From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D560AC25B75 for ; Mon, 3 Jun 2024 22:06:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6DFD56B0092; Mon, 3 Jun 2024 18:06:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 68F9B6B0095; Mon, 3 Jun 2024 18:06:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 558336B0096; Mon, 3 Jun 2024 18:06:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 35B226B0092 for ; Mon, 3 Jun 2024 18:06:52 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id D41141C11D2 for ; Mon, 3 Jun 2024 22:06:51 +0000 (UTC) X-FDA: 82190963022.09.FF81CF3 Received: from mail-yw1-f176.google.com (mail-yw1-f176.google.com [209.85.128.176]) by imf17.hostedemail.com (Postfix) with ESMTP id E541E40003 for ; Mon, 3 Jun 2024 22:06:48 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=Ek6GCXHB; dmarc=pass (policy=none) header.from=paul-moore.com; spf=pass (imf17.hostedemail.com: domain of paul@paul-moore.com designates 209.85.128.176 as permitted sender) smtp.mailfrom=paul@paul-moore.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1717452409; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=zX8PVfQ5qnzftwtpw106lfiQ8TgkbA0h4I3z6i3Eidw=; b=ERjgqPnu6muTXKlNGpWqjPzRI7EgbcjNVBikTHGDFsKNYRLBPfItSA5iC3Eng5V8IJLm2R TLqxk3Juf/h2aFkFM5aksopHExsxGSy5g4BsB4xKlyumiBlvV1SWU/O4WHXRMHyBNodWV8 lZr9L4BLVcTRzFXozevPHtASjbDG684= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=paul-moore.com header.s=google header.b=Ek6GCXHB; dmarc=pass (policy=none) header.from=paul-moore.com; spf=pass (imf17.hostedemail.com: domain of paul@paul-moore.com designates 209.85.128.176 as permitted sender) smtp.mailfrom=paul@paul-moore.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1717452409; a=rsa-sha256; cv=none; b=wQygHf1+Cv1ouAsD2j9IjN67MsnHn8vmc/SAeJEJxECPkdQ3+v5Fkjv/VnITFIv6ArWPA+ 4Wsr2fXA1kursMoxcBEswqkl1qTomAGeebkqWZ3iOrFufQWll+IvB0C+/Duexd1Vxf5i+v /dOaXEpoD2slq20oLXfLu+rKiIoKJK8= Received: by mail-yw1-f176.google.com with SMTP id 00721157ae682-627ebbefd85so52987327b3.3 for ; Mon, 03 Jun 2024 15:06:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1717452408; x=1718057208; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=zX8PVfQ5qnzftwtpw106lfiQ8TgkbA0h4I3z6i3Eidw=; b=Ek6GCXHBz6/JXmDaILjSnzjkks8DeT1f1NxTrjylMYPkJjFrcPzsbOqprG58SqkuQ2 aDI6P0x0HuXO/Gwaaa+8lbKoZzn+MKyTOUsGU+va9ZsyEA4Td9u/jJ+GTTDih/OlIFOt M/wTC7T/QEgcCbXUP/SsyjyoJ0xBgEIWTxBNm5mIH4kAhXnT7jU+1+FZYOtVS5jABWIY Yc++UyGc0QDccHYKoBUObrG0ofr83uFkdH1LQxFhy4nyy0IhZsjQxR7TdmtCBjNxtv4e mADYOaOfgDxV0FfLdpHZuyru+EE/xKTQig/TGmKRRQt7+pyQvPZytE20VKoXAy3P8SpD BseA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717452408; x=1718057208; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zX8PVfQ5qnzftwtpw106lfiQ8TgkbA0h4I3z6i3Eidw=; b=qzGa9ezpo2/QyZPdkzaJrR1qQOkNgD9IcpSqQFzxR/4PFKYU+6wD8mgVj6nTvU2YZZ NsgBa9C6qN3Jtu8cx3iFSYxlZNDFiR9OZ/rQnm/OpZwjs3Z0MV3pkpgrMuGPUglt+cPb 27InAF0ybGb8eO5kNoUdzDEe6gSoSqeSZ0I6FT0ru5fgCM8Bu+BUJ0OyOuFGyQeBM2l1 xtBZ5R7b7KFGI9fqibG1P+rWxOg86YX+TSQxV9HX+EwERJBnMM4qM5JeKcQvmEM9/PAN 45AWV3dJLn1lzcwq3aRGaB+bJwB1hsmmHXLS5nc0JcutnnyQ/tguDIlp8hQoGL2uLzrX gU+w== X-Forwarded-Encrypted: i=1; AJvYcCWt1rogrUFrOT/KXfz5cv/65GT75l+U7Mv2Rl7CsmKMLYyJ4HmxoL476IazXKEyeudD6bnHMkfgGjG8GIN67wqHJNA= X-Gm-Message-State: AOJu0YyOhcItYjN2x2Ddc3aUxectfGujFrc53TROhqWN4k7HckGc29VA 0NXB/zCe11w9XxpDLIzYW5+xbDuhwbMBxjrd+UNq92Iw59gY7Nz/oAyzLhySrhGM4JSxOIl8qDL NXvSqXFdjRPLNhdwGqo8B2eyjL8NGmJBo+33R X-Google-Smtp-Source: AGHT+IFlZXhnnbTx1bR3IL0MEuJpb6BYtD7X1NVqh0jIq3mMhTGkqNSjbPG9eHDX2tOy0Ga8K2kdNA8x6bcAW9bCfZ4= X-Received: by 2002:a81:92c2:0:b0:61b:33ae:e065 with SMTP id 00721157ae682-62c7947ecbdmr103514047b3.0.1717452406285; Mon, 03 Jun 2024 15:06:46 -0700 (PDT) MIME-Version: 1.0 References: <20240602023754.25443-1-laoar.shao@gmail.com> <20240602023754.25443-5-laoar.shao@gmail.com> In-Reply-To: <20240602023754.25443-5-laoar.shao@gmail.com> From: Paul Moore Date: Mon, 3 Jun 2024 18:06:35 -0400 Message-ID: Subject: Re: [PATCH 4/6] security: Replace memcpy() with __get_task_comm() To: Yafang Shao Cc: torvalds@linux-foundation.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, James Morris , "Serge E. Hallyn" , Stephen Smalley , Ondrej Mosnacek Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: E541E40003 X-Stat-Signature: 4me6n341t9e148oz5csyxnstz9s3jmwo X-Rspam-User: X-Rspamd-Server: rspam04 X-HE-Tag: 1717452408-726996 X-HE-Meta: U2FsdGVkX19xkZAuMGxm4mOO3gRwdZR0gA4IHnI5HJaEK96qWqqiiAMq4+Uf2gbRzYL+XIX0LzZuRh//sKhFPC1uhm5juit/FR6xQXvTMiPWI8bg6Yl5mvdKnFFQksvYdNcloN6JSMG31IijkJlYhuxem9NdMpHDQaDQicHl/70VTlgDb1l295My7ADIHeIUQnorap09zmi31sBZhLTNAQNt8QzuBXxlQnhm/CB2S1jwSyy9HV5K3sb30fNane6mRx6k0J394tDKfWrR9/V4+fJPPLWEbLzQdFG0UYfGgh0xhPoKOkBWvOM0jVO4z8jPDPJvWSu0cVcRf8A37liJjevlxWsVHSghx4lb/rhYhAxvDfgC5Rc6nAaJsHJpvxHfSrdtS1O7AtwcNfXE++gj8wVGVozq4jszsUsSmAyQ9wFc1dVbm1xjlCVZOjNRw8X+Zc4VUADglqm400tTuMWa8BDFhbLmyH2X1/9oN524GQvsclOdiqtiV4i0cMSuISha1UZN0EAEki2Y2gQ7SzTrwfPOHqDY5FR27g0Ata0g2+Uvm3WvzYQ9v7u+YDolv903B9k48fkFufnCa6VbNVEgLpW9roC2wWufhx+eqWCHkQl5/IAH/luCt+AIgqBN7mwWyKMGoYpzh2aMqEsgQ26z/50I2ox4/6XHcM+aLuZpP+HB8Sfb0dsUZpJJrbQKy7nIW3O036w54T2IpH3Olg3aRyFa4pHfyaYKsbBw5ac6P54p+6l727UsybOIWx74YPGQ26f+RPW7H54osaD9HHcspvyZ1esJTbajhooQCgQGN6Ay7l5+XWlRf5DLKaE38fAIMipXQFwbejQEIC4b/WpgDanjlkfN2St7BpBhNlj4UtAyc85ldlcVmgHmaXVHi0NviySinssox1aObc5J/lVesQZDlNhktJmzGm9F9VydlR66Tot8YZ81BI3syCOvJ+5rAw0doR20KDFbgIfufRd pXSpzh/R