From patchwork Wed Aug 28 03:03:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13780410 X-Patchwork-Delegate: paul@paul-moore.com Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A011C8BFC; Wed, 28 Aug 2024 03:03:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814227; cv=none; b=GxZmKVDPMmGj/rmpwqdt5pvX0HsqkVx6E8FlSDR4g64erOO0/dNzjUJQV88PFEd4YeXlRk+t5TJqPJxWQaN8GeFM9ppFCA+XwaNc+qYopV6BSO/tN3zs4NiU+yB/mmPAVaDOpV8VM0b58MP9vSO+RFLFo77uxLgG2bqgRiSWdts= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814227; c=relaxed/simple; bh=eO9Ix3cDnJp1QjWFcUiG7UEKoDBxWiAVcCPosvEyIKM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=BxgVcqps7hac4NA9JyWNnvXuXPN/fRYWTdJC++qRvEXMvVlDzdRV5iNsh4xZbQnbffhiEAjRkGToNBmsDGY+jRd1587v4k0BMVz3dWd7GZWldyhXMnVAVM5HVbC8vJQbjmaS/7m1HdoAq4Gn29XU2C6w02AxwRn+dtfMxk3W4Hs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MUBOuJ2i; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="MUBOuJ2i" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-20223b5c1c0so56700165ad.2; Tue, 27 Aug 2024 20:03:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724814225; x=1725419025; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5dwC82d7KQL5pIEF6T6/bNHtBQAMogTq8DRZCJ210sw=; b=MUBOuJ2iO+3/ruxAgYLJpp5Lax6PhGENSOW8EZrQIxqWjCZXUYtAEpiBSzWneCdxEq wOHHjBgqEKhixXX1eU/5RqwniUnjWDBB5v1+6+HnIbIZTFWZP2SKrKeqQGleMNkRALOm IpAeTVjIcMEg1RLZjrSK3yEkwN5bBuJxo5uMpTSUTTwsDsZMiCspkCeBg/T59E0l3f3V yyZqi89MrCR1PEIW98XpCsK48J8vjTdHr3cTobd8CkLOs/IFta4pitILXl+JahVlPq8C d3NSH3liTy63UxzLTao0Sc57ghue6yeGij0RW2PQvCKLbG/+ufSkVcC7M9UO1vXZul+y IC8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724814225; x=1725419025; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5dwC82d7KQL5pIEF6T6/bNHtBQAMogTq8DRZCJ210sw=; b=EUMJmlhpkIPvpqITsCqW4NhhSdmTlzeT6JVhqBqNX8qEUpTl6m9jXqDMNJTIT5sg4h W/1Z47evxf90vMgtNXHPCblldDTeOrRJk67/9k+YQDHK2eB6Qb7oZb+RFEUnufdaPCht aitPi1YBSgqEU5dQN1OWuSe+pYkZ4FWvgxHCLMTC9HJen+Eq5GOwF9mSk2Ry4OuoZvoY yx9rX+n0FnGxTobqgn0j0KS3gMfKqNVCA/Kek+ZGXTuk6aji1szGN8hyNiWh81bgsYSg e5GMamUTRzXDLcttYNLfQUsVPGdJkxwacKvFWr33Fw9r/vgXYs5I7RQXucz29W+DO0zn MeTw== X-Forwarded-Encrypted: i=1; AJvYcCV6BlohGvgC07xann8Q0ZwPqog5V9hAJr5zt+Axu5xG6APi3FJ1QZjc405Ec+jAKUJ3TnJU@vger.kernel.org, AJvYcCVHAsbnIV7AdlAvnRQewozktlP6O2pWjSlsZrFQ9GFEWFDehD1iTxMKs/KxkGBfB4JI6Y5f0rM7tsiQMZwchcmZZP8o@vger.kernel.org, AJvYcCWSeshAYNVMcbPzyXNSr+euxWfUJah1nqNV7rX1eOrU08qqdc5tXYT25pTQyVPVMEu8sbZ/rQ3LOg==@vger.kernel.org, AJvYcCWXLaNZclytA79b5YnAsBGLZO6VEGKdf/5n4eKhDIuEp6py51NbHA2P89iGgZhM1QFOCDubmA==@vger.kernel.org, AJvYcCWbERGOA9UlFVq1zasIVjhgGY4po8rCo3NctGH0dvknDlQovE99I2IaK3IKSQz/QuJFSPXX65CC@vger.kernel.org, AJvYcCX5Z3QwHOHCw9txstSVwQc7w+7vo4UH7mTPPRUEbxbiGBc4F88oDl21jELGlx8T1kqMRkvmJvPCkTePvDbu0bA/QMZCAjCT@vger.kernel.org, AJvYcCXilUq/Yb1ImwJlgRTtHc9L2BjZSaPM7ce1bVRSHS096/OwrKB3+y0Ur/vLR4VyB8Bf4ZXw3CeviMevgSccYw==@vger.kernel.org X-Gm-Message-State: AOJu0Yy1oZ10vU3dFrkSFZLjWweaVJobYB3PdrCM3iL9lHcoZ7/3hF/Q xL10bUwREH/XBB0IgLRnNIqzdMzBklYp4ULjgFRbzbrJYbHzrYLs X-Google-Smtp-Source: AGHT+IEc8gy1oBP9Tt27kWFVV2/sdUfpEnu0CJVUYvciPK7kLGNgdrFqezJmS8xsximWyUWY+TcSOg== X-Received: by 2002:a17:90a:d490:b0:2ca:7636:2217 with SMTP id 98e67ed59e1d1-2d8440a87edmr695434a91.2.1724814224691; Tue, 27 Aug 2024 20:03:44 -0700 (PDT) Received: from localhost.localdomain ([39.144.104.43]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8445db8f6sm317977a91.1.2024.08.27.20.03.36 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2024 20:03:44 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Alexander Viro , Christian Brauner , Jan Kara , Kees Cook , Matus Jokay , "Serge E. Hallyn" Subject: [PATCH v8 1/8] Get rid of __get_task_comm() Date: Wed, 28 Aug 2024 11:03:14 +0800 Message-Id: <20240828030321.20688-2-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240828030321.20688-1-laoar.shao@gmail.com> References: <20240828030321.20688-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 We want to eliminate the use of __get_task_comm() for the following reasons: - The task_lock() is unnecessary Quoted from Linus [0]: : Since user space can randomly change their names anyway, using locking : was always wrong for readers (for writers it probably does make sense : to have some lock - although practically speaking nobody cares there : either, but at least for a writer some kind of race could have : long-term mixed results - The BUILD_BUG_ON() doesn't add any value The only requirement is to ensure that the destination buffer is a valid array. - Zeroing is not necessary in current use cases To avoid confusion, we should remove it. Moreover, not zeroing could potentially make it easier to uncover bugs. If the caller needs a zero-padded task name, it should be explicitly handled at the call site. Suggested-by: Linus Torvalds Link: https://lore.kernel.org/all/CAHk-=wivfrF0_zvf+oj6==Sh=-npJooP8chLPEfaFV0oNYTTBA@mail.gmail.com [0] Link: https://lore.kernel.org/all/CAHk-=whWtUC-AjmGJveAETKOMeMFSTwKwu99v7+b6AyHMmaDFA@mail.gmail.com/ Suggested-by: Alejandro Colomar Link: https://lore.kernel.org/all/2jxak5v6dfxlpbxhpm3ey7oup4g2lnr3ueurfbosf5wdo65dk4@srb3hsk72zwq Signed-off-by: Yafang Shao Cc: Alexander Viro Cc: Christian Brauner Cc: Jan Kara Cc: Eric Biederman Cc: Kees Cook Cc: Alexei Starovoitov Cc: Matus Jokay Cc: Alejandro Colomar Cc: "Serge E. Hallyn" --- fs/exec.c | 10 ---------- fs/proc/array.c | 2 +- include/linux/sched.h | 32 ++++++++++++++++++++++++++------ kernel/kthread.c | 2 +- 4 files changed, 28 insertions(+), 18 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index 50e76cc633c4..8a23171bc3c3 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1264,16 +1264,6 @@ static int unshare_sighand(struct task_struct *me) return 0; } -char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk) -{ - task_lock(tsk); - /* Always NUL terminated and zero-padded */ - strscpy_pad(buf, tsk->comm, buf_size); - task_unlock(tsk); - return buf; -} -EXPORT_SYMBOL_GPL(__get_task_comm); - /* * These functions flushes out all traces of the currently running executable * so that a new one can be started diff --git a/fs/proc/array.c b/fs/proc/array.c index 34a47fb0c57f..55ed3510d2bb 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -109,7 +109,7 @@ void proc_task_name(struct seq_file *m, struct task_struct *p, bool escape) else if (p->flags & PF_KTHREAD) get_kthread_comm(tcomm, sizeof(tcomm), p); else - __get_task_comm(tcomm, sizeof(tcomm), p); + get_task_comm(tcomm, p); if (escape) seq_escape_str(m, tcomm, ESCAPE_SPACE | ESCAPE_SPECIAL, "\n\\"); diff --git a/include/linux/sched.h b/include/linux/sched.h index f8d150343d42..c40b95a79d80 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1096,9 +1096,12 @@ struct task_struct { /* * executable name, excluding path. * - * - normally initialized setup_new_exec() - * - access it with [gs]et_task_comm() - * - lock it with task_lock() + * - normally initialized begin_new_exec() + * - set it with set_task_comm() + * - strscpy_pad() to ensure it is always NUL-terminated and + * zero-padded + * - task_lock() to ensure the operation is atomic and the name is + * fully updated. */ char comm[TASK_COMM_LEN]; @@ -1914,10 +1917,27 @@ static inline void set_task_comm(struct task_struct *tsk, const char *from) __set_task_comm(tsk, from, false); } -extern char *__get_task_comm(char *to, size_t len, struct task_struct *tsk); +/* + * - Why not use task_lock()? + * User space can randomly change their names anyway, so locking for readers + * doesn't make sense. For writers, locking is probably necessary, as a race + * condition could lead to long-term mixed results. + * The strscpy_pad() in __set_task_comm() can ensure that the task comm is + * always NUL-terminated and zero-padded. Therefore the race condition between + * reader and writer is not an issue. + * + * - Why not use strscpy_pad()? + * While strscpy_pad() prevents writing garbage past the NUL terminator, which + * is useful when using the task name as a key in a hash map, most use cases + * don't require this. Zero-padding might confuse users if it’s unnecessary, + * and not zeroing might even make it easier to expose bugs. If you need a + * zero-padded task name, please handle that explicitly at the call site. + * + * - ARRAY_SIZE() can help ensure that @buf is indeed an array. + */ #define get_task_comm(buf, tsk) ({ \ - BUILD_BUG_ON(sizeof(buf) != TASK_COMM_LEN); \ - __get_task_comm(buf, sizeof(buf), tsk); \ + strscpy(buf, (tsk)->comm, ARRAY_SIZE(buf)); \ + buf; \ }) #ifdef CONFIG_SMP diff --git a/kernel/kthread.c b/kernel/kthread.c index f7be976ff88a..7d001d033cf9 100644 --- a/kernel/kthread.c +++ b/kernel/kthread.c @@ -101,7 +101,7 @@ void get_kthread_comm(char *buf, size_t buf_size, struct task_struct *tsk) struct kthread *kthread = to_kthread(tsk); if (!kthread || !kthread->full_name) { - __get_task_comm(buf, buf_size, tsk); + strscpy(buf, tsk->comm, buf_size); return; } From patchwork Wed Aug 28 03:03:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13780411 X-Patchwork-Delegate: paul@paul-moore.com Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69E7A1CF93; Wed, 28 Aug 2024 03:03:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814234; cv=none; b=lDeg4aNbdOfIizRNHiQSJYsDcwdzPEqnMdpjsOAg7i2bBAs6c5SObdouNsBEDQ5dOSNvTFKkoIeeJEl+IMtzE6fODa0eMJU2x547rMATlNnme2tURnh/Lh/D4L68TXVhU7+AuuW8Fd6EwzLH4nfQ0XZaYbSX5Bfkcxzn3F1ZkPQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814234; c=relaxed/simple; bh=mCSSieTexVEhRe5gQHXuwUO8PEAZIQurKnIO9AahPJw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=WFPxhG+6n3aM8ymu/1zC2BWcdAD4UClbiGghD7jI0ibwT8q0WjO3MZrNlbI7FRjS8mu1rdXPQpmCZw8ddrtIxQXHKnIcm2uNtJew6xchi+9drDegn9VgMhFuBdSe8+Yd1CAChcwclWyGHSiMvMjEtmUHjOrbtJ26VC1qnBM5YGA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lKdypNtB; arc=none smtp.client-ip=209.85.215.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lKdypNtB" Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-7cd830e0711so132434a12.0; Tue, 27 Aug 2024 20:03:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724814233; x=1725419033; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+RcIZVYUDMrvydSLTObUn9UWjAdkDM4CrmA64YTz3G4=; b=lKdypNtBDAb/oJWibZGDg3JpUnUybpL1fzsasVytYsYlV9UJTgr3IHL0Ooo8QEjvHE 9sWZ00SjwbwhKsfL+x+UOPwJ9muD0zwMMqWpkbUcJ/UWz6yHbSBmdtaZ7wxruIAsy1+l V/ypnyDvK9InJIFq3JKvIV62JNvPLgN9yRn/LElFGoHtA4noBFM/B3oEPfgf/XWs/KMe mCQ+Z/Qb4WJdwc2lCk+ImV7+1rX1Qc4dm/GXS4KIFVGbQVTkewf9LpbOcLwERUqY08wC 1dhMYOWqNXvUYRvSVyjDhELc0lo+6qZJHSroNvfSKYYE1FGOvhsjcCW/KxD7kzfxm3AN wpew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724814233; x=1725419033; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+RcIZVYUDMrvydSLTObUn9UWjAdkDM4CrmA64YTz3G4=; b=AFeL15nrbTCa0w+GgIueWytSc1RVbnG1IbQJwu4muoZ+8MWBrnVdJU5F8hA45DG+tU iaSj9O/hqWQtkVVgTFeOnj41bLCjMvLny5y6YBfrmTLv029mm64QkGQH18DihhY0nDJn 7V6u8HDxH91Vxg5HnvYF7P+o53/T1Ne+qwX9937KKElcjhiWUDyBcwAeOxJNbuJHZ10u 7HOUtQkdP4beP7dndI2argQeFfAPtgpo34B0SLFNz6ov8Y34XlL67gybauuQE+SR+4af SOk5SLUr4Wf+zSCmIVdnSoReAQwqzJL4p5DIutr/y3NY2CaffCpaYF4gLqLXjtoUHf+5 d7/Q== X-Forwarded-Encrypted: i=1; AJvYcCUPePrRIBVWC1cDu052nR0yiIAbq4TWyS0SwLmeM7ThvDoUBL4f9NFTt6/2fo2X2AcSSWBgYdFSPm5SjYpaIl/ZPPgHrhox@vger.kernel.org, AJvYcCUPy/AsNYDjJcvq6qN1M69dfWSeAPNP1ph/L/4lXVc+5P2XjbSVst1ZfjF/wmw1Fs65gnYXsg==@vger.kernel.org, AJvYcCUiGQi4MZ1IhEB4clMG8lwDQpD6zHPPh5ilfeZE1Tc/WSbBFGWoZPZqmd2Z/pjnipPqyLac@vger.kernel.org, AJvYcCV8G648I8++ADIYukKhB/I4VYxC2dwb1JNOHHIVtOGX1FQDptQjRWBn9fPivd/JyHuQMarzVCuzhg==@vger.kernel.org, AJvYcCWHhGz3Q5BKNA/7Y5SgxRlM2vWNPOedKkmUz4TuWvU6GJxBxPKhZO8Byp/bM/+QK5/07+ofuCpY@vger.kernel.org, AJvYcCWisK/QZQQ1YOWshMnrEsVF0wOPsXyaBOvVXJKlfqjahadK1TikAn4PAPSUutMz6xXveGOWOp4ZVFY8ZtvWo8FnDmFD@vger.kernel.org, AJvYcCWsqvjnFwmn2vPJXU/cHFEYCCc9OziAi3fgeA3KulSsd9Qak5MTElg1roetJDTRptgaawN9hpM1ZfRUuHKVqg==@vger.kernel.org X-Gm-Message-State: AOJu0Yw89dhPPBaui6oVubZtUR8rxgBoqVUMG4g/7co/YIU7NozG8H0L Lba4Mt0kGYdyUEFcP0VQhNLtNNiyr+M4sMIOUrVuebj6h+AHvWv1 X-Google-Smtp-Source: AGHT+IGFzzoi8lpwMf6Iv4C1DEmxZSABK+5V2UtAilXgBtIiNQOvP4ALnfkUbY0O1vyUXWVYARLCDw== X-Received: by 2002:a17:90b:d83:b0:2d4:91c:8882 with SMTP id 98e67ed59e1d1-2d843c839efmr1207327a91.11.1724814232595; Tue, 27 Aug 2024 20:03:52 -0700 (PDT) Received: from localhost.localdomain ([39.144.104.43]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8445db8f6sm317977a91.1.2024.08.27.20.03.45 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2024 20:03:51 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Paul Moore , Eric Paris Subject: [PATCH v8 2/8] auditsc: Replace memcpy() with strscpy() Date: Wed, 28 Aug 2024 11:03:15 +0800 Message-Id: <20240828030321.20688-3-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240828030321.20688-1-laoar.shao@gmail.com> References: <20240828030321.20688-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Using strscpy() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Acked-by: Paul Moore Cc: Eric Paris Reviewed-by: Justin Stitt --- kernel/auditsc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 6f0d6fb6523f..e4ef5e57dde9 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2730,7 +2730,7 @@ void __audit_ptrace(struct task_struct *t) context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); security_task_getsecid_obj(t, &context->target_sid); - memcpy(context->target_comm, t->comm, TASK_COMM_LEN); + strscpy(context->target_comm, t->comm); } /** @@ -2757,7 +2757,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); security_task_getsecid_obj(t, &ctx->target_sid); - memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); + strscpy(ctx->target_comm, t->comm); return 0; } @@ -2778,7 +2778,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); - memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); + strscpy(axp->target_comm[axp->pid_count], t->comm); axp->pid_count++; return 0; From patchwork Wed Aug 28 03:03:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13780412 X-Patchwork-Delegate: paul@paul-moore.com Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 96F3C3AC2B; Wed, 28 Aug 2024 03:04:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814242; cv=none; b=kP1ZKtN+qwpiCB+cGgC1Wgo0hFRHhI9Pj/Wc4ui9AbEfvfj3xS7AR1HtPftT7PhIWEhxG3f1XZjl3kFw1o7bhzO2pdtkZXHXHK6vDLTiPTNOCtdSnH9JbkyKijcvG+VyvzfBshYOyckYEU1TdrazphSimlk3o6LlSkfxQatfLLQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814242; c=relaxed/simple; bh=ABhttoS6oXw2j+hmHjcdgyTovB2nFehBatzjdciJ3nM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=INhLyBAuWMmNhR8Qv6CDlQngzhtqlqhAXTWrPAaS7LiPtGg0svKtQyUTao0FrVtcHmlhReCNA8YwepelPkYdEV5pTVRB7qDRExhaqa67yJlHPoAWdpH3th30kMbZyHn+pGPoNIAyiKa5y+pVvFLVvGrDr3ZCuHrHcc6XNT04Ne0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Tko/Fbck; arc=none smtp.client-ip=209.85.215.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Tko/Fbck" Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-6bce380eb96so3435379a12.0; Tue, 27 Aug 2024 20:04:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724814240; x=1725419040; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mIIMsSPqVp5AusgTbRbdrgF3qEr8ccJBENe3BbQ0UBw=; b=Tko/Fbck1Eb42MU9iHY8WN5DxJwkwvSYihJQoYgbWCy5WgELU+TdmQPGrduKpmJDCU /qw7z4vgBAGiBdm/RR9QWCqhgHGQhI6tK36qEzZW4BW4bVlBii3VaPoGqkM/tsqp317J W6WmtXvNIYlA4dh2p5u1tf5F0vVTDwAD06SHPKIpDvNtXJnMXzQT0GCtBfaZjYwDb3ZE mQ1O6/K9044FNXKvOTfaPqfbnK2MK1pCV5vg2Mc3C85XhBCffaxFXRC9E0ddbt6qIROd Dtx1ceaEzEYCq3cM5FhWKoIg3HafGGuaJ5K26SMX8ud1hcFtEZoxtLFVl7fakXMLyJ4d SrzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724814240; x=1725419040; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mIIMsSPqVp5AusgTbRbdrgF3qEr8ccJBENe3BbQ0UBw=; b=Z2Mw9oXG+PfnbzkY5qGQx4K5Zv6xxrQZkxJ55L/AiKjjzKy/5UCuTJmS/UgDsISR1k CMlqoqPUPS/jeFxJhe9EJV3LWeG+QQiBHLft99DAgtoFFm5qfrHEiH7vhK5krFcKKQeZ 8NAP5UWD7jHK00K2xemTdGbX8xgGFbRLKE01wm0L/4uOTbyTYPXrDYottV9EpVOkfZ0Z zv79yWZMeZTFANB+ZTi0OJa8SkPvakQkEoHdDu7DnavXZFcuvp7FyoqQrwcnfdPMuANe YRZAGMtYT5hH4tFp0zem4AdVdu+AOZLJ4xtcQ2fjoACkG7Fcofq85QidzOq6LbePwpo1 qJLw== X-Forwarded-Encrypted: i=1; AJvYcCULeLsR+ZYi6MDnNdFPOGH6UU0kd57wUz2RwqEmFC7UXxnSYCZJrSennvB4wTsbAtP2Ackx30lM/eepsGKA9JHpgTkW@vger.kernel.org, AJvYcCVMwehzf9YqJdFQzXqV2WxqPS2EVqPUfAh7GOAriVVnUwR6s/pX4ASMo4P1u9LJn83Dmpui0tjsOc+0E2jQAg==@vger.kernel.org, AJvYcCVftzj3tyVz8viDNjx7jWU7NzXIDFHuKEmdidAmPKYWcMq+FXjTBPx+kYOC68Iz8+AhNHe7/9vCiIaeC3cer4spNsPIJyND@vger.kernel.org, AJvYcCVv10XsoXGdmjgFirUGrqO0Eyt+435PfByBMlW1/kFplXkJky1+BIt2kOxbOT4kzhR6MDw7pA==@vger.kernel.org, AJvYcCWVwWxgmhFd/+YhZ7m4KZwc6GBiPlpBsbSzGEANSzDeBoBvlko8K63jQ2U48MkTJTOwHc9a@vger.kernel.org, AJvYcCXAf5R9dkPQdNPYnVrhF6xiIs0H2j0Um2nkvorC3J1VEDaQgHxRJ9EFDJKGG3sl+ZBnj4gogwaA@vger.kernel.org, AJvYcCXBUtDdc6BjFDa56G2kNW7SZp3uszBgm/pr3FqyfFTn4qq/cub8igJdf7IPa5zCd18TujZonuIWsA==@vger.kernel.org X-Gm-Message-State: AOJu0YyRGmCc60h6fjiq1xJecjN1i5cpYOrn+KYfOBVN4UYEbG4LyOD5 DH3GFQboyfTy9dpoH8t88zsLY2x8cqR6DSERM8vXvQV+vKZTX0/J X-Google-Smtp-Source: AGHT+IFERm607QheW54BofDpcXniBv+8JM5KHrTSMUx7woXR1463qkdvSKbT6nvldL/lDZfqmA0dvg== X-Received: by 2002:a05:6a20:43a5:b0:1c4:c7ae:ecea with SMTP id adf61e73a8af0-1ccd286f499mr543329637.11.1724814239886; Tue, 27 Aug 2024 20:03:59 -0700 (PDT) Received: from localhost.localdomain ([39.144.104.43]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8445db8f6sm317977a91.1.2024.08.27.20.03.53 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2024 20:03:59 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Paul Moore , James Morris , "Serge E. Hallyn" , Stephen Smalley , Ondrej Mosnacek Subject: [PATCH v8 3/8] security: Replace memcpy() with get_task_comm() Date: Wed, 28 Aug 2024 11:03:16 +0800 Message-Id: <20240828030321.20688-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240828030321.20688-1-laoar.shao@gmail.com> References: <20240828030321.20688-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Quoted from Linus [0]: selinux never wanted a lock, and never wanted any kind of *consistent* result, it just wanted a *stable* result. Using get_task_comm() to read the task comm ensures that the name is always NUL-terminated, regardless of the source string. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao LINK: https://lore.kernel.org/all/CAHk-=wivfrF0_zvf+oj6==Sh=-npJooP8chLPEfaFV0oNYTTBA@mail.gmail.com/ [0] Acked-by: Paul Moore Cc: James Morris Cc: "Serge E. Hallyn" Cc: Stephen Smalley Cc: Ondrej Mosnacek --- security/lsm_audit.c | 4 ++-- security/selinux/selinuxfs.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 849e832719e2..9a8352972086 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -207,7 +207,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current)); - audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm))); + audit_log_untrustedstring(ab, get_task_comm(comm, current)); switch (a->type) { case LSM_AUDIT_DATA_NONE: @@ -302,7 +302,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, char comm[sizeof(tsk->comm)]; audit_log_format(ab, " opid=%d ocomm=", pid); audit_log_untrustedstring(ab, - memcpy(comm, tsk->comm, sizeof(comm))); + get_task_comm(comm, tsk)); } } break; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index e172f182b65c..c9b05be27ddb 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -708,7 +708,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, if (new_value) { char comm[sizeof(current->comm)]; - memcpy(comm, current->comm, sizeof(comm)); + strscpy(comm, current->comm); pr_err("SELinux: %s (%d) set checkreqprot to 1. This is no longer supported.\n", comm, current->pid); } From patchwork Wed Aug 28 03:03:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13780413 X-Patchwork-Delegate: paul@paul-moore.com Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A43EE13BACB; Wed, 28 Aug 2024 03:04:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814248; cv=none; b=gP5K8t4SG5uMz8LXIJQZcqlgo/P1t0Ql+c6UoKe8mfbT7glKV2Y8Q/UIClK9glsPwUq7bSA9urVryaJYtjzxdnJ2lsR/EuTujJq2yvSEF4unoGz7rE9zeofju/6FbL2+xhIM+zoJQw1kdkucqKc0Af8ukSVmUYyVxLi6TI7fSSU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814248; c=relaxed/simple; bh=56ESQtaoBbBqZU/saKgTljkr5U/isylgWUhSQpUUDZM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=gheBdwoXtHVfkoNUJFP6S1/tjNt/MMKZrk+6X8u0wIC8GN3RIkpIu7XlKJrj9DMybfClhHM4xNNewRq/ufvKkIb+vpVMp6NxbH7qdjWt81EWeQUXB08nkvVGvfcXY2UtkibEMhzH6Z8yeN3Tkqk3ejEBQEGYyMHJ1tX4PPAavw4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=HhcW4YYu; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HhcW4YYu" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-2d3b595c18dso130048a91.0; Tue, 27 Aug 2024 20:04:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724814246; x=1725419046; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QQdkC9XISn7BWPlTE5/iE7aUj/L2jeLonKoaBsbNpS0=; b=HhcW4YYu8/USBGyVJ+zTZSsOoWr2MhH1FufFaiuA1Fb0VP2O+I4aEhMaB8r0hdNPto KhHV/jCBPDPX0S/0+ARkH4n6xNOAkbL/LdCgijK3kEfTNh3o6TCDmRLrFGnb54YOQABF vlrAAY1b0kFKkyZHW4nEmHytFwlGf4+0fzElecIdwZ/1FYIxP4zXmkzTALtqIrO/5Q5t y1+0h8ivUfZMZAigr+6BDg55DlSnlvuoUMEzKFL4bWrlSNfhj4YBYDxZM5F4UOtXJkUT oKkl4RrYE4rn5KpgB0F+r/gzrWGEPzMC2CzveyqpNz3AamiBaYnIsx/yCZf9hq9FF6X/ earw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724814246; x=1725419046; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QQdkC9XISn7BWPlTE5/iE7aUj/L2jeLonKoaBsbNpS0=; b=uvDvkDX2Vuuutl8DgfKNcuL+oR7aQBzSQIuPanniUDEWu1P/GVb+AzCHw9QjvM5K0h v/kiUPPKKwmuKtaYIeRKLv+B4qhPLk1Mo1vWY5AwfwmxjKW8RKS2nJ7h/LmH63RXloj/ GChwwVo7J4zWoVI2+0FqeaJKLYC0UMSUD5LMmBhIjPlitMJuNVYAUMSVdyZ12pg1xj37 6T+z3fY1H0Hge0KV+VGHE5taAKSH/q2UvivRErat18pNPqzgNy9u3c+RYExF4SAr+HuE A4whVKxGrZ9l/5fKVZmIdrq8Jd9Ke6tzJneX34In3FUhmhHTfBvpMepHktk2LSZb5Bfz 3U7g== X-Forwarded-Encrypted: i=1; AJvYcCU89CKuWWu9iqSQdTrXna7Krzsg1cLMkgo/h0m/AL3I3Ry+/rf0e97R05xKJVivgFbfju1q@vger.kernel.org, AJvYcCUObRj4d5UegTrTvn/9fhM6ttjqL56ZDHn4fnibIs2QaOiAIS+4e0R5at8RvtgmDlzq09q9DQ==@vger.kernel.org, AJvYcCV3keT07imD6RxVPjOBmImFicLxBApt8VV363sIlGzFBXV0Ren4s5rs213MkFyFO+dxEfL1HTaepQYffMnMFg==@vger.kernel.org, AJvYcCVJdXVpxKiNUJrrDXCncqQpYomASD8Vd9JZ+TMvdi0a0JI50nyCdYPtdlnOM9p1AvO2uBYeWjq6@vger.kernel.org, AJvYcCVSsIkyff4UMq+QmwVs6+pyFgeSzJHrZO9Zl504ZGOzd+S0z9UWMG0nG9J+lnu0SCVGVo35KGl0fB2UI40gdgNJ9lMV@vger.kernel.org, AJvYcCVuPfJtHIXUMIGWc+fvAW93mkMZ7QXjUmbzwmuqskodZCIy9qnNoYmb82cyv4OlGG+yM5pkXn/HH5QUmFBGCZYbGGgUntiv@vger.kernel.org, AJvYcCXV4oW5CXp+TkeOo4DIDpBRi85iRpvX1TG6iqcktSZfJ7YDltviznSvFp4SbdMmHRfZBavlBmOIrg==@vger.kernel.org X-Gm-Message-State: AOJu0YxDnq+/AQXrIMmWRsPhAiLrYIcCQQiEwLrenxYmoyJMgNoekl2j 027ov+7E8TzNWgyH6L4BbfEbQsdgCh5dpI3LyYHZIpJwCzR8jVoq X-Google-Smtp-Source: AGHT+IHxaydVqwv10Tfh2ak5vjo3hT38eMV2JYlayqlM6cQqHxMPAOmu6Mb/QjPRAxpmFPgYrqTvlA== X-Received: by 2002:a17:90a:304b:b0:2cf:f860:f13b with SMTP id 98e67ed59e1d1-2d843da1884mr1305336a91.17.1724814245904; Tue, 27 Aug 2024 20:04:05 -0700 (PDT) Received: from localhost.localdomain ([39.144.104.43]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8445db8f6sm317977a91.1.2024.08.27.20.04.00 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2024 20:04:05 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Quentin Monnet Subject: [PATCH v8 4/8] bpftool: Ensure task comm is always NUL-terminated Date: Wed, 28 Aug 2024 11:03:17 +0800 Message-Id: <20240828030321.20688-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240828030321.20688-1-laoar.shao@gmail.com> References: <20240828030321.20688-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Let's explicitly ensure the destination string is NUL-terminated. This way, it won't be affected by changes to the source string. Signed-off-by: Yafang Shao Reviewed-by: Quentin Monnet --- tools/bpf/bpftool/pids.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/bpf/bpftool/pids.c b/tools/bpf/bpftool/pids.c index 9b898571b49e..23f488cf1740 100644 --- a/tools/bpf/bpftool/pids.c +++ b/tools/bpf/bpftool/pids.c @@ -54,6 +54,7 @@ static void add_ref(struct hashmap *map, struct pid_iter_entry *e) ref = &refs->refs[refs->ref_cnt]; ref->pid = e->pid; memcpy(ref->comm, e->comm, sizeof(ref->comm)); + ref->comm[sizeof(ref->comm) - 1] = '\0'; refs->ref_cnt++; return; @@ -77,6 +78,7 @@ static void add_ref(struct hashmap *map, struct pid_iter_entry *e) ref = &refs->refs[0]; ref->pid = e->pid; memcpy(ref->comm, e->comm, sizeof(ref->comm)); + ref->comm[sizeof(ref->comm) - 1] = '\0'; refs->ref_cnt = 1; refs->has_bpf_cookie = e->has_bpf_cookie; refs->bpf_cookie = e->bpf_cookie; From patchwork Wed Aug 28 03:03:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13780414 X-Patchwork-Delegate: paul@paul-moore.com Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B7EDE132132; Wed, 28 Aug 2024 03:04:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814256; cv=none; b=mzd857QP9MwAXspnmulp80RtFfvWyRnh2GgYqKdxwrJfjI8KT4stDlkd7vPUxRtRaZ6xciqmFNPJ/d+SslhxHCumcZZZiKcAxyttfDt+9Xo/7bet2sZYxN6j3Aja4mChA+DrdQ3P/AHSYHOy/WOesoOzOmNFaRjYInpNYDclxf0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814256; c=relaxed/simple; bh=AKUKeXG3rR4W64tTAZjDR7220EmBnpL03mh0NUmcuXM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=fQn53caO6gzFsLGUSuPKbT/DvPxpD5g6yc3V/ard1A14A5SxQ1U6KSvk+HblGmpFJkmlsM/o0MPRBe5Hr/scdYow4KkBM9ifoOsNclRxJTItBJ3m2DQfBVdTeeCb5vBY+L8lZB9pIg/xzm37tC0dBd7CeGq0OIXjOl+yjWyH3u4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=AE1XsnkA; arc=none smtp.client-ip=209.85.215.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AE1XsnkA" Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-7c1324be8easo120148a12.1; Tue, 27 Aug 2024 20:04:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724814254; x=1725419054; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=N9R7Mhbk+Se4PIDhpm0/p6nrldMPUtb+oC6vNd91DMo=; b=AE1XsnkAw14RfqXi6Nl1oqdu7S2gdUsvqRT7RHeuW5mZ/z9TLNKk1F+Oxe3/d8t++0 tBpNCs/w43yuEoFopclB1plI6IZsFBXXa7cZUdBNug/MVqcUsl3GQ61Dxt3hT8Ottk9d pJkyXkAHA023bAwEUCiX+SrhyGH0grPpFlt2a6OQMOPH8+vBSbLWzCt5IxIf6vsjsJcz bHZwjZD5Ml5p1bxnujfeCqutxK2HaADzu751Numeq8hpDoteJMVUdQ7sn7K8mrlojx+I bbbxAsDG2VeVoOLVZH93lwcx0vNVLkc0WqTCx8k26rb6Di4ZTu9aOC0e3fC5ey5Vl4Dm Z/sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724814254; x=1725419054; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N9R7Mhbk+Se4PIDhpm0/p6nrldMPUtb+oC6vNd91DMo=; b=KlfSL4Pl2h6Drwr/i1ttwkod5WSVS69cvGHTOX8jU/mEIcY6kVNhvDNVhAd55WIhrm pNXECPaQB8RYuoK2x0WuDIvl6GcTuAH2IShW7l0P3Z5zUvwTRGaTd2JeQno0Zaheu2pO I/LcqSZoayvFE56K1ZuuwJmHQw/4bsC9XbbnkkCLP4ytdMzBLfHFlxiy8cVgheb9iTbx DHjR7RhhuO1/6gDnvwv4OGISIqOsxrQSWamLlR0Nz042E2SUCN8GXOi5VCH6y3/aRtZI 6DEg1WdqCYkkRhHAl5viKAPzdzHW6DvuIrj8LM0CSv5XWNBI11KpTgJmDNjDoimsJwo+ uTGw== X-Forwarded-Encrypted: i=1; AJvYcCUF+eQr1oxnEkDm58EL8SlSWRSm8fYTtroroNrEqHaBImQiIUbnduriHCpxv5ovGNraADaBWJj3B5fBzTQieA==@vger.kernel.org, AJvYcCUF9Qd3tXnIiatWQYh6lhuA9SLcR8t957sKOkfGA8f7amLZf/IYj5B7QCP1uis1de/RN3KQMTU/0nCYw81p5//439+Uspj2@vger.kernel.org, AJvYcCW8KQY97vn9+V/psunq6WqjJnjgzyP8IJgYcddnbwOvlXm6OKGAEH9jUREdRi5S7S1DEn2Zk88yFMVJsjPJNJzoAvRJ@vger.kernel.org, AJvYcCWGBiEYMB+aQITZlPM9E7iBUWlr1J8tTg+IBfIvfZG8DWCiYMu94IR1/xXxjhz4ISfPsaFh0zZm@vger.kernel.org, AJvYcCWWtsKiNDOH6HFzEssEfnReudmg74mAj9D7KotwjYjJ4uYMwxWap/jca1rwfWOUFDe81yd/gesPlg==@vger.kernel.org, AJvYcCX59CRocOyi+vdEzgWXqEIOrBIeABgsyXF6fS+w8hS8hWhWwDDZ64Oq9H21X/qL1JFsDgAh@vger.kernel.org, AJvYcCXVRFq5BrICch8XvrWmvGV+4k6FpNIWqTXY5LMEaYs08XAqC3VAvi43XjceHYxR/W3OGDqYcQ==@vger.kernel.org X-Gm-Message-State: AOJu0YzXokGO/NSOaEljZXUG0tDMrygQUvRUnKvdnkC+1fCHStDlCXdP r86S8zi2KPSStxIxqJ6ffW+USX4An8BCSPLybL26UwCeeyyRgjYB X-Google-Smtp-Source: AGHT+IGCtw+zPOY+Vs3gCNaMxterxPo1VEjCCML55T5/9brSfwlu9kiROVQ6nSIbi2XhsLWhhe27AA== X-Received: by 2002:a17:90b:3b49:b0:2d3:d79f:e8b7 with SMTP id 98e67ed59e1d1-2d843c16e68mr1209703a91.5.1724814253885; Tue, 27 Aug 2024 20:04:13 -0700 (PDT) Received: from localhost.localdomain ([39.144.104.43]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8445db8f6sm317977a91.1.2024.08.27.20.04.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2024 20:04:13 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao Subject: [PATCH v8 5/8] mm/util: Fix possible race condition in kstrdup() Date: Wed, 28 Aug 2024 11:03:18 +0800 Message-Id: <20240828030321.20688-6-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240828030321.20688-1-laoar.shao@gmail.com> References: <20240828030321.20688-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In kstrdup(), it is critical to ensure that the dest string is always NUL-terminated. However, potential race condidtion can occur between a writer and a reader. Consider the following scenario involving task->comm: reader writer len = strlen(s) + 1; strlcpy(tsk->comm, buf, sizeof(tsk->comm)); memcpy(buf, s, len); In this case, there is a race condition between the reader and the writer. The reader calculate the length of the string `s` based on the old value of task->comm. However, during the memcpy(), the string `s` might be updated by the writer to a new value of task->comm. If the new task->comm is larger than the old one, the `buf` might not be NUL-terminated. This can lead to undefined behavior and potential security vulnerabilities. Let's fix it by explicitly adding a NUL terminator. Signed-off-by: Yafang Shao Cc: Andrew Morton Cc: Alejandro Colomar --- mm/util.