From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE673CEBF86 for ; Fri, 27 Sep 2024 08:58:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3CA3B8D0003; Fri, 27 Sep 2024 04:58:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 351E68D0001; Fri, 27 Sep 2024 04:58:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 1CC108D0003; Fri, 27 Sep 2024 04:58:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id F28EA8D0001 for ; Fri, 27 Sep 2024 04:58:05 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 838B4A0B43 for ; Fri, 27 Sep 2024 08:58:05 +0000 (UTC) X-FDA: 82609916130.25.08875E8 Received: from mail-ua1-f47.google.com (mail-ua1-f47.google.com [209.85.222.47]) by imf23.hostedemail.com (Postfix) with ESMTP id C0A67140014 for ; Fri, 27 Sep 2024 08:58:03 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=OWpmi1Xa; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf23.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.222.47 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727427466; a=rsa-sha256; cv=none; b=LCD+z5PfvpeyH0FiBO9LuNRrKzrVlmRryNHzixVE5uBpnjg9oYe25lGRepABSt4rTfg7Zv REiTO0UtYnD+yHsb5ukChYeDx2rv02rvxLF+nugZvvQfUBb8VmCdtlXdxwncFUFjlaWslF LdYHQURRTA+OsmWQwDZeiQiq7rL9b8w= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=OWpmi1Xa; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf23.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.222.47 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727427466; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Eg8VUnCWU6xpmCG+ce1Tu7r95og6PEk5nWNUF8PLnD0=; b=AgqzeZjHnqRsmVLPcroi3SxhqfqwCM3RtZf67wcMO/uBzq2Hl1DmrWNH4aIW6sv9YeI3Wn fBROBCy5M+v1zTI8rofo6ALokwGuNEBPxeigHhoPk6YQLCq4R9wWd+9a42efS+yFSxzU8l MfM3jCKJkWPmL18Tn51UVhJUARZtbeA= Received: by mail-ua1-f47.google.com with SMTP id a1e0cc1a2514c-84ea1042bbeso574619241.0 for ; Fri, 27 Sep 2024 01:58:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727427483; x=1728032283; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Eg8VUnCWU6xpmCG+ce1Tu7r95og6PEk5nWNUF8PLnD0=; b=OWpmi1Xa0/+5ItBRrWHuqJ/yhRZFUMsjms1rsoH20rGHYNLlBRciDr2hqwY8PFBQBl P/ksPYT7NHRTFFfivCp+/Ptsf472GSK2mHLieSXbSGCC172eYo99VCfeexS+Qjsymlzp WmwjwTxVUEVKNciggFVc8pPQD868Zug1GamSFH6eqDu3PT/6TAuQ7VXooEBDvUsLRVvg +1dzpjJaW+tDPDdhEE/JSbRTXlsZaJAhGQVFYtkEbrfP69vFjR2m+uyPyYQME+/FJjVO eH3PmBxUzcKF0pw9EQDjrgOmi+e7HpmfqAla4h5csbCFPdOfWhdzq4OrWCH01mgLRzyV m+Ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727427483; x=1728032283; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Eg8VUnCWU6xpmCG+ce1Tu7r95og6PEk5nWNUF8PLnD0=; b=xCgbAVDbbu4h/eVpL84uZkIEgHBaOdkfVJ0IWsJXBRqxAi1Bajc2rLKanwmjzSi50q tVpbwY8ohwUaxY295mVy3H4SRQcSpnOCv7E4XpZ3Wv5rz5FUSIbSCKovZ9gl2VU1FIko wzb64CZYR1Bb9LETvlAmG8kVSYLmr0CQemjvFplnXfnj1g7QsQ/FXF3CaMHmJgSunsM6 5KJTwgPgJXS+lNzWpZdThx4xIi1D071vJfaedAToIOiKE7sI3wuVm4wf5cGRgNWUJKTB xxD3TOUqzTVIJm9/sNBv16dVPdZuXF/T45pKlOGjZUc6e3YAU4ZX3jJHpxdblavlL/rm JiAA== X-Forwarded-Encrypted: i=1; AJvYcCUduVTX4C6OmlLb58SxYgH8CWn6vcnr9kRCkDjl7SF8YXHafmiw7dcg/czs76doEzkN7ipqy5BeYg==@kvack.org X-Gm-Message-State: AOJu0YwEzTv7d7YlHYPfl0Y9ovUzcG/njCmUVeGMkp+YepONu/+FkObs HA4e5ctdn9A3D5OI/etk55O3zGu1jDWUnhIKD4CJ3vml6R88jVXSe0rFS6txcrJGzCThr+m/knY +n8oM9qtg1WkKIL9MOY7rL7yIRww= X-Google-Smtp-Source: AGHT+IHlhccJP6o8YVDcpGsoOKh73nleQWjN6gMlntdM8azrnOLgCbN569DWouWNGBJF/Vf+8gknJS6h6du5PlKNbYc= X-Received: by 2002:a05:6102:2ac4:b0:49b:e9fc:14d2 with SMTP id ada2fe7eead31-4a2d7ff9815mr2856108137.23.1727427482685; Fri, 27 Sep 2024 01:58:02 -0700 (PDT) MIME-Version: 1.0 References: <20240817025624.13157-1-laoar.shao@gmail.com> <20240817025624.13157-6-laoar.shao@gmail.com> In-Reply-To: From: Yafang Shao Date: Fri, 27 Sep 2024 16:57:26 +0800 Message-ID: Subject: Re: [PATCH v7 5/8] mm/util: Fix possible race condition in kstrdup() To: Andy Shevchenko Cc: akpm@linux-foundation.org, torvalds@linux-foundation.org, alx@kernel.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Stat-Signature: okfkk95h3wkmshhbgxij39zraygmgfen X-Rspamd-Queue-Id: C0A67140014 X-Rspamd-Server: rspam02 X-HE-Tag: 1727427483-859377 X-HE-Meta: U2FsdGVkX1+mlKGiW1MjMfha4dBP2182kkTo7uY47qX6Zql9w7H4jeaBdHA7/FEYCsXpcKsFZye7eOOmW3Zamt6Bsv3KJ5Y75+woiZ2+Ilc/coMykR2lurngcywAEZCYgxZmeSNEpv4rrsTC/hIzm9pOq2WgwPWTBb96Bf7xrcRqJw1nf1xATZve2U+jTVR2K5rNA4mc34ggc5CJIyBIr0NcnUD9mF7B3zxnhX80z3xmbP1OKO2eVP7rRoT/ZUuX6RPvK+EAsaewh/sWsrY4Zbp9thmXsm2cP/GOpzoDLZrqMjxGvIB9FCcaBPnJgSNwmpovmCQeLjSrYVhrCOJCa07Zr0+QRWDLvoFfRHIl5BX958J/6pBsoBrsK3WKlCTHII8ySbUYbNN+CMmLyRUUkVZ0o0dwKXEFmcP/K8QqDECabQ1yfLAwXIaeyoodD7MSDT8mC/s4f9xj4hvonccVcj5+AjQDrSpu9cNXLC1iphL2DZxiFP6qFF9c7PXVMesdJTIUSEEggb5GD5MK8XXRL2zP3UAd5ubTGS7t7fnIbzGGHpEjIiXHG7zOWC/tA0vWlCbA+b67wBU4+2ki4QvU5v1VdoHwNh0zMTNn29x7fzIEZXN0tuyNevoeWKR7ZYF0sXZa94T6m2MXNgCq5MWcJBZtEJv5m0oopieIlDK43wLwuTvDnm+BgSF9Nx/skOl/zYgtFvJTStsR76N7mfztii9Zw4VzpPN7vwNAwt5kryxBN4jUOmlV7xFQXFvXPhjVkaMXogAbty+Ecemd5eBT093ybJMTe6SLwQN4D88VPF8+7Cq2Py1RcLLP/WmCQ39/Xr/f+h9WJrDlGV3QUHyry2tZI1VP1ieadsqD9JKWEiwpVLLx2ANk8IuSYe5R3nYAZh4DDrt8fkxw4nTESOpvaPWS9db3zv5af3TVJmVwwqa/o+P7wPedZ9aZPUHXSCwPnnz6kv4Ccmjf3j3KZow TOOEt7H7 726A9LtRP5F9/G46v3UTP2KPWPN5g6Jts621J8n3bJFKucAs/2Qru1gDFvUEvp/xMfz0Gqf2sxghOOnII1F38joc83zPRVHCjlTSoMYzC6LyaBPz88yKcBXe11xC5EEIOxAGOygSd8vsaphg5y69AnlnOm9LnVP1AzhFXjKlSCQqfRwgi/IrJVC0fZwXKN4WPNkaPclsz8WV56KXyLJYXNbmAoPHJmSnuId5s/KjKhuG2WR9eD9tRmlpLtjyjQisMYfVZXYfXCts+a8ERjjOwQ+XGTbUDiWg2parjSph5jUsK5AI/9ZFbf75S1dQa7pDbr7vFHlwipIIUVFDLI48MlO6eTRBnmkiLBajczHJOqtfKHEbUwWVNqHkH0KN2KIdsoOpF7iJSvdjBGtgYosmqQgph1eZDpggydotPv/aPgLz9xbse+o4lVSCbveWB8rKdz+M5 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Sep 27, 2024 at 1:35=E2=80=AFAM Andy Shevchenko wrote: > > On Thu, Sep 26, 2024 at 7:44=E2=80=AFPM Yafang Shao wrote: > > > > In kstrdup(), it is critical to ensure that the dest string is always > > NUL-terminated. However, potential race condidtion can occur between a > > condition > > > writer and a reader. > > > > Consider the following scenario involving task->comm: > > > > reader writer > > > > len =3D strlen(s) + 1; > > strlcpy(tsk->comm, buf, sizeof(tsk->comm))= ; > > memcpy(buf, s, len); > > > > In this case, there is a race condition between the reader and the > > writer. The reader calculate the length of the string `s` based on the > > calculates > > > old value of task->comm. However, during the memcpy(), the string `s` > > might be updated by the writer to a new value of task->comm. > > > > If the new task->comm is larger than the old one, the `buf` might not b= e > > NUL-terminated. This can lead to undefined behavior and potential > > security vulnerabilities. > > > > Let's fix it by explicitly adding a NUL-terminator. > > memcpy() is not atomic AFAIK, meaning that the new string can be also > shorter and when memcpy() already copied past the new NUL. I would > amend the explanation to include this as well. > > ... > > > + /* During memcpy(), the string might be updated to a ne= w value, > > + * which could be longer than the string when strlen() = is > > + * called. Therefore, we need to add a null termimator. > > /* > * The wrong comment style. Besides that a typo > * in the word 'terminator'. Please, run codespell on your changes. > * Also use the same form: NUL-terminator when you are talking > * about '\0' and not NULL. > */ Thank you for pointing out these errors and for recommending the use of codespell. Will fix them in the next version. --=20 Regards Yafang