ifEQbkQyzBCEdO1wTGmO7NbH8sC+80RmWkRoVrxQ9BNd8dG7aLaElkgm4igPFeO/j7VJSVVo1aCj7XPmU4XeFD3Bq3NQKwsrd96ja34gu5T6DnRt1rQcBOuo3ctQGAWDD+44vcPZmCXQQqzoFLoQCIHSGgrTntjgIHNu4rH60i/NtPP1IZcGi0y4cFLoM1q1Yg9lw3RVi/3ApHwh41PzblnyTDqT9DE9CcgXu7Tkip/fne0QjF74t3t18Ku4bCZV9md2ZnjjR/GCcgkUD2u0TThORXCI1F5s6eDO3Aqf8ZGtDVXAmgnjWet8TMq4WoE3ODHibvWOa0zPPSbXdVFGw57ERtenZOkTp0TGd2I86G7EvJNIMm3W0HWfU1bsVewAJF1bpwi1jN+rbE9veEt/eLAe6gxP+0hreBYcVWzeTfoHxEWuxMGnQ35lthlp8ZvWs6fCss4OlL+LDZdftMxYZjIW7U34gg2sbljJnGXSICZokrZ03DpBmS9HMvgdlEzKMcIy3YkW7ibvGmPlUex+0Sl7gYaDT4dBIQ8mdR+l7DZf2JAD4eBLLmkxP0Al8PfBvWNH1ENARhPDYLyWA68rQKzF8CflI8Tq1NzA+SHyvh8zI+1RXsWk1jPzbaf90IALRLxZi X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Sat, Jun 1, 2024 at 10:38=E2=80=AFPM Yafang Shao = wrote: > > Quoted from Linus [0]: > > selinux never wanted a lock, and never wanted any kind of *consistent* > result, it just wanted a *stable* result. > > Using __get_task_comm() to read the task comm ensures that the name is > always NUL-terminated, regardless of the source string. This approach als= o > facilitates future extensions to the task comm. > > Signed-off-by: Yafang Shao > LINK: https://lore.kernel.org/all/CAHk-=3DwivfrF0_zvf+oj6=3D=3DSh=3D-npJo= oP8chLPEfaFV0oNYTTBA@mail.gmail.com/ [0] > Cc: Paul Moore > Cc: James Morris > Cc: "Serge E. Hallyn" > Cc: Stephen Smalley > Cc: Ondrej Mosnacek > --- > security/lsm_audit.c | 4 ++-- > security/selinux/selinuxfs.c | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) Similar to the audit change, as long as you sort out the __get_task_comm() issues such that it can operate without task_lock() this should be fine. Acked-by: Paul Moore > diff --git a/security/lsm_audit.c b/security/lsm_audit.c > index 849e832719e2..a922e4339dd5 100644 > --- a/security/lsm_audit.c > +++ b/security/lsm_audit.c > @@ -207,7 +207,7 @@ static void dump_common_audit_data(struct audit_buffe= r *ab, > BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2); > > audit_log_format(ab, " pid=3D%d comm=3D", task_tgid_nr(current)); > - audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(= comm))); > + audit_log_untrustedstring(ab, __get_task_comm(comm, sizeof(comm),= current)); > > switch (a->type) { > case LSM_AUDIT_DATA_NONE: > @@ -302,7 +302,7 @@ static void dump_common_audit_data(struct audit_buffe= r *ab, > char comm[sizeof(tsk->comm)]; > audit_log_format(ab, " opid=3D%d ocomm=3D= ", pid); > audit_log_untrustedstring(ab, > - memcpy(comm, tsk->comm, sizeof(comm))= ); > + __get_task_comm(comm, sizeof(comm), t= sk)); > } > } > break; > diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c > index e172f182b65c..a8a2ec742576 100644 > --- a/security/selinux/selinuxfs.c > +++ b/security/selinux/selinuxfs.c > @@ -708,7 +708,7 @@ static ssize_t sel_write_checkreqprot(struct file *fi= le, const char __user *buf, > if (new_value) { > char comm[sizeof(current->comm)]; > > - memcpy(comm, current->comm, sizeof(comm)); > + __get_task_comm(comm, sizeof(comm), current); > pr_err("SELinux: %s (%d) set checkreqprot to 1. This is n= o longer supported.\n", > comm, current->pid); > } > -- > 2.39.1 --=20 paul-moore.com