From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16C7AD49771 for ; Sun, 1 Dec 2024 14:17:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D51436B0082; Sun, 1 Dec 2024 09:17:22 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D020F6B0083; Sun, 1 Dec 2024 09:17:22 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BC8746B0085; Sun, 1 Dec 2024 09:17:22 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 9FBBC6B0082 for ; Sun, 1 Dec 2024 09:17:22 -0500 (EST) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 02596C1000 for ; Sun, 1 Dec 2024 14:17:21 +0000 (UTC) X-FDA: 82846592262.25.C8CA212 Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by imf25.hostedemail.com (Postfix) with ESMTP id 4BFB0A0854 for ; Sun, 1 Dec 2024 14:17:12 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HOtUuIMd; spf=pass (imf25.hostedemail.com: domain of brauner@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733062628; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DW/QXEmUgr6UqseKhqogR6tgVzMTWirKj+ykPVqRH20=; b=vqTNglZevWproU8PoZAbM+ZXPIK4bAiATzpXc6TGvwW4L8X0gU2t3RYeael3uqgUmj+lYg cUSI1g7kqAd/oYvFHIukI3vGMB8dPEImTFJ5i7PL28ZFNE52q3g9vcSmpS7HskBunrvL7q wh+c7Z+iMuxe1Z/NhHb3EKsR1qABDN8= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=HOtUuIMd; spf=pass (imf25.hostedemail.com: domain of brauner@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=brauner@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733062628; a=rsa-sha256; cv=none; b=reruWO7OIe5gi75lT+3K+EqDwlZsZntJZT8kt4FQdsWngEqMefVOVp0B7QI1j0bLkZfWQn dBVIB1phzck1/qSwD7gWtLZrWR+o8g50z/FuVTARUfSDuiKkCrkymnMi5n7KRwW/BuhFRA XUGC/LXlsHObZXQGvs1ZCwvHmGRE7Gg= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id A7C24A401B4; Sun, 1 Dec 2024 14:15:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DE64AC4CECF; Sun, 1 Dec 2024 14:17:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1733062638; bh=DrUsAqQ1VrrITAmnB41RxEst13PDZyHTTGTu987L3I4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=HOtUuIMdEEw18pth+jDSDXBhMnHYQV3c2/DFCEfBfNjvCipuNZVg+ugdDAp69fWZF epvlPebS+SFeG9qNVTlgj89hCHlXQnRQeM095gK5AYX6epWSuwpWb6weIjk9FX4XG/ 3Y+5plX7utoay2eD1LKNH6u8fxqWKWf7y6Zdh+b3Ftvhu51+rHhdfPfUMFSb0WV71E 0LWycyytBlD71Qm5nk1Q1F2tQo5aaBNlUCXT5W+a9n/z8MrVgRlE3e9pDKfEUJcNTL KRiXrC7dtrl4rnY8YD8LnAyVnb8U8rygRCRnuq5rG4DJcmXfWxaxubf+FQXa4tdQxN 3sUH+M+K+h6yA== Date: Sun, 1 Dec 2024 15:17:13 +0100 From: Christian Brauner To: Linus Torvalds Cc: Kees Cook , Al Viro , Zbigniew =?utf-8?Q?J=C4=99drzejewski-Szmek?= , Tycho Andersen , Aleksa Sarai , Eric Biederman , Jan Kara , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: Re: [PATCH] exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case Message-ID: <20241201-konglomerat-genial-c1344842c88b@brauner> References: <20241130045437.work.390-kees@kernel.org> <20241130-ohnegleichen-unweigerlich-ce3b8af0fa45@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 4BFB0A0854 X-Rspam-User: X-Stat-Signature: mnpmu65j5obb91awyoiuctwie8so8rbf X-HE-Tag: 1733062632-567486 X-HE-Meta: U2FsdGVkX183dHVrXehfsLFE72VCqXaxgszjEKXI4Zz1xOf9TInux7TR5DasSvSPEgRfx4SvEHwjNfDWVIu/TwOHpcMc9XSc5mdMGyYXOQLJFefyyHkuFUNEIFFOVBDsNAgma5Jvxk74DsGtwxCKTUtvUvHl5qk92Q0Vq0j22Pematfr4OWWMYPe5Zs6pu2z5ZYVT7e3qp507B5lECOrnVUv9k+vZie2n4uOj/KtCKxAisphMt7KOUD4y/FuKY+yjUAE0u1gTTQt0Qe/Qb4IOTkD6DYgOb4SncrE1WIQfdNL8lJsDlukUgDmtjqiE8Jh/xK0GzIc72S/FhH2KoecJwXFhpp5TIfaun3u9SVkw827P2rTa+gA/lv5atw03d+R5udeCHeIzXrQrgRWSuvBCkJEI1Y/utUMaQKodajv1ydtl946vfB168HhfBINs/Z3AiBPOoxYkoQeIT+aTJqJp5UMvb3KrLy9qL9J+FSZpNtsi7GNRuTnncB7lRijDIx0e4BrKaKKB7NaA1RCmgbcESmOPMPUVM0ep2DbfzkVoZjkseWSxkYwXMQWjK3QpuByAgnNaaH4Got6skNu5iM2aFpktUFV9Ujx/qZjbtn4DQK2LoJjSW8aWl01M0tv3vkmBr9SfIRo/EkAZjc60VtLkf/VRqo/Jrv9ei6SKLlW5ILaRGS8SWxiVIzGbtYuVw9jaA8T/8qNneXG4mfmylHFITr6q8F7ctkmJx158az3+ennqKPq4elKSYkzbx6hwgqxwjcFWe9Sf/steST8v2cPkEcU2or/Tu8YK8lHkuHZtOVHyWCQqTrsYumPqwn8/BJ4/upUqifPbvxUa43Wp/Mqw/FZbI+Xq+3R3Bz1y6WCCWQ1aS4l/5zSgEVlbeW2kSGCF03/t4/1GQKzZuK5qks8HHyGvd21gdudETX6PclrJjujh7y3kNe96sNcIlrh2uxRPqacIp/tURbva06N6Jg EQsBAwXa P/jo9YAjtdxI0F1xgoF1K3M2k9x+AVj22Iv+FP01HlO9qwZoWpOm3kVBZTqkUyH675j5aldEAo1IZt8b9CbJsdtmBWwP8ssRIKyE/XInpEW11F9EQ6vw9w/etSZgN2sM9XTgdcxJl+3yY7iexF1pWjra0oIIVNp1ZUDAm8muATRbM4ltmvNGCBODp1qn32z9EP4AxcmPsdbM1Mzq1gsFT4lFmzeJFLTNaW5TTNki8Wpygm1OeTBDfo7eksvjEFTXQ0eqVOWMbGS8pmpbAseYs/tI3bN/zE9bkvXaCqt/v8/QVvC1kJUE1trSRdYMPVXUqNNLeV8wBe5TSrN1m/Di+ePkR5aiP/sTAbLKJRTOZnpD9iHSKDl4973iJAQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Nov 30, 2024 at 10:02:38AM -0800, Linus Torvalds wrote: > On Sat, 30 Nov 2024 at 04:30, Christian Brauner wrote: > > > > What does the smp_load_acquire() pair with? > > I'm not sure we have them everywhere, but at least this one at dentry > creation time. > > __d_alloc(): > /* Make sure we always see the terminating NUL character */ > smp_store_release(&dentry->d_name.name, dname); /* ^^^ */ > > so even at rename time, when we swap the d_name.name pointers > (*without* using a store-release at that time), both of the dentry > names had memory orderings before. > > That said, looking at swap_name() at the non-"swap just the pointers" > case, there we do just "memcpy()" the name, and it would probably be > good to update the target d_name.name with a smp_store_release. > > In practice, none of this ever matters. Anybody who uses the dentry > name without locking either doesn't care enough (like comm[]) or will > use the sequence number thing to serialize at a much higher level. So > the smp_load_acquire() could probably be a READ_ONCE(), and nobody > would ever see the difference. Right now it's confusing. So no matter if we do READ_ONCE() or smp_load_acquire() there'd please be a comment explaing why so we don't pointlessly leave everyone wondering about that barrier. /* * Hold rcu lock to keep the name from being freed behind our back. * Use cquire semantics to make sure the terminating NUL from * __d_alloc() is seen. * * Note, we're deliberately sloppy here. We don't need to care about * detecting a concurrent rename and just want a sensible name. */ rcu_read_lock(); __set_task_comm(me, smp_load_acquire(&file_dentry(bprm->file)->d_name.name), true); rcu_read_unlock(); or something better.