From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=AeVH=PN=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DB73AC433EF
	for <linux-mm@archiver.kernel.org>; Mon, 25 Oct 2021 21:09:00 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 8A7C16108C
	for <linux-mm@archiver.kernel.org>; Mon, 25 Oct 2021 21:09:00 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8A7C16108C
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 1A7C7940008; Mon, 25 Oct 2021 17:09:00 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 18080940007; Mon, 25 Oct 2021 17:09:00 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 04AE6940008; Mon, 25 Oct 2021 17:08:59 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0069.hostedemail.com [216.40.44.69])
	by kanga.kvack.org (Postfix) with ESMTP id E92D0940007
	for <linux-mm@kvack.org>; Mon, 25 Oct 2021 17:08:59 -0400 (EDT)
Received: from smtpin40.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id ACFDD30159
	for <linux-mm@kvack.org>; Mon, 25 Oct 2021 21:08:59 +0000 (UTC)
X-FDA: 78736199598.40.6443E05
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171])
	by imf23.hostedemail.com (Postfix) with ESMTP id ED8D89000093
	for <linux-mm@kvack.org>; Mon, 25 Oct 2021 21:08:51 +0000 (UTC)
Received: by mail-pl1-f171.google.com with SMTP id z11so856805plg.8
        for <linux-mm@kvack.org>; Mon, 25 Oct 2021 14:08:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=poLGG9S+mf5XQ/yz4q57CrTw5wKhA6/+9va9QkjuAvg=;
        b=a0ZVOQhPb030zLbcmC9f4zSVxc0zTc6ElOubuzQwisrkF6vA7Zzgg2w+5d1eHi5oz5
         DhF3soqW3IPQwH0ga0vF9zPp4eJ6Xhg8luXinN7ypGwUAA/emUHJoyb+lMwZQDfAMFuh
         IYoCojDm1v82gvLyOdRsOd0z96c5DPkHcgYIw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=poLGG9S+mf5XQ/yz4q57CrTw5wKhA6/+9va9QkjuAvg=;
        b=gp7OPf7VJTXG0SZo+v2MHG5zZQ8UA/h1/U9oZxt0d0yvpZzzE+BeWKWEwO1qZII+bN
         bXI7GuhPNjJ6ARQlxfRxsbv4IX3k00pVa8NDCZnPPIzuCfK430FrVKw3vc/MkxH3DKvd
         +aFp6uz0W9J6ZO0iORiaoBlH0hWzCWspO2tzo/Voxs+A3mun1kqvq6gPdbLO9lAAE1gZ
         zFXcA6wBBL/ro0YNbZJHg7BV/RgFSB9aeBt55gbvbHFEdcn0KWFZ1dkS/cnF7U7ncbE4
         q+YAdlBGdiZJUKXTBPsdXb+s6RIFHYtNM0GeHmJulhS/hxa+NpV5FAOBtbny5roMU9Sv
         ddlQ==
X-Gm-Message-State: AOAM530GF4GqEJzEFKmoJ96QulnnwJ32mkpsGrHVUqBKm4iidpG5+eeo
	MssmZYOsi4eo/yamknN4PVDYKw==
X-Google-Smtp-Source: ABdhPJxIbyBEZZU8qon/3sXF/Ha0M7vmc/NXiFfHSLsaGzp0MdqqweQ+YxlPpa2ydt+gluSp4zi30w==
X-Received: by 2002:a17:90a:af93:: with SMTP id w19mr39184637pjq.10.1635196138400;
        Mon, 25 Oct 2021 14:08:58 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id h19sm22908045pfv.81.2021.10.25.14.08.57
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 25 Oct 2021 14:08:58 -0700 (PDT)
Date: Mon, 25 Oct 2021 14:08:57 -0700
From: Kees Cook <keescook@chromium.org>
To: Yafang Shao <laoar.shao@gmail.com>
Cc: akpm@linux-foundation.org, rostedt@goodmis.org,
	mathieu.desnoyers@efficios.com, arnaldo.melo@gmail.com,
	pmladek@suse.com, peterz@infradead.org, viro@zeniv.linux.org.uk,
	valentin.schneider@arm.com, qiang.zhang@windriver.com,
	robdclark@chromium.org, christian@brauner.io,
	dietmar.eggemann@arm.com, mingo@redhat.com, juri.lelli@redhat.com,
	vincent.guittot@linaro.org, davem@davemloft.net, kuba@kernel.org,
	ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
	kafai@fb.com, songliubraving@fb.com, yhs@fb.com,
	john.fastabend@gmail.com, kpsingh@kernel.org,
	dennis.dalessandro@cornelisnetworks.com,
	mike.marciniszyn@cornelisnetworks.com, dledford@redhat.com,
	jgg@ziepe.ca, linux-rdma@vger.kernel.org, netdev@vger.kernel.org,
	bpf@vger.kernel.org, linux-perf-users@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
	linux-kernel@vger.kernel.org, oliver.sang@intel.com, lkp@intel.com,
	Andrii Nakryiko <andrii.nakryiko@gmail.com>
Subject: Re: [PATCH v6 02/12] fs/exec: make __get_task_comm always get a nul
 terminated string
Message-ID: <202110251408.2E661E70BC@keescook>
References: <20211025083315.4752-1-laoar.shao@gmail.com>
 <20211025083315.4752-3-laoar.shao@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20211025083315.4752-3-laoar.shao@gmail.com>
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: ED8D89000093
X-Stat-Signature: 3yhdq546cqk8uzorw1cytzd889ms3j6i
Authentication-Results: imf23.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=a0ZVOQhP;
	spf=pass (imf23.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.171 as permitted sender) smtp.mailfrom=keescook@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
X-HE-Tag: 1635196131-226279
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Oct 25, 2021 at 08:33:05AM +0000, Yafang Shao wrote:
> If the dest buffer size is smaller than sizeof(tsk->comm), the buffer
> will be without null ternimator, that may cause problem. We can make sure
> the buffer size not smaller than comm at the callsite to avoid that
> problem, but there may be callsite that we can't easily change.
> 
> Using strscpy_pad() instead of strncpy() in __get_task_comm() can make
> the string always nul ternimated.
> 
> Suggested-by: Kees Cook <keescook@chromium.org>
> Suggested-by: Steven Rostedt <rostedt@goodmis.org>
> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
> Cc: Arnaldo Carvalho de Melo <arnaldo.melo@gmail.com>
> Cc: Andrii Nakryiko <andrii.nakryiko@gmail.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Steven Rostedt <rostedt@goodmis.org>
> Cc: Al Viro <viro@zeniv.linux.org.uk>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Petr Mladek <pmladek@suse.com>
> ---
>  fs/exec.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/exec.c b/fs/exec.c
> index 404156b5b314..bf2a7a91eeea 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -1209,7 +1209,8 @@ static int unshare_sighand(struct task_struct *me)
>  char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk)
>  {
>  	task_lock(tsk);
> -	strncpy(buf, tsk->comm, buf_size);
> +	/* The copied value is always null terminated */

This may could say "always NUL terminated and zero-padded"

> +	strscpy_pad(buf, tsk->comm, buf_size);
>  	task_unlock(tsk);
>  	return buf;
>  }
> -- 
> 2.17.1
> 

But for the replacement with strscpy_pad(), yes please:

Reviewed-by: Kees Cook <keescook@chromium.org>


-- 
Kees Cook