From: Linus Torvalds <torvalds@linux-foundation.org>
To: Christian Brauner <brauner@kernel.org>
Cc: "Kees Cook" <kees@kernel.org>,
"Al Viro" <viro@zeniv.linux.org.uk>,
"Zbigniew Jędrzejewski-Szmek" <zbyszek@in.waw.pl>,
"Tycho Andersen" <tandersen@netflix.com>,
"Aleksa Sarai" <cyphar@cyphar.com>,
"Eric Biederman" <ebiederm@xmission.com>,
"Jan Kara" <jack@suse.cz>,
linux-mm@kvack.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
Date: Sun, 1 Dec 2024 08:54:41 -0800 [thread overview]
Message-ID: <CAHk-=wgcbq=2N8m5X8vJuUNgM9gpVjqpQzrnCsu19MP8SV5TYA@mail.gmail.com> (raw)
In-Reply-To: <20241201-konglomerat-genial-c1344842c88b@brauner>
On Sun, 1 Dec 2024 at 06:17, Christian Brauner <brauner@kernel.org> wrote:
>
> /*
> * Hold rcu lock to keep the name from being freed behind our back.
> * Use cquire semantics to make sure the terminating NUL from
> * __d_alloc() is seen.
> *
> * Note, we're deliberately sloppy here. We don't need to care about
> * detecting a concurrent rename and just want a sensible name.
> */
Sure. Note that even "sensible" isn't truly guaranteed in theory,
since a concurrent rename could be doing a "memcpy()" into the
dentry->d_name.name area at the same time on another CPU.
But "theoretically hard guarantees" isn't what this code cares about.
The only really hard rule is that the end result in comm[] needs to be
NUL-terminated at all times (and hey, even *that* is arguably a "don't
print garbage" rule rather than something truly fatal), and everything
else is "do the best you can".
Could we take the dentry lock to be really careful? Sure. We simply
don't care enough, and while other parts of execve() are much more
expensive, let's not.
Linus
next prev parent reply other threads:[~2024-12-01 16:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-30 4:54 Kees Cook
2024-11-30 5:55 ` Aleksa Sarai
2024-12-04 23:50 ` Zbigniew Jędrzejewski-Szmek
2024-11-30 12:29 ` Christian Brauner
2024-11-30 18:02 ` Linus Torvalds
2024-12-01 14:17 ` Christian Brauner
2024-12-01 16:54 ` Linus Torvalds [this message]
2024-12-01 18:37 ` Christian Brauner
2024-11-30 20:28 ` Mateusz Guzik
2024-11-30 21:34 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wgcbq=2N8m5X8vJuUNgM9gpVjqpQzrnCsu19MP8SV5TYA@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=brauner@kernel.org \
--cc=cyphar@cyphar.com \
--cc=ebiederm@xmission.com \
--cc=jack@suse.cz \
--cc=kees@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=tandersen@netflix.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zbyszek@in.waw.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox