From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 535D6C3DA6D
	for <linux-mm@archiver.kernel.org>; Fri, 23 May 2025 09:40:12 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id E3A9E6B00BF; Fri, 23 May 2025 05:40:11 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id DEB586B00C1; Fri, 23 May 2025 05:40:11 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D00616B00CD; Fri, 23 May 2025 05:40:11 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id B32346B00BF
	for <linux-mm@kvack.org>; Fri, 23 May 2025 05:40:11 -0400 (EDT)
Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id 30790C1EE5
	for <linux-mm@kvack.org>; Fri, 23 May 2025 09:40:11 +0000 (UTC)
X-FDA: 83473676622.13.3E87AA7
Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46])
	by imf22.hostedemail.com (Postfix) with ESMTP id 4F785C000A
	for <linux-mm@kvack.org>; Fri, 23 May 2025 09:40:09 +0000 (UTC)
Authentication-Results: imf22.hostedemail.com;
	dkim=pass header.d=linaro.org header.s=google header.b="mz7V/Uo2";
	spf=pass (imf22.hostedemail.com: domain of dan.carpenter@linaro.org designates 209.85.221.46 as permitted sender) smtp.mailfrom=dan.carpenter@linaro.org;
	dmarc=pass (policy=none) header.from=linaro.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1747993209;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:dkim-signature;
	bh=PmM7wl7FfXANU3+HoiZcpwWBrDC/gYVSs/BA58caBms=;
	b=hgmogj9up8B3WiVK01Lv16XNp+vETfRLREIDRkLaWfcwhEfH3BkZfLUuYgoYcCsdULDge+
	RaImh+IFG9ZDqmPn7gF2wctt9R9z2UiSDUosHbXgwygdjTkRjRnqejhSjcqdou8xLLC7Uc
	mTfpcVMWQy2gXX+vUZkCEVHfhSSxnQs=
ARC-Authentication-Results: i=1;
	imf22.hostedemail.com;
	dkim=pass header.d=linaro.org header.s=google header.b="mz7V/Uo2";
	spf=pass (imf22.hostedemail.com: domain of dan.carpenter@linaro.org designates 209.85.221.46 as permitted sender) smtp.mailfrom=dan.carpenter@linaro.org;
	dmarc=pass (policy=none) header.from=linaro.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1747993209; a=rsa-sha256;
	cv=none;
	b=I0NvprTWY3JAk8+Gla8ln/IuyD1+blhlPDOg1ca4nDKAIP8T1VWwBPghqD4SvGPlFUoyzF
	dtPQwodRPmNbZ9NpGIR9JHIDMyJivfssGFE5abp6qVmQmohtxFeFxn+yAnnysqgrV44Zpl
	8hRxL2e3ja6frli62vs4zA8fin3YkNA=
Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-3a36748920cso6060582f8f.2
        for <linux-mm@kvack.org>; Fri, 23 May 2025 02:40:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google; t=1747993208; x=1748598008; darn=kvack.org;
        h=in-reply-to:content-disposition:mime-version:message-id:subject:cc
         :to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=PmM7wl7FfXANU3+HoiZcpwWBrDC/gYVSs/BA58caBms=;
        b=mz7V/Uo2Pix1Q2C4gMXo8ZzQS2OlmKMJMrs7zOOFIah32jdh9ZyMRovvJ5pxFZqyUL
         OjfzLms+MJaaxJQnsTpLJxUO+nlCG4rN3vHjga/Q6Xx+icUEDB5L9SxtUtwWKyMkJ1os
         RYs3UaQz0hMt36rcHouCy5p7nVWyI1CTjO2VhaX2YJObzgK8PQ8nNUzYG377kE20+4IV
         3J1M0Rpl6zEVVXSpCTUwZHi8UHeE9JU62NbbpPALwdwP/G8R5pwEXjiW8N+fw+hI0TUD
         14UlfWVi30bOrOhF+jcOYsqd8Nn/tkHl+WOuTpxqYWDHVrh52Yk2cmKY+DmtIM8qVwyA
         FnJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1747993208; x=1748598008;
        h=in-reply-to:content-disposition:mime-version:message-id:subject:cc
         :to:from:date:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PmM7wl7FfXANU3+HoiZcpwWBrDC/gYVSs/BA58caBms=;
        b=jtrwei4gr5UexKnZ7v+4/HR/yv1onks43ioNlxzBnmLCvKEeIkVo2st8H54qM27067
         y7FjWNQP1OYh9M4vaq6vhwMRNUnFeSm13jda7YAlm+3L/KBviV92/4n/8omVyRoojzN6
         ohe529tC/jnjS1iTrk280zHC3jVgX2VH5kQhh4pKIJVJHCeKZ94FRzOBJqCh2sOKaoLz
         Zgj5A+4WUWGYgMS1wo7IA+gYA/48ROK8ywyOEPMhe2+kacaHiKld6o0Lmwd/cS/d1l0e
         QUl8TjXCS67uwPBDl05JewzNi7GMC9qzvNTja0exH5SoubTzBJIuW21y9dQD31APpA0O
         u8Dg==
X-Forwarded-Encrypted: i=1; AJvYcCVv1IcQuYfZXZdBh9h4UvjKRewje4F2BeERFt2r20VE4Q1eidF7mEi/6CsZ6hViQeIIEr0pywOE7w==@kvack.org
X-Gm-Message-State: AOJu0Yw1cNmdjwNwYwQEkheMi/DvRKCy1LKIx/1/QdHF1xpdhCCZlZSl
	vNDDtlCIbudZMg3h8FRnq2b+0benrIlyZpaTuW/CX/eByHkhDZEG9ZY80EHAbN9mR2k=
X-Gm-Gg: ASbGncszN8A8PMkhO7ASG/guHnKuj7pTFWqqV5Phd1qKuH+xS15xDg5cOIXB6F/icQq
	OMMszpJEWi7z7ACwvr/Zs9kpoiF0I8ZlEZivRZE4eIHMIdxbRLnXK/yHZg0LctKjAaPd0ijV806
	SUaiqRgvNjgHwQ876sVUzgfFPzpDD4MJsVhPWvGcLsLD3IKEkG7coSr03Ju9vepmcoeAH/uxc+a
	E6nKCVrk/qqYMhOG1Yf15lLjVGMyK2rfkqsPKVDx06nfzvA9HS7GfoVlG3cO3oHU62wvCujoQLA
	Lo1fkBm/6CLdIZVsjntoLp7qmysAg4/KDtsuZUhBGNbkF/abeH7Kg7s/H56T4MaOL4g=
X-Google-Smtp-Source: AGHT+IGZNy6iLufcbGr1Cm4vscuZZ5cosVeDu++QGebNauJZVQ9784C5I6lmRFlz/knjxPIF4kXi1w==
X-Received: by 2002:a05:6000:40c9:b0:3a1:fc5c:dec7 with SMTP id ffacd0b85a97d-3a35fe67788mr24039998f8f.21.1747993207620;
        Fri, 23 May 2025 02:40:07 -0700 (PDT)
Received: from localhost ([196.207.164.177])
        by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-3a35ca88a34sm25709566f8f.70.2025.05.23.02.40.06
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 23 May 2025 02:40:07 -0700 (PDT)
Date: Fri, 23 May 2025 12:40:03 +0300
From: Dan Carpenter <dan.carpenter@linaro.org>
To: oe-kbuild@lists.linux.dev, Bhupesh <bhupesh@igalia.com>,
	akpm@linux-foundation.org
Cc: lkp@intel.com, oe-kbuild-all@lists.linux.dev, bhupesh@igalia.com,
	kernel-dev@igalia.com, linux-kernel@vger.kernel.org,
	bpf@vger.kernel.org, linux-perf-users@vger.kernel.org,
	linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
	oliver.sang@intel.com, laoar.shao@gmail.com, pmladek@suse.com,
	rostedt@goodmis.org, mathieu.desnoyers@efficios.com,
	arnaldo.melo@gmail.com, alexei.starovoitov@gmail.com,
	andrii.nakryiko@gmail.com, mirq-linux@rere.qmqm.pl,