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/mm/util.c b/mm/util.c index bd283e2132e0..9a77a347c385 100644 --- a/mm/util.c +++ b/mm/util.c @@ -62,8 +62,14 @@ char *kstrdup(const char *s, gfp_t gfp) len = strlen(s) + 1; buf = kmalloc_track_caller(len, gfp); - if (buf) + if (buf) { memcpy(buf, s, len); + /* During memcpy(), the string might be updated to a new value, + * which could be longer than the string when strlen() is + * called. Therefore, we need to add a NUL termimator. + */ + buf[len - 1] = '\0'; + } return buf; } EXPORT_SYMBOL(kstrdup); From patchwork Wed Aug 28 03:03:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13780415 X-Patchwork-Delegate: paul@paul-moore.com Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3290A3AC2B; Wed, 28 Aug 2024 03:04:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.181 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814265; cv=none; b=Z/Gc2SEHoUCmmpeYBqwEArlz7k2OzpCk3hW7/u5FPc7KCy2ISpTdzIpqEjJX1Uj8Pp6FeYvw83WXSK1i4t/x3ThpFXXIOd/FNCutlTJF0HcLgDRgeYJP635gQiZpaDXXgKOgYRudcty30DKXrt+geKWgvwjt9f/zNtGagX5kjpg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814265; c=relaxed/simple; bh=kJkXbz4A7GTjlabKI6l0OuSv1zIXTDblkh3pvhLskhc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=b8dnO09e1aTcfAGm0gjHpWwEeMj3ZC2rcCNAt1kyvIbsPFrrSV7UpGcMvZcF2z1pMYgwyZpxI2YBGdUMf2Id/EgYlVhvwRDidyZFgS3xb+q3ZtodPdy76iqgFC4kn7WqQpyE0k58NYLWVd5V4N2bl/Z8z4B04N/lskMBen2O7U4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=SvTL1WQx; arc=none smtp.client-ip=209.85.210.181 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="SvTL1WQx" Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-714287e4083so5562699b3a.2; Tue, 27 Aug 2024 20:04:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724814263; x=1725419063; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=O1UnhBnsG0EZ9945TsUyg6NQ1s52ltgN7fNtAXZRUfE=; b=SvTL1WQxhUtEBaSepL955CFDDOTvboqGrGHB6kwvuYb+vU9RyjFQyJMitRZQPVwaAb NOvN4Bp5h8ilKkxpTL/at6mN9FC37jCPLEJrSsVtN6dl6X/jauxi64oirenWPC1pNor6 f1qHy/raOqbaaNt1+Q7V6WjFEiWwwxWcsE8tS/6tjLSpu5GiTu74gzlP4B8EkhlfgR89 DqUCLFu/uXCUHjC8swwljfNQjp/WvuT+UU3k5w+oVOLtlSwB/khCOYkL03/SYWhlz4aP 1bMy1jEt7sIHQM4M+l54jVjJgiKke6Y7sgR/3Ud2ghpUNgeaLnW76ZBsqHid3ZsS2pJM /Flw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724814263; x=1725419063; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O1UnhBnsG0EZ9945TsUyg6NQ1s52ltgN7fNtAXZRUfE=; b=JSrM1x3SpA87I4tFAxBTYcrw/nP7ls7zFeLqPvuV6wuhxXQ3IftbMf8E6RrqSuZe9h PmusHRd9RUb6o3TvAloXw0YNEHteCXBczq/kQ4qJ/otnkxLm6KcUaWzRsq/3sr9O9+CM pOzyhz3N50zskoW0hP3ra00dwTXmg3kG16UtCp9xxfM3r5N0Ocz4MMPpwjR5qXNApQyf mcPqnmgUuLEyG2TAouUECiVBmxW3s34mJSRO1Tcq86ifWDZvB1K0+ggy4pqCrK5nWrhJ 4ShErwwp8VckYlKRk6BaOvs3hzFU69TbEftgXVmvJ4Te0qBcWnTqh2UO/3vI5EH1fjAr slIA== X-Forwarded-Encrypted: i=1; AJvYcCUTvzTBgvxXXtmMHULnuATx6Tn0Ak5D2inf2qUyPlQ7jpYNK9Fq8rcf5LiMSSS5YcE3dGF0@vger.kernel.org, AJvYcCUakcqjMItYlb065xL5TQZxPXtUA+yeWiL42C0IaR9t6RkKnr+dO4uqukKCeVeIYmCNxGTk6ogQmYdoWdGuBUnCxsxu@vger.kernel.org, AJvYcCVIUGqsU9p1uZEdfvjYqyZjxnjsvlhTbhS4UiEcQNyWEmMNzJSKdxJMc55dW5HNQshjxp2tKk2Wdkjxu3cA9w==@vger.kernel.org, AJvYcCWhGQBudu8RRbA/R6yYcyxjKdR2jGrvMIqwLZSeBecPQLHMqA3S23xSs2dhsTJIv6JqYYP8lg==@vger.kernel.org, AJvYcCWks6PeLSXbgD6zLUrv5rDI9f1cDlbf30Mqf4LKf09iw4jaxiKOESHTbx2jdelDuW2KodaJCscSz1oqLd/yzxBBoPlmbbuV@vger.kernel.org, AJvYcCWn+A8fxlChSoKOIZkK+ocsBuofmuNvfIkjgCA2eoIyas1O/1K9KrJ8erqRh44eeOS3IJxS4elu@vger.kernel.org, AJvYcCXy5LaVx+p1Rr6/ZEWS97UtVBRWzZ2KcWhB1Iw+TAVeU9mAwt99vmRAUMAFa0xZkqBUxhTWv2fvxw==@vger.kernel.org X-Gm-Message-State: AOJu0YwgQu8o6FueWMvYZHMurLxSzNwQeDZ+j+PKK05u/02EH1DV6kxo dFeuivzKOoiinzK9/7xHyGbO+pptk1OkE1S8gW6qjmGzIsjRRgibgkOP7e8S X-Google-Smtp-Source: AGHT+IG7QBffnYc0dCLvaTOX5KXK0mJkKlpaXmWfgPhMMu+561lRAfU2Q11Tqx0ug2HVRiltuCcmIg== X-Received: by 2002:a05:6a20:b598:b0:1c4:b931:e2c4 with SMTP id adf61e73a8af0-1cc8b4bd8bamr18005852637.26.1724814263473; Tue, 27 Aug 2024 20:04:23 -0700 (PDT) Received: from localhost.localdomain ([39.144.104.43]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8445db8f6sm317977a91.1.2024.08.27.20.04.14 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2024 20:04:22 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Simon Horman , Matthew Wilcox Subject: [PATCH v8 6/8] mm/util: Deduplicate code in {kstrdup,kstrndup,kmemdup_nul} Date: Wed, 28 Aug 2024 11:03:19 +0800 Message-Id: <20240828030321.20688-7-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240828030321.20688-1-laoar.shao@gmail.com> References: <20240828030321.20688-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 These three functions follow the same pattern. To deduplicate the code, let's introduce a common helper __kmemdup_nul(). Suggested-by: Andrew Morton Signed-off-by: Yafang Shao Cc: Simon Horman Cc: Matthew Wilcox Cc: Alejandro Colomar Reviewed-by: Alejandro Colomar Signed-off-by: Alejandro Colomar --- mm/util.c | 68 ++++++++++++++++++++++--------------------------------- 1 file changed, 27 insertions(+), 41 deletions(-) diff --git a/mm/util.c b/mm/util.c index 9a77a347c385..42714fe13e24 100644 --- a/mm/util.c +++ b/mm/util.c @@ -45,33 +45,41 @@ void kfree_const(const void *x) EXPORT_SYMBOL(kfree_const); /** - * kstrdup - allocate space for and copy an existing string - * @s: the string to duplicate + * __kmemdup_nul - Create a NUL-terminated string from @s, which might be unterminated. + * @s: The data to copy + * @len: The size of the data, not including the NUL terminator * @gfp: the GFP mask used in the kmalloc() call when allocating memory * - * Return: newly allocated copy of @s or %NULL in case of error + * Return: newly allocated copy of @s with NUL-termination or %NULL in + * case of error */ -noinline -char *kstrdup(const char *s, gfp_t gfp) +static __always_inline char *__kmemdup_nul(const char *s, size_t len, gfp_t gfp) { - size_t len; char *buf; - if (!s) + /* '+1' for the NUL terminator */ + buf = kmalloc_track_caller(len + 1, gfp); + if (!buf) return NULL; - len = strlen(s) + 1; - buf = kmalloc_track_caller(len, gfp); - if (buf) { - memcpy(buf, s, len); - /* During memcpy(), the string might be updated to a new value, - * which could be longer than the string when strlen() is - * called. Therefore, we need to add a NUL termimator. - */ - buf[len - 1] = '\0'; - } + memcpy(buf, s, len); + /* Ensure the buf is always NUL-terminated, regardless of @s. */ + buf[len] = '\0'; return buf; } + +/** + * kstrdup - allocate space for and copy an existing string + * @s: the string to duplicate + * @gfp: the GFP mask used in the kmalloc() call when allocating memory + * + * Return: newly allocated copy of @s or %NULL in case of error + */ +noinline +char *kstrdup(const char *s, gfp_t gfp) +{ + return s ? __kmemdup_nul(s, strlen(s), gfp) : NULL; +} EXPORT_SYMBOL(kstrdup); /** @@ -106,19 +114,7 @@ EXPORT_SYMBOL(kstrdup_const); */ char *kstrndup(const char *s, size_t max, gfp_t gfp) { - size_t len; - char *buf; - - if (!s) - return NULL; - - len = strnlen(s, max); - buf = kmalloc_track_caller(len+1, gfp); - if (buf) { - memcpy(buf, s, len); - buf[len] = '\0'; - } - return buf; + return s ? __kmemdup_nul(s, strnlen(s, max), gfp) : NULL; } EXPORT_SYMBOL(kstrndup); @@ -192,17 +188,7 @@ EXPORT_SYMBOL(kvmemdup); */ char *kmemdup_nul(const char *s, size_t len, gfp_t gfp) { - char *buf; - - if (!s) - return NULL; - - buf = kmalloc_track_caller(len + 1, gfp); - if (buf) { - memcpy(buf, s, len); - buf[len] = '\0'; - } - return buf; + return s ? __kmemdup_nul(s, len, gfp) : NULL; } EXPORT_SYMBOL(kmemdup_nul); From patchwork Wed Aug 28 03:03:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13780416 X-Patchwork-Delegate: paul@paul-moore.com Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A7B23AC2B; Wed, 28 Aug 2024 03:04:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814274; cv=none; b=V9twv6n9sy8lRh/0988qSnCEQTuoT7SJzS04F6ibAR+0IKB202Bv95ocRvQ26nP8ybOTGIrXwMyrlKIRhPGORJrOx+iR3pQfbSU0DnuFoJIa7V096ByXYfS7aJZNvx1jEDmstiKdSiExsKz0YPrg09MEAMdOP4YB3ZsA7dloUAs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814274; c=relaxed/simple; bh=Q/ccAtoYqO3u8X9Ue4dTvCxK0m9BnFNMdv5kHBNaFRc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=MXckLI0Qo8PrkOulT7oju8M40JPs6X8EV0azlYeSmTVHB5KoL48Fx77ogsgirrkLUB/HTa2m9rb2TuMkzxPyhwBHVmV/EqswzTTjZriZzMMmjbhRZprto5+Mzw7D5mholegDeZoc2bQKOgptlwBjQHg6/CceCU3GiiPP2mpGHU8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=nW23865s; arc=none smtp.client-ip=209.85.216.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nW23865s" Received: by mail-pj1-f49.google.com with SMTP id 98e67ed59e1d1-2d1daa2577bso4809878a91.2; Tue, 27 Aug 2024 20:04:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724814272; x=1725419072; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XVdwfZoyZWde9aSN6zhMbNNaJxIyi5X3Dr8kaez296Q=; b=nW23865sF0/mBeLQHD04jNVipIxIWlvO5TODsVQNNTPgUnsVDsHUZaQylUA11cUGSF LoAKb3GBjtTFzje86c1TWIqTVJBO8XOiCk0LO9GRqYGGFLret7XLss6cIgG9OTRsU1pE diMWZa8GDvQsP7kwXhO78crl9pKtR5cUsFl6N4pjbV9lghJTU+oPnshrH995Tcc4CwsK Lf/3LO+i0aSYLrZlonlnJdiQUaBK1mhbaiPjIvvDFHQgh/ONnjEzrZ6urDHu7bLrBupI LgKfAC/KwR0VKexV4E4vkwju8JMrfTWIHPepB9T1bWnn39caeSlnsRogB3pxvzmh7gc3 kweQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724814272; x=1725419072; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XVdwfZoyZWde9aSN6zhMbNNaJxIyi5X3Dr8kaez296Q=; b=NAXiVyeiRB5PftoduwVYDWkoEPgrUv3sayifAa8sJiC/7iQnJxnAxFxmZNi7MRm8Ho mWeZGG9sd7UEY72tUZ4wFXKImQOITQCajWWXLIU5bycYWBqrix3K8sxIPoZ9Sq/GsnRd LMj+obacFrwPcFTAjabyHE1tQzBXsYIkms8pxcSmFO1lhqrYXN3vYi1mhB/rLjELl9yr 53/3twk3BiAd5VdAkLLRWA0BjFiKS72rXbGAjyKDkZ+hwhpM9c4av2A6LjVc2pf3R1PF XPNTmSjK7+wc9cqzv/4m3NoVcjRESMsoQv6pJv2z4OWbbzLFrcs/pmXmChwLyPslL6eX w5lQ== X-Forwarded-Encrypted: i=1; AJvYcCUn8ZvsRLsYXcU7VACNNFdq1rEA5CLZRaZ2AACLkm9e0T40WnoQ8HTnzqz63J4eopMBS00g/XQMqw==@vger.kernel.org, AJvYcCV1hX5U9OK+XcxWXrSQTOWl6Lwdo+2EFn+dIY+sPvit1YZIzTbtd9mQdi9ZMoKuSo+9VQ/L3LtEkPDJ2y7kurifYNxW@vger.kernel.org, AJvYcCV972f1v5rYqE6xpwL42EXDoOmXIisEwDE1ufR1npdp8U67mvCf+j8NQHJv4FNz58Zi5YwvTbEx@vger.kernel.org, AJvYcCVa7MYA+fMEZ8A3x/RNAw0+fu2Oc1SS/cll50pMucqzOQBH2UD23DSqwoK41eVNksSOizqPLdswryZomfeyQg==@vger.kernel.org, AJvYcCXIzGD2abXQIW5PiiesqQ6u/u93npEwlgwXJc//YnQpVQ6zFJQQArWgUJUM+Jd9wHhOgYz1Vw==@vger.kernel.org, AJvYcCXboPl0wP1CxULId4IfzvLJ+OS4LFGv5yeapCzFpoJBuI8I65FdSSEcUbO7b/4hBvd2mLtD@vger.kernel.org, AJvYcCXhmJizTNzz2lsDqkBjGtf1vVZOf1tL4Zf0j+8S+B0fnbWuZP1JF1dYKYtHCzeoOAeIDzshizMHHKEjfF2G8gPB4QA9vYPl@vger.kernel.org X-Gm-Message-State: AOJu0Yw3Zwfm2tMdcwzWtt8UaVNB+Mc6n0M+Uvkw3nBm1IAePSLl2T6r eP405Haqb/Uje8tZRa3KzJJWZE5BfFNxxoC6QzpYfXnAuzXMLwiZ X-Google-Smtp-Source: AGHT+IFb9q9yq9VVSwLC6AkI1/p1bhkyyRxy6O/7jYlaHznbpdfEJAgSG3Tzmhmlf5xXUEBbcGAPmA== X-Received: by 2002:a17:90b:356:b0:2c9:61f9:a141 with SMTP id 98e67ed59e1d1-2d646bf605amr17374556a91.16.1724814272564; Tue, 27 Aug 2024 20:04:32 -0700 (PDT) Received: from localhost.localdomain ([39.144.104.43]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8445db8f6sm317977a91.1.2024.08.27.20.04.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2024 20:04:32 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , "David S. Miller" , David Ahern , Eric Dumazet , Jakub Kicinski , Paolo Abeni Subject: [PATCH v8 7/8] net: Replace strcpy() with strscpy() Date: Wed, 28 Aug 2024 11:03:20 +0800 Message-Id: <20240828030321.20688-8-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240828030321.20688-1-laoar.shao@gmail.com> References: <20240828030321.20688-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To prevent errors from occurring when the src string is longer than the dst string in strcpy(), we should use strscpy() instead. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Cc: "David S. Miller" Cc: David Ahern Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Reviewed-by: Justin Stitt --- net/ipv6/ndisc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index b8eec1b6cc2c..cf7c36463b33 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c @@ -1944,7 +1944,7 @@ static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl, static char warncomm[TASK_COMM_LEN]; static int warned; if (strcmp(warncomm, current->comm) && warned < 5) { - strcpy(warncomm, current->comm); + strscpy(warncomm, current->comm); pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", warncomm, func, dev_name, ctl->procname, From patchwork Wed Aug 28 03:03:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13780417 X-Patchwork-Delegate: paul@paul-moore.com Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B13CC1332A1; Wed, 28 Aug 2024 03:04:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.45 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814285; cv=none; b=gttHFE7SjeWAZ9bwyuVy4YuBmdjcOMXkNZFxQCGBzsJnCnH4XOhAhY76wglzrrL5i77sr4FrWpqByJCaueNW+PajDQJPWnE5zkIqHla3TaAFTESZOpBw4XAmzhE2qjEBe0RUe2u6MyUi/ou0wXDpoifaGohmq5gA7AK1osNSalc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724814285; c=relaxed/simple; bh=iqRY1P34qqoNfGxtLuvfxUNzgKq34JOZhG+axK8tdYs=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=o3a99nFEzVdjc5n5gwq6oplLYyPEXwLrvJI+77i4njMPKaIV+FS1xNnG7neNcB4Rk5DCXconwRQ0fzUTgFMkVOuczcySUVgXK+u7gA+Lw/ChyKmWrNntdBS4HY0bpRIVeggv23Z5EM40Ps1Bqh2nIKrnR0hY0qFeG+T0f2U8i+c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=e81pcOe8; arc=none smtp.client-ip=209.85.216.45 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="e81pcOe8" Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-2d3e44b4613so4566704a91.3; Tue, 27 Aug 2024 20:04:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1724814283; x=1725419083; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8OBLeQ9F541pwxbn8dEubiWANdxJtGv9ekHxWl5Hwac=; b=e81pcOe8iwoPu+A0y/ykVmzG0XbGCoDPD3x1pK4ijYyA38MjqT5iPwWGRTo3gMouOq fORnaPq1otZXtBwWkq6Hl5NO+84dnKiddILYgBVsGXBY4EalgGUqZgR/ZseHbEUrJ+sW 0UeGYOkLTOolfvWyKFTtJWF0KXvyN/pA2LOMU3MWc0WGl/Pif7uoAOhZLXC5mhOG97xv FXfCd8jf9xyTlhxinjyfDqJH4iRSnQ2YUT3w48Cu0LeiPyLMLpJ6UD3/Ws2i+XMUxZ1/ /gZE3UV/fnsBmQBRrMKUAoVH26uISzrqxOOaSN7oPIzio093HFzDzG0dhUczUhiA1n/+ g7cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724814283; x=1725419083; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8OBLeQ9F541pwxbn8dEubiWANdxJtGv9ekHxWl5Hwac=; b=hDv8YGuMVd3hIa16OeVDea+XUEnulFDjScHhfTN7+SQ0rRuXNf6yVxXAvZmfrkYs0Z 1oIKGUUf5HyqU9Y8o5Q/AsBt6crDazMBTLnOljjV6K1fZYuooLWlLV9FW2BKl1AFNFXj UUfb0zrlQNSEjymlFyB5JhPmEKwMyq9haVRDt3xRL835YyoWvMjaRhulYbe/6fQ7imXP FBFIWf/iboK1lk8d2033BwAdKJJDO/zqC5Si632J4jTKCzZXNXrZJEbmYfAlU3FLmDhU NUpLT+BLe6btCQmcyuKclq6h9kbUQJ+bqq8h69uLb8JMH54nm7aUnyqwrqD4hzSES81i Cz0Q== X-Forwarded-Encrypted: i=1; AJvYcCU7RXAn3SnBWchTm7cn5EACoxvazW6Mqj080VvMqbhgiSDMt8T4AB13qM8lKjNLawF7ok2YKzkl9qC61VrjwQ==@vger.kernel.org, AJvYcCUDBo+MRnxSMM0hfY91EbCw3LBnVHv3pmsgOsqskFJ+M5i1tyPdeL06N/xBJFVIdDIboencYbas2w==@vger.kernel.org, AJvYcCUsg43SnC9LJHdmCikaBq7/Y2xDKt+mhIaLvx0+3TXyQhMBmIj2Dzhzh4K2Xu/xcQ91xrb2bQ==@vger.kernel.org, AJvYcCV7IeGckOCnWGu66drMWPaX6HZpP68TZq20DWo5WHVZgms+bYtrQm0ztOw12G3fgWIhOJ61FIwiSI/ufub1kO2GRN7b@vger.kernel.org, AJvYcCWBpfYGuGnH6MpDGW44zEVVIoZJe8zIF5/FbkocG3p3gNVQpRDcwg3gJtHPJ2+3z0eKFS9tjE67@vger.kernel.org, AJvYcCWz4aNoDo85wLpuY6ffxsyKkngAAl0YMzIw8jESsnMc1yyMTCjrDQ5v+mIydtykQKihoIKw@vger.kernel.org, AJvYcCXIkqS7k9zP01l+YsqGIS5eFOEG/Hzk7/dDbSX47YaRmXV3dyw5GaAcS/eIWyaZuHmnRlmM0xA2D7Q3gABPZSdOxhGP5Kha@vger.kernel.org X-Gm-Message-State: AOJu0Yz9HGif0oSVAktneJr8j+554uz8Cw/5v+1VmErWHm5pSXcmBbkB uehyLe2fTHpFwGR+bL+0vSGteML7kLWDKNPtwRovks38N+3SmSGy X-Google-Smtp-Source: AGHT+IG9WCG/sJqfIUmD5L1QkWASIgz28eaxuJrS0TfQtB7xTFo8bkGI6Rj777tc/95CgBuyWlEpcw== X-Received: by 2002:a17:90b:390e:b0:2c8:e888:26a2 with SMTP id 98e67ed59e1d1-2d646bcd147mr17296354a91.13.1724814282792; Tue, 27 Aug 2024 20:04:42 -0700 (PDT) Received: from localhost.localdomain ([39.144.104.43]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2d8445db8f6sm317977a91.1.2024.08.27.20.04.32 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2024 20:04:42 -0700 (PDT) From: Yafang Shao To: akpm@linux-foundation.org Cc: torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Yafang Shao , Daniel Vetter , Maarten Lankhorst , Maxime Ripard , Thomas Zimmermann , David Airlie Subject: [PATCH v8 8/8] drm: Replace strcpy() with strscpy() Date: Wed, 28 Aug 2024 11:03:21 +0800 Message-Id: <20240828030321.20688-9-laoar.shao@gmail.com> X-Mailer: git-send-email 2.30.1 (Apple Git-130) In-Reply-To: <20240828030321.20688-1-laoar.shao@gmail.com> References: <20240828030321.20688-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 To prevent erros from occurring when the src string is longer than the dst string in strcpy(), we should use strscpy() instead. This approach also facilitates future extensions to the task comm. Signed-off-by: Yafang Shao Acked-by: Daniel Vetter Cc: Maarten Lankhorst Cc: Maxime Ripard Cc: Thomas Zimmermann Cc: David Airlie Reviewed-by: Justin Stitt --- drivers/gpu/drm/drm_framebuffer.c | 2 +- drivers/gpu/drm/i915/i915_gpu_error.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/drm_framebuffer.c b/drivers/gpu/drm/drm_framebuffer.c index 888aadb6a4ac..2d6993539474 100644 --- a/drivers/gpu/drm/drm_framebuffer.c +++ b/drivers/gpu/drm/drm_framebuffer.c @@ -868,7 +868,7 @@ int drm_framebuffer_init(struct drm_device *dev, struct drm_framebuffer *fb, INIT_LIST_HEAD(&fb->filp_head); fb->funcs = funcs; - strcpy(fb->comm, current->comm); + strscpy(fb->comm, current->comm); ret = __drm_mode_object_add(dev, &fb->base, DRM_MODE_OBJECT_FB, false, drm_framebuffer_free); diff --git a/drivers/gpu/drm/i915/i915_gpu_error.c b/drivers/gpu/drm/i915/i915_gpu_error.c index 96c6cafd5b9e..afa9dae39378 100644 --- a/drivers/gpu/drm/i915/i915_gpu_error.c +++ b/drivers/gpu/drm/i915/i915_gpu_error.c @@ -1412,7 +1412,7 @@ static bool record_context(struct i915_gem_context_coredump *e, rcu_read_lock(); task = pid_task(ctx->pid, PIDTYPE_PID); if (task) { - strcpy(e->comm, task->comm); + strscpy(e->comm, task->comm); e->pid = task->pid; } rcu_read_unlock();