-202062963e7mr80764935ad.26.1723863436587; Fri, 16 Aug 2024 19:57:16 -0700 (PDT) Received: from localhost.localdomain ([183.193.177.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201f031c5e1sm31801785ad.94.2024.08.16.19.57.07 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Aug 2024 19:57:16 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Paul Moore , James Morris , "Serge E. Hallyn" , Stephen Smalley , Ondrej Mosnacek Subject: [PATCH v7 3/8] security: Replace memcpy() with get_task_comm() Date: Sat, 17 Aug 2024 10:56:19 +0800 Message-Id: <20240817025624.13157-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240817025624.13157-1-laoar.shao@gmail.com> References: <20240817025624.13157-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Quoted from Linus [0]: selinux never wanted a lock, and never wanted any kind of *consistent* result, it just wanted a *stable* result. Using get_task_comm() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao LINK: https://lore.kernel.org/all/CAHk-=wivfrF0_zvf+oj6==Sh=-npJooP8chLPEfaFV0oNYTTBA@mail.gmail.com/ [0] Acked-by: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Stephen Smalley Cc: Ondrej Mosnacek --- security/lsm_audit.c | 4 ++-- security/selinux/selinuxfs.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 849e832719e2..9a8352972086 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -207,7 +207,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current)); - audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm))); + audit_log_untrustedstring(ab, get_task_comm(comm, current)); switch (a->type) { case LSM_AUDIT_DATA_NONE: @@ -302,7 +302,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, char comm[sizeof(tsk->comm)]; audit_log_format(ab, " opid=%d ocomm=", pid); audit_log_untrustedstring(ab, - memcpy(comm, tsk->comm, sizeof(comm))); + get_task_comm(comm, tsk)); } } break; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index e172f182b65c..c9b05be27ddb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -708,7 +708,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, if (new_value) { char comm[sizeof(current->comm)]; - memcpy(comm, current->comm, sizeof(comm)); + strscpy(comm, current->comm); pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n", comm, current->pid); } From patchwork Sat Aug 17 02:56:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13766962 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 687BE22334; Sat, 17 Aug 2024 02:57:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863446; cv=none; b=J0Hlg6CyOUteTXjITSOv/WLIlKeL7wq9C05RSo0NIG8iNUD6pVZqMdlmOBf49xG0ZX6FOEzKLgUC4QQYKiyRBiBCrtonsjQIx995K/ThZAwM+54kTntAAIR5bGc8ONLyQZIK0i0dEw5C3RqO5jp1pXuwPWWzWwo5L32R2czBqEE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863446; c=relaxed/simple; bh=56ESQtaoBbBqZU/saKgTljkr5U/isylgWUhSQpUUDZM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=VddTFE+w+bi6Ojl7zs0oCdxoZAm+IMtcVcz0dAT/51gfqRq3TW5JaJPAWFRuSlU9eVNHtJl/Xg3li/ATVrBzVRdvuft7cwXddCj60E27zQEin1Rv1jG06S/eLfjYF5GDIV/HNQCyw5vsC8s1zmYwVv3vlWuYSSeonz60inYvkjI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ECm6v1Ve; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ECm6v1Ve" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1fd9e70b592so26242755ad.3; Fri, 16 Aug 2024 19:57:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723863444; x=1724468244; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QQdkC9XISn7BWPlTE5/iE7aUj/L2jeLonKoaBsbNpS0=; b=ECm6v1VeB11TWAQ+M7BgcYFyfSiCRooF1shaB4vGY0SXLIh2zBYdJ4UVsQpOgacWqe JhEbjmbAwBZy896qbvRGq3uaZZRcw7sJWvxT74/HzGPZUE0kXtMjQW2D6F2Fa4cwkEGX gTeuu7nRJi+w0nNwrjKco4Bn+gaV/ReuzuBoWcyzDJ/5gspdJPBM+oSLarFdcqeaYKhg OReQdFvEmB/mXpbh1skLMP+FdLr3DHnUws+axiPTK+TKEt3Z0p5TxBerrof/LNeIAEHb Dr+ntBkfFnWBoz7XSAufmfIJhS9W6WM+hX4kOtTLw1I5dKq04ulrvFNEZ9NdHGfAXPFY 9tow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723863444; x=1724468244; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QQdkC9XISn7BWPlTE5/iE7aUj/L2jeLonKoaBsbNpS0=; b=kcZXqOM8O8RbZ14MDYh/1o8824l0xNDJKHtiywwwZS3SL2Xsn71Dn9tmte0HNFA1HR unXTYhbCBZBbnR0df3LnSY1hHq4ZjhapqHi3+4KC0MyJSKT6embmmcNHFIawgxVnUsDN 9NQJhO9Jsi6CB64/PqjtmYXXJYE9Em3pg0UfRhuxDJx639uLFXga26aCw6k9wYrGt8cJ W1EwJuSZuNhq+qB0gf0SDZTv2r+UC3XzD0BEflllMu8+twS6QFzqiUkcoT+zxH0qrkTv giRBhWlT+T8hP/cw5Kvbt3PxCepyuw4w358hBIMx4MsKh0XUKJ/wHPc146IWUWtcfOo8 quag== X-Forwarded-Encrypted: i=1; AJvYcCV+P55+LuRtOwWlqTGip49qQ/TD0C/+JAGn1oF/U+WNKwUPDpg9BqLG8xZfU/N/lJ8QC8dl@vger.kernel.org, AJvYcCV1cuwarGsJDdDSJb+Zsp0XSD4S4tBbCkumqMp2jay57H0k3S/xFBusTMgRkztcERlhVKKouKGL@vger.kernel.org, AJvYcCVytU9qje+VtPrUdtAyx0iaOJqCpA+Rfb+4A2hCjQIyWAiRvJoPajN9xUn9SeBCHsBpDPGiUkh6aA==@vger.kernel.org, AJvYcCW/PaiflTtOw+7iviLSfAg7/5CHC+3i/tKmlrOSHP3CJExW7q1JmE1uJpJhPOtbOwtc+xQNCwmQzR8g4Q/ocOxt+RpqPfot@vger.kernel.org, AJvYcCWPY194/yngH/g/qYxrA6rpRiJcvJm185eW8TbyE3ee+sdQD6rGZPq7E/+S8SOcQYNOwqhrgQ==@vger.kernel.org, AJvYcCWSz5CatfaG1RFP4TILDAeBNwo4SJAw2IThMp0IbiYseM/aLib8n952sqYplMzD6Zr47rkNqRvM1AlxQMBE/Q==@vger.kernel.org, AJvYcCWxol9TwTdsUFoDRBcg1WY+QQ2Bx4ntooxsaSgCa5DcKD9POCQH+pFggPDSw6vEuc+iz23ri4eij0If3UuZUzgp8YdX@vger.kernel.org X-Gm-Message-State: AOJu0Yy+EJO+7f92wl4Jg7TaO/R1uVPJ9BDN1N5RXLBmOC76x2HrxLwM 4pETm9WZoJziDJ4RvF0dp1LEme3GvhS9gq1J60bdL2YYA2542SdpomlD9RtIWVs= X-Google-Smtp-Source: AGHT+IGimEn6HMsvkqgHYM+kruqPW+JJG9kJGgyigEFWYmxee2uabObu84uvkyN6MQRp9Qx9ywJBnQ== X-Received: by 2002:a17:903:2281:b0:201:febc:4366 with SMTP id d9443c01a7336-2021969a77dmr17762915ad.55.1723863444544; Fri, 16 Aug 2024 19:57:24 -0700 (PDT) Received: from localhost.localdomain ([183.193.177.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201f031c5e1sm31801785ad.94.2024.08.16.19.57.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Aug 2024 19:57:24 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Quentin Monnet Subject: [PATCH v7 4/8] bpftool: Ensure task comm is always NUL-terminated Date: Sat, 17 Aug 2024 10:56:20 +0800 Message-Id: <20240817025624.13157-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240817025624.13157-1-laoar.shao@gmail.com> References: <20240817025624.13157-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Let's explicitly ensure the destination string is NUL-terminated. This way, it won't be affected by changes to the source string. Signed-off-by: Yafang Shao Reviewed-by: Quentin Monnet --- tools/bpf/bpftool/pids.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/bpf/bpftool/pids.c b/tools/bpf/bpftool/pids.c index 9b898571b49e..23f488cf1740 100644 --- a/tools/bpf/bpftool/pids.c +++ b/tools/bpf/bpftool/pids.c @@ -54,6 +54,7 @@ static void add_ref(struct hashmap *map, struct pid_iter_entry *e) ref = &refs->refs[refs->ref_cnt]; ref->pid = e->pid; memcpy(ref->comm, e->comm, sizeof(ref->comm)); + ref->comm[sizeof(ref->comm) - 1] = '\0'; refs->ref_cnt++; return; @@ -77,6 +78,7 @@ static void add_ref(struct hashmap *map, struct pid_iter_entry *e) ref = &refs->refs[0]; ref->pid = e->pid; memcpy(ref->comm, e->comm, sizeof(ref->comm)); + ref->comm[sizeof(ref->comm) - 1] = '\0'; refs->ref_cnt = 1; refs->has_bpf_cookie = e->has_bpf_cookie; refs->bpf_cookie = e->bpf_cookie; From patchwork Sat Aug 17 02:56:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13766963 Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 20C2222334; Sat, 17 Aug 2024 02:57:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863454; cv=none; b=f2JXWsX68P7v1F47ibo5NH2PYfIYhIrH/hF0OpGeJZz9iokcZBY0/CgtFVWNvSFW5/nMGGf636QxSn11qVw0ZxvmjJjnSsOqwg7eAj3g4KfV5bInEiIbTDOHRlO6V3OlYvjdcnYoGWXixMWri4+BmGR2CC1qkH/pP+B9d7zono0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863454; c=relaxed/simple; bh=ads9a+vJAdf3fW1daUgzeFpk3FAtZrgaeqt3aAf0isQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=gXTYymEfaZJo60vcDrfSTR8jgwXADIacEdqIKsLKD6UPZJL8uc1dimeH1AItf+qhVzDgkevTIEQvkbnBto59/KgpXtJybjY4vTkI5s1vCag1tuHusEFxZF+wYobD8sS/tqjnFkElnwq4Tgw2nmkpwb8hIgoIpEqosSMfYvKgFOE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=No9uGHvi; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="No9uGHvi" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2021537a8e6so8183015ad.2; Fri, 16 Aug 2024 19:57:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723863452; x=1724468252; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Dg8K6fIsZQLFiS7Xpg/1YZlm81yjN4oHJWyrWmInMGw=; b=No9uGHvixrC5zhJ6Qf5/Rujx/kNuE/tx4qUC2sbmesSYXTBeOu1HLmGVuwYXv6xvD4 OFbyAz7bwd5HeyT10mLzSSEROQ4VJOqLj7o/UDzNORmVGasNcy1AlwkJZuW2uO1haagr harQUf2iU+m4WYBdER4eFDkwASWaGaDa+gxs4Rd/MZFX7GPgj/j4SaZJnUcVwnHRCZSv XuFb7OtvagPmlQ4d2/Xrsj4J2lMqH6/s47HLhOQhR6gQCieNDKYgEPFX0ZEf1KhkIwKC yGrdyIiH+VXNFX7/BA4dllwjkPHggG6XRri7Vwf4QHI9gilqa77i0/BYKiG7MjGq+Fyz OnTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723863452; x=1724468252; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Dg8K6fIsZQLFiS7Xpg/1YZlm81yjN4oHJWyrWmInMGw=; b=N5+Zq6SO5agAtVPqpf+dS8MFArl89CsxgGy8MXfJU0AE+yUz9vUOpyB92cf3HgrGHC jxh2XEVHPrPHyiv2pFCeNeRmwXvTGi25yPgets6/bbfUj8Y03u4y4dCQT2NUQLjKlWh6 s9Ho1LuS4a/MXHfcFcWtDE7vn0uj2gW0K2FBFQnuJw03StsBLvnGyrpR17e5oljRn/iZ CrT2P3BuRGlOagRAkTkoSfXh6bq8VJeuRhBBbz3vS71LSfbCS0losAW26K/iN8wifofw QegakhNwAB1+Qq+MYhsUcdXXDaY3CrYHgXfcpNmxenWNG+AXpTOdFMM99y8c5Ikl1rC5 0phg== X-Forwarded-Encrypted: i=1; AJvYcCUB5HjKjeJc2b4AEpAWRh2VoReKiwYK0jwypBOdW7ZcJcsodpDAlNGl0IKfST3xbJ3VeWxzJzXT@vger.kernel.org, AJvYcCUgwM47wEdJUaI/gvSYXa+yPC9maR2FZPKh4x4E8SGzX0qTz5nFvDRhzRORUUjuZRrdeHXXJA==@vger.kernel.org, AJvYcCValauww7PVH4JDRq4jZnnh/AwP2h/HsFCyk/ayTXO9uBVdUtjprhVfZ4oMcSHjkev7SbVsB2SxhL5nUuxhlJvU2AYsqCns@vger.kernel.org, AJvYcCVyspMNlPOoadfMhtccXlhqHnUNcH38XUUk4svBbgSSEjeNtqFNq6tVVLqZhJM4jfB30VXYgGrCxQ==@vger.kernel.org, AJvYcCWlmvE379tCHsFz3ZFTswtREL7BmxcWcvD8E8q03S7x6Y6UMSLXqAa60tjF40R+d8Qh9grB@vger.kernel.org, AJvYcCWrO5MMs7pVb1yu9N+aC6EorCnLYTr+Zf8zlUzisZLjeZa5SeZdSGDDOWjqgvUv2cIYw2JmMLYvTH0Kdl1xnVl23s96@vger.kernel.org, AJvYcCX61GWrt/cgfQd8YZiHu6alAARWleabAt/xc4OhxOuH5+K3gboyBcrnmC+ZlwU7zwCsS50pa4iq8wLOfeYOwg==@vger.kernel.org X-Gm-Message-State: AOJu0YyDn2/3H9yvjYEafBUGDxet94X4TJPzYw2d1+gFpDZbRwcq7QVI FlWYl3X6Wr5e9IV+Qcn2bANMucxKYOakq22obqT1sya08jKENEls X-Google-Smtp-Source: AGHT+IF3ZN+4FrJiR5tCQknEVTwkbUbAx80SeY+AiIkjp+qgoruwIjB5dCv+k+zHBrTId5++7+R3wA== X-Received: by 2002:a17:902:cccc:b0:1fb:7b01:7980 with SMTP id d9443c01a7336-20203af4193mr61360745ad.0.1723863452450; Fri, 16 Aug 2024 19:57:32 -0700 (PDT) Received: from localhost.localdomain ([183.193.177.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201f031c5e1sm31801785ad.94.2024.08.16.19.57.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Aug 2024 19:57:31 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao Subject: [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup() Date: Sat, 17 Aug 2024 10:56:21 +0800 Message-Id: <20240817025624.13157-6-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240817025624.13157-1-laoar.shao@gmail.com> References: <20240817025624.13157-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In kstrdup(), it is critical to ensure that the dest string is always NUL-terminated. However, potential race condidtion can occur between a writer and a reader. Consider the following scenario involving task->comm: reader writer len = strlen(s) + 1; strlcpy(tsk->comm, buf, sizeof(tsk->comm)); memcpy(buf, s, len); In this case, there is a race condition between the reader and the writer. The reader calculate the length of the string `s` based on the old value of task->comm. However, during the memcpy(), the string `s` might be updated by the writer to a new value of task->comm. If the new task->comm is larger than the old one, the `buf` might not be NUL-terminated. This can lead to undefined behavior and potential security vulnerabilities. Let's fix it by explicitly adding a NUL-terminator. Signed-off-by: Yafang Shao Cc: Andrew Morton --- mm/util.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mm/util.c b/mm/util.c index 983baf2bd675..4542d8a800d9 100644 --- a/mm/util.c +++ b/mm/util.c @@ -62,8 +62,14 @@ char *kstrdup(const char *s, gfp_t gfp) len = strlen(s) + 1; buf = kmalloc_track_caller(len, gfp); - if (buf) + if (buf) { memcpy(buf, s, len); + /* During memcpy(), the string might be updated to a new value, + * which could be longer than the string when strlen() is + * called. Therefore, we need to add a null termimator. + */ + buf[len - 1] = '\0'; + } return buf; } EXPORT_SYMBOL(kstrdup); From patchwork Sat Aug 17 02:56:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13766964 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A079F4EE; Sat, 17 Aug 2024 02:57:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863463; cv=none; b=AFgxD1K+BjKBpzyLjKQkOKx49DuXGXVbu+ZXjiShm+kxndtvM8VvjLMD+N7VrmCU1geN9jgVfpeFHtsiqcQ22FM//+d4VWn2M5bHVheEyrCTnMiaU7sBZnIR4jm4S5b9OEKq7hqfkEHf4V6lxDJoKo9DBnUAa7Jcc79wWj1WXMQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863463; c=relaxed/simple; bh=5WV7uCuVFeiQhB6uPkorf9Ro8xX/Kt/wufZ1+PzCENI=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=Dc7YnPJhtfeT6A2kQOPpzCJTZ+RFCIfEhRs+ye10aoPm7ZIGczXXf6DtdMSa/gW922BcNPUiCli4PcDo4rC5M+9BzEUMn+lyWd+bAJhTO6H0tbXw8UypuZ5nGwvu6yGiTvrnuhey42Ok2GWiZHCWdweZM7DGdav6AhZ/zzl1Lfw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=XBfTMSHR; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="XBfTMSHR" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-202146e93f6so9373795ad.3; Fri, 16 Aug 2024 19:57:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723863461; x=1724468261; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mY4VRCvd9L4i067FYJCdAQbgb2obGf5r9hy8hsyaNQ4=; b=XBfTMSHRTRM1SHKTmoSfOAbJlKQztYPuMKMrgzg9+9FpaIHC/crEaofGrfFFNA1zrx ovWlU0F2xxOe7G6roPFQdZrpZl4BkE99fzHcYb/GwV4Y/5tCUU7iH6hr+sHaf15kL75Z TCBa8iUZn9bXrM97iZLx+H24LNEWTv6DyA0VC9FfM7PKrYi+ydPThHWxPPU+gKyppXHy LI9ubaXrFv0MprwgxZf++a8GrcE7a6efamw1mC/N5w1FXGtd+mYRLER+3mhJN/pZBbuh T48l1cXxDBlmSVnuWciGOBOci+mE29fN+uKIKBahGwZzJoBvd/SIYO3BhJ9iyuO9IvQq 1XjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723863461; x=1724468261; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mY4VRCvd9L4i067FYJCdAQbgb2obGf5r9hy8hsyaNQ4=; b=tV1YVXTnxI/t0wusjLn2sKAFrq4qvLR0DI6vp0axJDpIYAllcmmJlYBcQPIAnuEZjf giSh2YLsuVnuc5JpiKXV4+5ZoN0IK8VK2vlK49WTju0/hQJ/ni0cNrvpfXH9uUGmuDjU 3kZ7C7wN4OJat4cW6LzUctjIFjFJihMQHg3seHs/ElL9pTaQzFrA9yuK88Yc9+6P5+HW uyIBiIVAYuw7HUXSaK23zOCcg1J1ZsO94yTTfCPwvAX6umcseAUePO3x6ZblPhQpewgy GQ8/0cnDExIsdW9ajW+k/5X4XzIz2fs+rJiM4uggO+RtO2TqUDFVQxZdlDYcoYqe4c0W tdHQ== X-Forwarded-Encrypted: i=1; AJvYcCXlu0IccO01YPRQf3xebcWFOTYhlSnwI8pKOtfuCEVKeCbHHOKyitNiS/Y1ug8v/8FGpwvDOX+EhrCXa6S8kwe42fMBq1SjgFAR09oYktsAReh1LueFGK/IV23S2qOZdaGzjTJip9oQzGkNGqwmPk3744IbJ8N+I7rz5TDxFO+EJcMMNldOeZWPQMA+R4RlTSmMsJMVpc4MPoDvH3PpjJzmammQ3HrsPqqbfdbyOBCFQ4+gjb+dqvI5Jr6ysETgVtKfB33/QiEHD4URV6/AwPSVcU1mOqmn1xFhHdEFULsY2/kHU4GsuvERVu1urU+BW00sRAucrA== X-Gm-Message-State: AOJu0Yx3EICn6/LCxZEiWKZWN1ek6yv7XL1KLYmJVxsn4QKcuriFnEfn TTjGFtTLuUnFVqsNa8DjNog06b4/PSwedW3VyW5HXfIgwuh7PQvm9w6c05tagzM= X-Google-Smtp-Source: AGHT+IEL7YdwJrnU7j+3S0kOHwdlHJumXPs1OdWAsSouquvh+afE8cHfhlG2TFnMxzOYJRDIWJjJ4Q== X-Received: by 2002:a17:902:e549:b0:202:100f:7b9b with SMTP id d9443c01a7336-202100f7d6amr36403685ad.35.1723863461337; Fri, 16 Aug 2024 19:57:41 -0700 (PDT) Received: from localhost.localdomain ([183.193.177.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201f031c5e1sm31801785ad.94.2024.08.16.19.57.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Aug 2024 19:57:40 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Simon Horman , Matthew Wilcox Subject: [PATCH v7 6/8] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul} Date: Sat, 17 Aug 2024 10:56:22 +0800 Message-Id: <20240817025624.13157-7-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240817025624.13157-1-laoar.shao@gmail.com> References: <20240817025624.13157-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 These three functions follow the same pattern. To deduplicate the code, let's introduce a common helper __kmemdup_nul(). Suggested-by: Andrew Morton Signed-off-by: Yafang Shao Cc: Simon Horman Cc: Matthew Wilcox --- mm/util.c | 67 +++++++++++++++++++++---------------------------------- 1 file changed, 26 insertions(+), 41 deletions(-) diff --git a/mm/util.c b/mm/util.c index 4542d8a800d9..310c7735c617 100644 --- a/mm/util.c +++ b/mm/util.c @@ -45,33 +45,40 @@ void kfree_const(const void *x) EXPORT_SYMBOL(kfree_const); /** - * kstrdup - allocate space for and copy an existing string - * @s: the string to duplicate + * __kmemdup_nul - Create a NUL-terminated string from @s, which might be unterminated. + * @s: The data to copy + * @len: The size of the data, including the null terminator * @gfp: the GFP mask used in the kmalloc() call when allocating memory * - * Return: newly allocated copy of @s or %NULL in case of error + * Return: newly allocated copy of @s with NUL-termination or %NULL in + * case of error */ -noinline -char *kstrdup(const char *s, gfp_t gfp) +static __always_inline char *__kmemdup_nul(const char *s, size_t len, gfp_t gfp) { - size_t len; char *buf; - if (!s) + buf = kmalloc_track_caller(len, gfp); + if (!buf) return NULL; - len = strlen(s) + 1; - buf = kmalloc_track_caller(len, gfp); - if (buf) { - memcpy(buf, s, len); - /* During memcpy(), the string might be updated to a new value, - * which could be longer than the string when strlen() is - * called. Therefore, we need to add a null termimator. - */ - buf[len - 1] = '\0'; - } + memcpy(buf, s, len); + /* Ensure the buf is always NUL-terminated, regardless of @s. */ + buf[len - 1] = '\0'; return buf; } + +/** + * kstrdup - allocate space for and copy an existing string + * @s: the string to duplicate + * @gfp: the GFP mask used in the kmalloc() call when allocating memory + * + * Return: newly allocated copy of @s or %NULL in case of error + */ +noinline +char *kstrdup(const char *s, gfp_t gfp) +{ + return s ? __kmemdup_nul(s, strlen(s) + 1, gfp) : NULL; +} EXPORT_SYMBOL(kstrdup); /** @@ -106,19 +113,7 @@ EXPORT_SYMBOL(kstrdup_const); */ char *kstrndup(const char *s, size_t max, gfp_t gfp) { - size_t len; - char *buf; - - if (!s) - return NULL; - - len = strnlen(s, max); - buf = kmalloc_track_caller(len+1, gfp); - if (buf) { - memcpy(buf, s, len); - buf[len] = '\0'; - } - return buf; + return s ? __kmemdup_nul(s, strnlen(s, max) + 1, gfp) : NULL; } EXPORT_SYMBOL(kstrndup); @@ -192,17 +187,7 @@ EXPORT_SYMBOL(kvmemdup); */ char *kmemdup_nul(const char *s, size_t len, gfp_t gfp) { - char *buf; - - if (!s) - return NULL; - - buf = kmalloc_track_caller(len + 1, gfp); - if (buf) { - memcpy(buf, s, len); - buf[len] = '\0'; - } - return buf; + return s ? __kmemdup_nul(s, len + 1, gfp) : NULL; } EXPORT_SYMBOL(kmemdup_nul); From patchwork Sat Aug 17 02:56:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13766965 Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E482C138E; Sat, 17 Aug 2024 02:57:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863473; cv=none; b=kFUBLCgplyaYIfcjVuRzc9xVo3ijXkf80y+mnMBMJ/Ir9SJY4hUu3Kq4i/AeAgTopdrrpB6wfZVqSk0GWjfh++IjkaSUKFCoeSfAwwTaE0xNVJhw0tN/CDvRGBKwy+nifVJjOY1bd9c/kizJxhcbiqs9rVDsyE8D9oKkIT99Tek= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863473; c=relaxed/simple; bh=FtBaKx9PDORn4iYpuWT19RXQJ9QLrEKduWU7EA87sCY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=FHVapK3hk3v8LJW83YYcJo6bJ6vjgqvPH6wpLsBp1hQiUZkCs+ni5OoOL4+O/rMBaShgzGs91/g0Dwwz33UvfEVxI4HPTe9ZyVA8wq6WIUtfvmGB0ak6rrEYgsV1GenBlISrw9hlbAgqELpb+F302NI069zHWmMYASEeWCbxLZQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=hKjYZMzD; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="hKjYZMzD" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-20208830de8so10214705ad.1; Fri, 16 Aug 2024 19:57:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723863471; x=1724468271; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=by1YCv/9fNhFKuS7v7AkJGwNY9Y/YBFp3hXhZ5CbnE4=; b=hKjYZMzDDf8shog0E8jdPAXpQkg6xXvZA9j5kIjJkTigAaPk4y0B03a1+Iovo1paJn XyBOQJkBlRHPAKkSCTZ/SoIpdBM2Jl1kIUUc+i1DwLsUOS0II0S59IL14Oc9HelcbFHq N7NSEOHZTUvlMTbHRrtmNt9jUfWiqJ5sPM/bJBw3+PwpU5mKrghcrYKobEx03E8g0odV G4ZCBZgE7qgwEeX6yL7DTJj5N7F9LrIdtkaP6bx0rJ8GFNRCW7p+zrDeEtE1rkiHCFCM 2ph7aTAr3h/7fPW0QP0yJ5wlsaTe66F5uHEk8z7JPaZdPJy5XcW4aOTauGIkin7dwqFk bh2g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723863471; x=1724468271; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=by1YCv/9fNhFKuS7v7AkJGwNY9Y/YBFp3hXhZ5CbnE4=; b=X5pTpUk9RhcxJWzZ+lHvMKnTW4M2HoZes/8x0fp3gNs9iflTDeUtBcZdpXE86lIIlc HonZAsgj9dO1JZfOWoCRwyRuUNj1EIRzA7p9uKVT47lVFhv/mYXN65i4tybjmyYd4lGh MtmdLphggY2BFVz86McMUSaBgPE7nJHCFeCsY30mnhKiWm8TdPE8bAA5objQ3dkZkovs c+JNkVQKMs9zu5khwlXAN5m54c5OURpHy/uig6iJl4hUKIe1iGGH3EHilbHtbRn8mQ8N zHgBGkN8TOXpje5k70+6ctPlkfYHFwYv3V6IoPMEPHMLMkfzL7of3LByc/ugnnLCFNgi VFaA== X-Forwarded-Encrypted: i=1; AJvYcCWp70noyavLqt+it11Fpg/1TL6RpicBmbf4q4jmSSVgGrJJZ25F0Nqdh8U9VBBL5VIUdJdtrAEB2UAn2cgADyndk4Fs23y7L/q+zhlJfvLz3yp+N//QpUammdkBaHTDW5Q2C9A5ani+nkTasDdXHPuznLh/+NONF3vQFGsNutikymwyFEME390KebcS6xXfVfZt+d99etw20qBb3ifkrqAapuMRXYtvygXDwPv1e6nwboAwv9xOqu79xr2aUYU8AYYDawN45Onx6DEbFmFRTSiJjIv3ttAMWIboWfv5s5OEJqkkdNbLo5Ijed8YD5ukKOart8muLA== X-Gm-Message-State: AOJu0YxjJT1u327vRmjM3AkiHC0nqdX9DsphPE+C0l+h7U2SDIqOS398 h+pInwWXsvg3fYLbCagzfw1IWkdw3Gxt7tq6qeZTUAvsvfgLVnGR X-Google-Smtp-Source: AGHT+IGmy8Jt8i1r5v72uMgbTh9QfFBoOAd1ReOek6MsKKuMaUCDeTlIuXQ+GXacq0NZtUUeDKoREg== X-Received: by 2002:a17:902:e542:b0:202:162c:1f36 with SMTP id d9443c01a7336-202195ff1e3mr12511865ad.36.1723863471180; Fri, 16 Aug 2024 19:57:51 -0700 (PDT) Received: from localhost.localdomain ([183.193.177.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201f031c5e1sm31801785ad.94.2024.08.16.19.57.41 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Aug 2024 19:57:50 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni Subject: [PATCH v7 7/8] net: Replace strcpy() with strscpy() Date: Sat, 17 Aug 2024 10:56:23 +0800 Message-Id: <20240817025624.13157-8-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240817025624.13157-1-laoar.shao@gmail.com> References: <20240817025624.13157-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To prevent errors from occurring when the src string is longer than the dst string in strcpy(), we should use strscpy() instead. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Cc: "David S. Miller" Cc: David Ahern Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni --- net/ipv6/ndisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index 254b192c5705..17f2e787e6f8 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -1942,7 +1942,7 @@ static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl, static char warncomm[TASK_COMM_LEN]; static int warned; if (strcmp(warncomm, current->comm) && warned < 5) { - strcpy(warncomm, current->comm); + strscpy(warncomm, current->comm); pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", warncomm, func, dev_name, ctl->procname, From patchwork Sat Aug 17 02:56:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13766966 Received: from mail-yw1-f172.google.com (mail-yw1-f172.google.com [209.85.128.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1A11C1119A; Sat, 17 Aug 2024 02:58:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863483; cv=none; b=ZYdBXLA7CYVxAuof8YR1U+hYovn5F/q71B+KnYAvPJe4hK4qsaa4ghaSjeb0AFzKa9PlJ4iW9l+JrcLRcnWqbS0U4k2imV69eAyVCabQ+eHpIZKkaD2eGchE0ZQbtN8yKqfbHyl2k7wFpuvjdHINuHIwbk6Uhevoa5PKqQT4HZg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1723863483; c=relaxed/simple; bh=nYbscEvIPy0tfqXRvpq3fWIe2dCm3O45KAx2hY5jY7E=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=C73bRweAdID/dGT1JgJFKUArk5XFM8qQIdTW/ZyHZa/lZ/jzBeuD5W+CmV7VaAGv2QJqIno6uoQOwQepz4kgkS1VLoHaisrsABbWpmcAXlF8b4xuMw3GATJeHKFCxDE1vSUr4TpmDWqfQlTv4V6ojhlWXnyQpH5Cl+6Qtudr/VE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=H2sXuh7Q; arc=none smtp.client-ip=209.85.128.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="H2sXuh7Q" Received: by mail-yw1-f172.google.com with SMTP id 00721157ae682-691c85525ebso24260017b3.0; Fri, 16 Aug 2024 19:58:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723863481; x=1724468281; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PIeMfVPvNi2mFgQGi33u0WiVQIXgvCVnP/JNmg1PAVg=; b=H2sXuh7QC6pRONah8ItkAbnRM7IYiyQA0XAowOdn8Tx6zPFY+Iz7X+SD1nVB1i/IE/ H2Qnp73U4aCrhO8j0a4h0ZNeV9UD2faSrpoGtqqEdcIExVi0iONQkFIkUJx8+A00hedd dtun6Reb4qoSA4xDykOyy1N8PMTq/KE6gw5I3Ad97ciC5bhezO8DvIS9fq3N508xATA1 FJyMK57SAgr72feqNiKV9Sipw14bHfC/ReJi6rmD6U1PhONG/8BtgGUncDn/YrQZeJ5W VKHmxj/WW301ulTH1EGxjBbJ09yYuYhfSxRCNouqke3NgVHivsCnt4no+s4KvyaG0hfJ revw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723863481; x=1724468281; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PIeMfVPvNi2mFgQGi33u0WiVQIXgvCVnP/JNmg1PAVg=; b=fogkPgNTB5vhpv8R1DbutJ8rlLOoIoGMAZJXBcfRJOfOe1Fl4QjIULCh72dTGwfhje yshDQRaLAGjeLFwGbbgZ93eYyukgOXTj9gmOuWn20EgT3yxlU8OBX4L9Q7z2eumdXpQP 5rl+vgFE6P7IKUeN7k3wOSTlQCm0oD0M617rCHasHnBe8VrwuMNdtijVf4ilLTMAM0oZ yr+WRzjf+zEBb6m8h9hmPjJ+rbgnzIwVJbirCDLluHGg9CEE2U1eSjIGCj4MMNC6Ph0r 834T5xflpIxYYf44sW1tbLovAsJMULNYGuGW17xYbDkTLJpTN6yWn8rMUdgCygA4fTRP zR+w== X-Forwarded-Encrypted: i=1; AJvYcCVw9Nny1iuphVbx/5QWU4qK/dP++q+j219+gBvG21TovRaDQW/zIJZKWpoCwGf48LYJRCwkB6cSpW3NgqsNrE9ofR3VSKamKTML2uXrCigC2cDYiMVYRBh8Q2pQdCfm8HL80mChRsSd5srxW0zAAWf6mqSq18DYPLpn85X2YNoiEaLs9v8KLkMnmQAeRmYRId0/RC8lHagvff0cI4ClbTtHUbhKHhXeiKWgApmR17xfBVnTIBb15Om51qc9BhRSHH72tbZL0v8A4uW6NwmV4k9IL4o3gC3dY1yW6vO2vgF194BJyu2ux+voTYHk0GjYlnwkHDQ3bw== X-Gm-Message-State: AOJu0YywP5zavDycJ6nbfg6zZrAQZiF/Tlb0luC0S9CXnqVJwbARDcTw CTtbmxWgHXuy4G/bYsA05APEJvMaMjF4il5jwaNeMORG6mDY89U0 X-Google-Smtp-Source: AGHT+IHIEqe/Cmg7s9PimPuB+lj47WHhB9AJi/MthWBlVJ6PrU4Dd47Rx7cTZURpMhIAboN0X1uK+w== X-Received: by 2002:a05:690c:f01:b0:62f:f535:f38 with SMTP id 00721157ae682-6b1b9a64059mr67878767b3.8.1723863481074; Fri, 16 Aug 2024 19:58:01 -0700 (PDT) Received: from localhost.localdomain ([183.193.177.10]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-201f031c5e1sm31801785ad.94.2024.08.16.19.57.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Aug 2024 19:58:00 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Daniel Vetter , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , David Airlie Subject: [PATCH v7 8/8] drm: Replace strcpy() with strscpy() Date: Sat, 17 Aug 2024 10:56:24 +0800 Message-Id: <20240817025624.13157-9-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240817025624.13157-1-laoar.shao@gmail.com> References: <20240817025624.13157-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To prevent erros from occurring when the src string is longer than the dst string in strcpy(), we should use strscpy() instead. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Acked-by: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: Thomas Zimmermann Cc: David Airlie --- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/i915/i915_gpu_error.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_framebuffer.c b/drivers/gpu/drm/drm_framebuffer.c index 888aadb6a4ac..2d6993539474 100644 --- a/drivers/gpu/drm/drm_framebuffer.c +++ b/drivers/gpu/drm/drm_framebuffer.c @@ -868,7 +868,7 @@ int drm_framebuffer_init(struct drm_device *dev, struct drm_framebuffer *fb, INIT_LIST_HEAD(&fb->filp_head); fb->funcs = funcs; - strcpy(fb->comm, current->comm); + strscpy(fb->comm, current->comm); ret = __drm_mode_object_add(dev, &fb->base, DRM_MODE_OBJECT_FB, false, drm_framebuffer_free); diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 625b3c024540..374378ac7c85 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -1411,7 +1411,7 @@ static bool record_context(struct i915_gem_context_coredump *e, rcu_read_lock(); task = pid_task(ctx->pid, PIDTYPE_PID); if (task) { - strcpy(e->comm, task->comm); + strscpy(e->comm, task->comm); e->pid = task->pid; } rcu_read_unlock();