	peterz@infradead.org, willy@infradead.org, david@redhat.com,
	viro@zeniv.linux.org.uk, keescook@chromium.org,
	ebiederm@xmission.com, brauner@kernel.org, jack@suse.cz,
	mingo@redhat.com, juri.lelli@redhat.com, bsegall@google.com,
	mgorman@suse.de
Subject: Re: [PATCH v4 2/3] treewide: Switch memcpy() users of 'task->comm'
 to a more safer implementation
Message-ID: <202505221104.qV4Iy0rA-lkp@intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20250521062337.53262-3-bhupesh@igalia.com>
X-Rspamd-Queue-Id: 4F785C000A
X-Stat-Signature: ywk7qwaxsdyj4zx8ycspj6ounsyk3huu
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-HE-Tag: 1747993209-442389
X-HE-Meta: U2FsdGVkX18ddKLQM5GfH2xn2UMuh/X1ZA51vQjgFsC5G+reQkd7uRFIARoiJINBmPDDte9QUhm2ZbedH+Hslr0NYvkMflTyq9Z/2ZtXK9YVUmxHBjcEZKW8GdBDX7+LL8qxKHzI41ii7V4G0BcQEwGtZdozRpOQ0xky2HlisX6t3M0ZTYjl1nwhF6LzsBG1CO1oP3jk8p9P7UMu6mn8/xAXZY7ta0kD05kgFkK3xlF1TVngv8JfUM2Tz8aZTXzVcsUfe7j1gkL9RnWii1FNe3URgF9jwqcHdNRP1HwY5T9QY2bIUChglu2CGlsZesG+wUBNtocpdARfMrTUNoBmHVyX/wjSsZ4VqPksJE1GTB39qqU3fquBVxvlsw6iJQMtBoZxys661i6hFPyIsModAwfw4+06nluYPUESLLDp9a5ex9o0ck7sOwSN3jhzL03ZkYFLTwWG+Iv+/ZKbnUsPVP47yNIMX/7qeMT2ve115qkm5mAeJEr0MNubBMG5idxrzAbTOWEXMg7sRVtfHLKHGMwxjHWlAPUfezkQYI3C2sULATXGPknSWa7mRfm2iKN3kQ2MTpvLbWhoXccGcjgvme+3oZpRU5/V/KGQ937GeQqA2QYPXcQyVv8QwPSEwocbSx4JkRiM5koxkKN7jr7TEyWkNk2rHAB5WaNSUtwEYkd66I5iuDIaW+f5a6AvwS94zhCQy8ZcJ5J6Qp4ATSizkXrec6i8bkapBQNwFYCPFdovfmre/GnWV//SbQc1g+7Om4wfDlfYZXvkuwuwrogyuibPDyW0bXbvI5UnP8awzYjcMGkO+qRUYFpc1i/3fjKifSaWHN3FmdZLSNfxbx27F+eXBVYQzqxhgwZiBt+zINl6CwIXHIVSnSFdyy92mb5SVVZiMH25uZMdJUWrENTFq1HxTLOfy9ovlepcWhfqVRUnh6IhupUNjRjy57Nuo7plZuDF1EKm00zV7n4j7mW
 /ztgcj2l
 a8KaUjn1YdfD3Xv/6UChLr8RjkW2+T9AZG+6ZXEtPLWBBxYTGikN4RB1+Fns70xWHAWsf2NYTXYiks9kFfHBUC6xICdv34Im9euLH1IoB1HKJdQm+u/Oe4kZ6ge/UEX9kk10izJdvReVxo05m5tvvLiFC0K2069vG/hlQo5DMRHpu+gxASv0WL9IEIS+cekwDLCM26PC/IEKZjmkZbgyLfTQjeDV4un1nBsT7wlOVh2GbDFwSkIa7y4ljZdc1dffonWilkD+3ebBAbX59bACTr+LzbvF1COte5LPI3d+y5c40s8+nKcx0kIxAxGVMCo6MUb4AF/JiJzSMLa2Of53aXeCp+B94IHDccacvty+LtDLIJIhkB/Pc1nvvsW2LfI62QqmlzWbB3nGcCYfN2Ot/x3nmgnllrnLvWJ2zS+UNxAig9qW7RYWyXGpjH9MySvUbkSV8Yc21vL9HezPkST3u4fDJNx0sr7xiARCaZcqTaGFPZeox1sUney4hgCCN5Je9GE64/cJBTpqDEv8nnjk1fsGTqkxSnMUyTsSUKOGHpSJiRrNnzSufDLLKImHrolKO0LZAcnsOY4EAhwlWAUJlxUMAII1BLrQAru9vHgWRYl7b0AsqjF8AtiYAvw==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Hi Bhupesh,

kernel test robot noticed the following build warnings:

https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Bhupesh/exec-Remove-obsolete-comments/20250521-142443
base:   https://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace for-next
patch link:    https://lore.kernel.org/r/20250521062337.53262-3-bhupesh%40igalia.com
patch subject: [PATCH v4 2/3] treewide: Switch memcpy() users of 'task->comm' to a more safer implementation
config: powerpc64-randconfig-r071-20250522 (https://download.01.org/0day-ci/archive/20250522/202505221104.qV4Iy0rA-lkp@intel.com/config)
compiler: clang version 21.0.0git (https://github.com/llvm/llvm-project f819f46284f2a79790038e1f6649172789734ae8)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
| Closes: https://lore.kernel.org/r/202505221104.qV4Iy0rA-lkp@intel.com/

New smatch warnings:
fs/coredump.c:591 do_coredump() error: buffer overflow 'comm' 16 <= 16
fs/coredump.c:1006 validate_coredump_safety() error: buffer overflow 'comm' 16 <= 16

vim +/comm +591 fs/coredump.c

a78282e2c94f4c Linus Torvalds               2024-09-26  524  void do_coredump(const kernel_siginfo_t *siginfo)
10c28d937e2cca Alex Kelly                   2012-09-26  525  {
10c28d937e2cca Alex Kelly                   2012-09-26  526  	struct core_state core_state;
10c28d937e2cca Alex Kelly                   2012-09-26  527  	struct core_name cn;
10c28d937e2cca Alex Kelly                   2012-09-26  528  	struct mm_struct *mm = current->mm;
10c28d937e2cca Alex Kelly                   2012-09-26  529  	struct linux_binfmt * binfmt;
10c28d937e2cca Alex Kelly                   2012-09-26  530  	const struct cred *old_cred;
10c28d937e2cca Alex Kelly                   2012-09-26  531  	struct cred *cred;
a78282e2c94f4c Linus Torvalds               2024-09-26  532  	int retval = 0;
10c28d937e2cca Alex Kelly                   2012-09-26  533  	int ispipe;
315c69261dd3fa Paul Wise                    2019-08-02  534  	size_t *argv = NULL;
315c69261dd3fa Paul Wise                    2019-08-02  535  	int argc = 0;
fbb1816942c044 Jann Horn                    2015-09-09  536  	/* require nonrelative corefile path and be extra careful */
fbb1816942c044 Jann Horn                    2015-09-09  537  	bool need_suid_safe = false;
acdedd99b0f3bf Oleg Nesterov                2013-04-30  538  	bool core_dumped = false;
10c28d937e2cca Alex Kelly                   2012-09-26  539  	static atomic_t core_dump_count = ATOMIC_INIT(0);
10c28d937e2cca Alex Kelly                   2012-09-26  540  	struct coredump_params cprm = {
5ab1c309b34488 Denys Vlasenko               2012-10-04  541  		.siginfo = siginfo,
10c28d937e2cca Alex Kelly                   2012-09-26  542  		.limit = rlimit(RLIMIT_CORE),
10c28d937e2cca Alex Kelly                   2012-09-26  543  		/*
10c28d937e2cca Alex Kelly                   2012-09-26  544  		 * We must use the same mm->flags while dumping core to avoid
10c28d937e2cca Alex Kelly                   2012-09-26  545  		 * inconsistency of bit flags, since this flag is not protected
10c28d937e2cca Alex Kelly                   2012-09-26  546  		 * by any locks.
