Re: [PATCH 1/6] fs/exec: Drop task_lock() inside __get_task_comm()
From: Alexei Starovoitov <hidden>
Date: 2024-06-10 23:01:46
Also in:
bpf, linux-fsdevel, linux-mm, linux-security-module, selinux
Possibly related (same subject, not in this thread)
- 2024-06-05 · Re: [PATCH 1/6] fs/exec: Drop task_lock() inside __get_task_comm() · Yafang Shao <hidden>
- 2024-06-04 · Re: [PATCH 1/6] fs/exec: Drop task_lock() inside __get_task_comm() · Matus Jokay <hidden>
- 2024-06-04 · Re: [PATCH 1/6] fs/exec: Drop task_lock() inside __get_task_comm() · Matus Jokay <hidden>
- 2024-06-03 · Re: [PATCH 1/6] fs/exec: Drop task_lock() inside __get_task_comm() · Yafang Shao <hidden>
- 2024-06-02 · Re: [PATCH 1/6] fs/exec: Drop task_lock() inside __get_task_comm() · Linus Torvalds <torvalds@linux-foundation.org>
On Mon, Jun 10, 2024 at 5:34 AM Eric W. Biederman [off-list ref] wrote:
Alexei Starovoitov [off-list ref] writes:quoted
On Sun, Jun 2, 2024 at 10:53 AM Eric W. Biederman [off-list ref] wrote:quoted
If you are performing lockless reads and depending upon a '\0' terminator without limiting yourself to the size of the buffer there needs to be a big fat comment as to how in the world you are guaranteed that a '\0' inside the buffer will always be found.I think Yafang can certainly add such a comment next to __[gs]et_task_comm. I prefer to avoid open coding memcpy + mmemset when strscpy_pad works.Looking through the code in set_task_comm strscpy_pad only works when both the source and designation are aligned. Otherwise it performs a byte a time copy, and is most definitely susceptible to the race I observed.
Byte copy doesn't have an issue either. Due to padding there is always a zero there. Worst case in the last byte. So dst buffer will be zero terminated.