From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92BCAC433EF for ; Mon, 1 Nov 2021 14:35:16 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 3B37560ED5 for ; Mon, 1 Nov 2021 14:35:16 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 3B37560ED5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org Received: by kanga.kvack.org (Postfix) id CABC1940018; Mon, 1 Nov 2021 10:35:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C5B6394000F; Mon, 1 Nov 2021 10:35:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B23A4940018; Mon, 1 Nov 2021 10:35:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0002.hostedemail.com [216.40.44.2]) by kanga.kvack.org (Postfix) with ESMTP id A2F6F94000F for ; Mon, 1 Nov 2021 10:35:15 -0400 (EDT) Received: from smtpin04.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 5F02A1809871B for ; Mon, 1 Nov 2021 14:35:15 +0000 (UTC) X-FDA: 78760608990.04.CA1D6CD Received: from mail-io1-f49.google.com (mail-io1-f49.google.com [209.85.166.49]) by imf29.hostedemail.com (Postfix) with ESMTP id E1F289000257 for ; Mon, 1 Nov 2021 14:35:14 +0000 (UTC) Received: by mail-io1-f49.google.com with SMTP id h81so12965259iof.6 for ; Mon, 01 Nov 2021 07:35:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/dxlHLhVVeQz41NT3FXktHwc6LNqxwx1mOX2k57ETQc=; b=H/1G8uLzOKFUO52ObvxuuCuV2l4rLb4ppcpv63LC7y0Tk4dE973BG8DiuIgTiz+kLZ bpyTdkposK7jsR+F92tk48sbrLWZlxQmSwWgg+FTp8yGpCNho0MmcjII02ryAAYVxBgv X6yFut/50QTG4V3DM6A+ST2FkB09I5Xws9xJ0FRh68XEdS1mUzmdBat2YFQTVNv+4qjs iLLEx1qRt5E2fiPqF7c/BqIwMW5d8svEQl08Guopq4so8w/JOi93ZHwv4T0+34xN2ewR Fx/qIl+wkLAkfRBznYLmPTxdSvF+NCPooq2tubC5/sOiwajiOM3/qG0yGmIRqpwhwqo6 /BEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/dxlHLhVVeQz41NT3FXktHwc6LNqxwx1mOX2k57ETQc=; b=agvNoibSz9cDMHsjm1hjh4h6v6uy562RMJVuHHN3hdqBByY3U1tgLVzHG70gEhuwex IN9Of0McEI5fC1DJTFVLPLpnWVUFBYNpyBDVxyFIHWo/GPMIJvczz1EJl6k68ZTKTOFd n818M9uCD0hgLVmfdyJ6ozESM7wLWQrUPn5D/++i4H+MKPiPgMTn5wXXAusNCamdCF1/ oBo8b7BIf4srgRuAzlUt12KcxqAYkNCY1dwSq3IY/392iH7NlQvCTLPodW6S4P3mPT/C 5Qb6sJh+H9i9RN0Y6A2wSffxAUQUp47/2evCo0abjM0eB2Eu4wzjSscZU62cuNJ4P+6m 1DDg== X-Gm-Message-State: AOAM533IuFfRkb0yeqQIJWn8e6ZkH4E1b2w1vKkKwbKuqVz0MfrPmuky eLCgxZLeTJISqgekWfqoLkymxN0JauJJPb9h9+A= X-Google-Smtp-Source: ABdhPJxML5PM3L1wF90f7Vr07fhP4LkRyBWT2Nd3AJz21DOOUbOnidR2/cTzlniPaknpj0TIA3BSov/kzpbs+lx1tXY= X-Received: by 2002:a05:6602:2f0a:: with SMTP id q10mr4985724iow.202.1635777314146; Mon, 01 Nov 2021 07:35:14 -0700 (PDT) MIME-Version: 1.0 References: <20211101060419.4682-1-laoar.shao@gmail.com> In-Reply-To: From: Yafang Shao Date: Mon, 1 Nov 2021 22:34:30 +0800 Message-ID: Subject: Re: [PATCH v7 00/11] extend task comm from 16 to 24 To: Petr Mladek Cc: Andrew Morton , Kees Cook , Steven Rostedt , Mathieu Desnoyers , Arnaldo Carvalho de Melo , Peter Zijlstra , Al Viro , Valentin Schneider , Qiang Zhang , robdclark , christian , Dietmar Eggemann , Ingo Molnar , Juri Lelli , Vincent Guittot , David Miller , Jakub Kicinski , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin Lau , Song Liu , Yonghong Song , john fastabend , KP Singh , dennis.dalessandro@cornelisnetworks.com, mike.marciniszyn@cornelisnetworks.com, dledford@redhat.com, jgg@ziepe.ca, linux-rdma@vger.kernel.org, netdev , bpf , "linux-perf-use." , linux-fsdevel@vger.kernel.org, Linux MM , LKML , kernel test robot , kbuild test robot Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: xqajgsqyzmpjx6s4e8r8fpzss7nctqu5 Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b="H/1G8uLz"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf29.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.166.49 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: E1F289000257 X-HE-Tag: 1635777314-466704 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Nov 1, 2021 at 10:07 PM Petr Mladek wrote: > > On Mon 2021-11-01 06:04:08, Yafang Shao wrote: > > There're many truncated kthreads in the kernel, which may make trouble > > for the user, for example, the user can't get detailed device > > information from the task comm. > > > > This patchset tries to improve this problem fundamentally by extending > > the task comm size from 16 to 24, which is a very simple way. > > > > In order to do that, we have to do some cleanups first. > > > > 1. Make the copy of task comm always safe no matter what the task > > comm size is. For example, > > > > Unsafe Safe > > strlcpy strscpy_pad > > strncpy strscpy_pad > > bpf_probe_read_kernel bpf_probe_read_kernel_str > > bpf_core_read_str > > bpf_get_current_comm > > perf_event__prepare_comm > > prctl(2) > > > > After this step, the comm size change won't make any trouble to the > > kernel or the in-tree tools for example perf, BPF programs. > > > > 2. Cleanup some old hard-coded 16 > > Actually we don't need to convert all of them to TASK_COMM_LEN or > > TASK_COMM_LEN_16, what we really care about is if the convert can > > make the code more reasonable or easier to understand. For > > example, some in-tree tools read the comm from sched:sched_switch > > tracepoint, as it is derived from the kernel, we'd better make them > > consistent with the kernel. > > The above changes make sense even if we do not extend comm[] array in > task_struct. > > > > 3. Extend the task comm size from 16 to 24 > > task_struct is growing rather regularly by 8 bytes. This size change > > should be acceptable. We used to think about extending the size for > > CONFIG_BASE_FULL only, but that would be a burden for maintenance > > and introduce code complexity. > > > > 4. Print a warning if the kthread comm is still truncated. > > > > 5. What will happen to the out-of-tree tools after this change? > > If the tool get task comm through kernel API, for example prctl(2), > > bpf_get_current_comm() and etc, then it doesn't matter how large the > > user buffer is, because it will always get a string with a nul > > terminator. While if it gets the task comm through direct string copy, > > the user tool must make sure the copied string has a nul terminator > > itself. As TASK_COMM_LEN is not exposed to userspace, there's no > > reason that it must require a fixed-size task comm. > > The amount of code that has to be updated is really high. I am pretty > sure that there are more potential buffer overflows left. > > You did not commented on the concerns in the thread > https://lore.kernel.org/all/CAADnVQKm0Ljj-w5PbkAu1ugLFnZRRPt-Vk-J7AhXxDD5xVompA@mail.gmail.com/ > I thought Steven[1] and Kees[2] have already clearly explained why we do it like that, so I didn't give any more words on it. [1]. https://lore.kernel.org/all/20211025170503.59830a43@gandalf.local.home/ [2]. https://lore.kernel.org/all/202110251406.56F87A3522@keescook/ > Several people suggested to use a more conservative approach. Yes, they are Al[3] and Alexei[4]. [3]. https://lore.kernel.org/lkml/YVkmaSUxbg%2FJtBHb@zeniv-ca.linux.org.uk/ [4]. https://lore.kernel.org/all/CAADnVQKm0Ljj-w5PbkAu1ugLFnZRRPt-Vk-J7AhXxDD5xVompA@mail.gmail.com/ > I mean > to keep comm[16] as is and add a new pointer to the full name. The buffer > for the long name might be dynamically allocated only when needed. > That would add a new allocation in the fork() for the threads with a long name. I'm not sure if it is worth it. > The pointer might be either in task_struct or struct kthread. It might > be used the same way as the full name stored by workqueue kthreads. > If we decide to do it like that, I think we'd better add it in task_struct, then it will work for all tasks. > The advantage of the separate pointer: > > + would work for names longer than 32 > + will not open security holes in code > Yes, those are the advantages. And the disadvantage of it is: - new allocation in fork() -- Thanks Yafang