10c28d937e2cca Alex Kelly                   2012-09-26  547  		 */
10c28d937e2cca Alex Kelly                   2012-09-26  548  		.mm_flags = mm->flags,
95c5436a488384 Eric W. Biederman            2022-03-08  549  		.vma_meta = NULL,
8603b6f58637ce Oleksandr Natalenko          2022-09-03  550  		.cpu = raw_smp_processor_id(),
10c28d937e2cca Alex Kelly                   2012-09-26  551  	};
10c28d937e2cca Alex Kelly                   2012-09-26  552  
5ab1c309b34488 Denys Vlasenko               2012-10-04  553  	audit_core_dumps(siginfo->si_signo);
10c28d937e2cca Alex Kelly                   2012-09-26  554  
10c28d937e2cca Alex Kelly                   2012-09-26  555  	binfmt = mm->binfmt;
a78282e2c94f4c Linus Torvalds               2024-09-26  556  	if (!binfmt || !binfmt->core_dump)
10c28d937e2cca Alex Kelly                   2012-09-26  557  		goto fail;
a78282e2c94f4c Linus Torvalds               2024-09-26  558  	if (!__get_dumpable(cprm.mm_flags))
10c28d937e2cca Alex Kelly                   2012-09-26  559  		goto fail;
10c28d937e2cca Alex Kelly                   2012-09-26  560  
10c28d937e2cca Alex Kelly                   2012-09-26  561  	cred = prepare_creds();
a78282e2c94f4c Linus Torvalds               2024-09-26  562  	if (!cred)
10c28d937e2cca Alex Kelly                   2012-09-26  563  		goto fail;
10c28d937e2cca Alex Kelly                   2012-09-26  564  	/*
10c28d937e2cca Alex Kelly                   2012-09-26  565  	 * We cannot trust fsuid as being the "true" uid of the process
10c28d937e2cca Alex Kelly                   2012-09-26  566  	 * nor do we know its entire history. We only know it was tainted
10c28d937e2cca Alex Kelly                   2012-09-26  567  	 * so we dump it as root in mode 2, and only into a controlled
10c28d937e2cca Alex Kelly                   2012-09-26  568  	 * environment (pipe handler or fully qualified path).
10c28d937e2cca Alex Kelly                   2012-09-26  569  	 */
e579d2c259be42 Kees Cook                    2013-02-27  570  	if (__get_dumpable(cprm.mm_flags) == SUID_DUMP_ROOT) {
10c28d937e2cca Alex Kelly                   2012-09-26  571  		/* Setuid core dump mode */
10c28d937e2cca Alex Kelly                   2012-09-26  572  		cred->fsuid = GLOBAL_ROOT_UID;	/* Dump root private */
fbb1816942c044 Jann Horn                    2015-09-09  573  		need_suid_safe = true;
10c28d937e2cca Alex Kelly                   2012-09-26  574  	}
10c28d937e2cca Alex Kelly                   2012-09-26  575  
5ab1c309b34488 Denys Vlasenko               2012-10-04  576  	retval = coredump_wait(siginfo->si_signo, &core_state);
10c28d937e2cca Alex Kelly                   2012-09-26  577  	if (retval < 0)
10c28d937e2cca Alex Kelly                   2012-09-26  578  		goto fail_creds;
10c28d937e2cca Alex Kelly                   2012-09-26  579  
10c28d937e2cca Alex Kelly                   2012-09-26  580  	old_cred = override_creds(cred);
10c28d937e2cca Alex Kelly                   2012-09-26  581  
315c69261dd3fa Paul Wise                    2019-08-02  582  	ispipe = format_corename(&cn, &cprm, &argv, &argc);
10c28d937e2cca Alex Kelly                   2012-09-26  583  
10c28d937e2cca Alex Kelly                   2012-09-26  584  	if (ispipe) {
315c69261dd3fa Paul Wise                    2019-08-02  585  		int argi;
10c28d937e2cca Alex Kelly                   2012-09-26  586  		int dump_count;
10c28d937e2cca Alex Kelly                   2012-09-26  587  		char **helper_argv;
907ed1328d2a74 Lucas De Marchi              2013-04-30  588  		struct subprocess_info *sub_info;
10c28d937e2cca Alex Kelly                   2012-09-26  589  
10c28d937e2cca Alex Kelly                   2012-09-26  590  		if (ispipe < 0) {
c114e9948c2b6a Roman Kisel                  2024-07-18 @591  			coredump_report_failure("format_corename failed, aborting core");
e7fd1549aeb83e Oleg Nesterov                2013-07-03  592  			goto fail_unlock;

>               /* This will always be NUL terminated. */ \
> -             memcpy(comm, current->comm, sizeof(comm)); \
> +             memcpy(comm, current->comm, TASK_COMM_LEN); \
> +             comm[TASK_COMM_LEN] = '\0'; \
                     ^^^^^^^^^^^^^^
This was supposed to be "TASK_COMM_LEN - 1".  Also the comment says
it's not required...

10c28d937e2cca Alex Kelly                   2012-09-26  593  		}
10c28d937e2cca Alex Kelly                   2012-09-26  594  
10c28d937e2cca Alex Kelly                   2012-09-26  595  		if (cprm.limit == 1) {
10c28d937e2cca Alex Kelly                   2012-09-26  596  			/* See umh_pipe_setup() which sets RLIMIT_CORE = 1.

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki