From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C6251C27C6E for ; Fri, 14 Jun 2024 02:44:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7C2106B00CF; Thu, 13 Jun 2024 22:42:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 772006B00D0; Thu, 13 Jun 2024 22:42:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 612726B00D1; Thu, 13 Jun 2024 22:42:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 4216D6B00CF for ; Thu, 13 Jun 2024 22:42:15 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id D84DC1203DB for ; Fri, 14 Jun 2024 02:42:14 +0000 (UTC) X-FDA: 82227944988.14.CCD3CB2 Received: from mail-qv1-f45.google.com (mail-qv1-f45.google.com [209.85.219.45]) by imf10.hostedemail.com (Postfix) with ESMTP id 26FB2C0003 for ; Fri, 14 Jun 2024 02:42:13 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=iaReWKZW; spf=pass (imf10.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.219.45 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1718332931; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bkn1Dqg/KvSsIEf4PMDdbgaHl7N3wpCE5dnCq2yPOs0=; b=GV0xDZXazfjwzBRahvjpotbZIkRuH98VYo6lbQMv3WJy5sFU8m5dS8U2fH5og6vRZCVqWD kLpWc38FCTZJrN8jDyrpB0Hg0/hMBa6Jwmg1HHOIYkimi6PRjNlmw2U0wlETFOtGvq5GNr hD6BCt3K0cmxwsyAd24VQO8NzdZEPKs= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1718332931; a=rsa-sha256; cv=none; b=7W+51QkCGIh3wB9RYv5mHUiZfJIPyHAN3UW/bxFQ5o9b7IPYpdUY/Qk+bXuEaNzQ/F9hiA ItZ+0LJGwwtDarar7ueJeI9WosbaL00qOPj6QlntMkPTNS8CZ5Vsak369PMQ9jWwQ6bMb+ FrJABO33nA5FwvKmjSTWhIBHXxrk+6s= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=iaReWKZW; spf=pass (imf10.hostedemail.com: domain of laoar.shao@gmail.com designates 209.85.219.45 as permitted sender) smtp.mailfrom=laoar.shao@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-qv1-f45.google.com with SMTP id 6a1803df08f44-6b06e63d288so9005066d6.0 for ; Thu, 13 Jun 2024 19:42:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718332932; x=1718937732; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=bkn1Dqg/KvSsIEf4PMDdbgaHl7N3wpCE5dnCq2yPOs0=; b=iaReWKZWRCNz3fpNtZuaq00mflZPl5zRVWVi7IC4+GGH/DKRKe9ADqKDENaVcQG6bm +miJB6oOL995CRvB9nzF+Y4i0ytRH2VSJhqb/y67eIoXM9NfIqIeJI3pNo9XFny7zCU/ 47Otd0lccif1NwECZhtpy00s99F66hbyBnLkrBxJMam1uXxocRpSNRSeUHfZE6M3eJwC PdHTjv5oFDfgSX9ma89BrYWsdfxAONnw1sO0bRfvkxxH7XsArzkXU1/XPcpFZp0292kn Dox38Arz6htt51/5jddu+TLIjTFN7ofIu8a3UdQnJGHJzuiXMtK1+qdDde4VJmO1oa7I EhZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718332932; x=1718937732; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bkn1Dqg/KvSsIEf4PMDdbgaHl7N3wpCE5dnCq2yPOs0=; b=RR0zkS5MXd7oWOvJlLCVvQQvygWscbWZ87uESrkZdW0TucTxf8zjTpnh0AMWWZH6R2 mD8GSkT6Sgd9yBtQl6uI6x/nmee8NqecW9CI9rPbh5eROWeuAZxPM2zzavsVy7q6Suwy eRqjCm4PbWaiF3rH+WWzMYPf1Sv770zMbxy9tm30qseud8VrpavDE8VFtVKWJ2YSbdcu u3+MZkIlNaBkxa409K5041BHYa7Vu0ZLfSJQKyRD1x3BKnI6D6xH45mlEgHfPxH4BW1o qXwr+CZJ/B+h02xiuSibBeherBh7CeRVpMOtVDLwYelFh++v0EvWq5PI73/s8ktUnBxw Lurg== X-Forwarded-Encrypted: i=1; AJvYcCXRJMj0g5gaeEkO3JyeXhjHoKxgXAcgbJRb6wgpUthHHS7K+H3Ss/czlyEQeAP4LxJT4hy7C/wYHw+ouKDAAtJ3zew= X-Gm-Message-State: AOJu0YzAuSbqIoA9YUeh3a+wdS2VbIA/b1wF428L61hYNdpf3tZGEmXG 6Swt/DFznINsbR8kNXzRomRLHA1TzfYO4LfFN48Y1z1R6erbXh0fqgrWw5NSNXjeHsOqS+3mt0E lTfQsFYXOBJwYX56Dd+koFqL0vuY= X-Google-Smtp-Source: AGHT+IH2yJkDatqeZR2Ou1juwPDu1s/BD6Hx184YCW7utolqXQ5u8htp4butw/HzKwBNPXerjjKUWiJm/DxherGGPpI= X-Received: by 2002:a0c:c581:0:b0:6b0:8ff6:7565 with SMTP id 6a1803df08f44-6b2afd6e8a0mr14215336d6.49.1718332932181; Thu, 13 Jun 2024 19:42:12 -0700 (PDT) MIME-Version: 1.0 References: <20240613023044.45873-1-laoar.shao@gmail.com> <20240613023044.45873-6-laoar.shao@gmail.com> <20240613141435.fad09579c934dbb79a3086cc@linux-foundation.org> In-Reply-To: From: Yafang Shao Date: Fri, 14 Jun 2024 10:41:34 +0800 Message-ID: Subject: Re: [PATCH v2 05/10] mm/util: Fix possible race condition in kstrdup() To: Linus Torvalds Cc: Andrew Morton , ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 26FB2C0003 X-Stat-Signature: uhe76i13udqgw4js7krp4pcg8pzhnprc X-Rspamd-Server: rspam09 X-Rspam-User: X-HE-Tag: 1718332932-266241 X-HE-Meta: U2FsdGVkX18mf+LP1klbHw/BwMrN7DI+eYrZfnYYoaJC0gfViux0BxiVXUc0zlhtbbQ0Nsr+78l6j8WoRchel7IlFm5VwrdxsFk+ezfvxBsMhHh//pXjUolSycLd5Gzqo7C271TtIMeGO8nMTGGzzvRXYQKYoe7QJc/YBeTwg90e13U5h0Xde0/yU43Il724mzIcgiwIkZeJMjH808X7f5R2OMa0ks7pm2R57jEZL3BNa97M26xajChMri46QlbymGQPOsXFHXj+vKQ+8RExJupHJCLQb2PkaJDng721eUeVIrFt9OOeq6JUanJ6fX3zN/W1IDocbCZT9Nhz8vvHgVfenbwovLeQbAe7F3gDnWASZOkkcEGfPsX5c8YEeUm6hh0ULqPT28M6GsZ7/edy3W3qyuTLVCBpg/68TgOPf++gZ2yZWUpP+FTpHdoaUrhcW/o0ED3SZiGYQSZL4Eqkxf9Vf6QemdqPlaIWw3BAU05Il5WLIFQFKZEU3L3CoYv83WXCQDX9kXgwMuvWCUR/KjrZTmGZrT+c+BEtM7a86XFiV1Jbg58JyIAEiIySVmCRfhunNLFzb51hO6W5Rc1FZJT6bq+Rl9QOwWhMsdARIqYCKqvfiV4T/5MzHRqRxF7/NU7Jh0NWTRuqw1x7XrABHCKS+eKWwU1TEEYk69xIKm7E/o6ht4RODUmS9/MI4yHat5pIdmIECOycBVyMYyT0iwd+L9qf1nOKBtpafX1NvSxfhlVYGq6wyuNRmG8Nbo1SJXkAnY79iAbI9TriaoKLctuH5DSd0/aFrtr5Y2DXplWZRE1U+2HHtqTGjC5piXSwdGMf6EqGBo4AKeLbaYmjWHWK5ViRtsdxPV0QvJR+cBZQ2rhDlmiZClZJt/wR8+zhnrEeq9UdUgZ+7u3V1SQ21Pxbn6wTeTAIFLYEIAvroSCqlRjPUghFD3/PUeShKU9jtaFJZXLHOV8e7cnJqYA /9qDMSO4 pu2kNZCkJd1bOs4fE+bo6ancrgzkTMPOYBJ05Ayo50AdFOIgT2m7QJ8g21ZftE2rkoYzDFPpROmEgyb6tbnUTlTTqJ0qSGUbF0vJ8sl3GI+w5MP4j7MQVqdK+nlJKALPccwodCut0lC8yfsknp/2ErhFRbrsNjMZysszWEAMckfuZXtmZ6OncP1jasxwUXAM9gbAkp8Ny8L63joRnP6Xzi1hnNlbbkTXILuLjspE6/KWEYqD0ZzdY4RsiQggQ1AxFgl3nZoulPrfzSbBjpob1KeTWoziY0CmVwuQv/vUZ/rryiR9AMltppz6q3ykr8UdZOPVWtyv8zvNHLum3fVlJ+/0h8LRIsW8hgi0Zz5Grt02XqVqLqiD+JrHf95Qd5gwSJbfrDDqbhy/6SpzQI2Q2km7HEmdZXweGYIehrpde6VmzKWV+BzV0TfGZ7c3J8+Y2ayj5jcF5EbUxpUY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000004, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Jun 14, 2024 at 6:18=E2=80=AFAM Linus Torvalds wrote: > > On Thu, 13 Jun 2024 at 14:14, Andrew Morton w= rote: > > > > The concept sounds a little strange. If some code takes a copy of a > > string while some other code is altering it, yes, the result will be a > > mess. This is why get_task_comm() exists, and why it uses locking. > > The thing is, get_task_comm() is terminally broken. > > Nobody sane uses it, and sometimes it's literally _because_ it uses locki= ng. > > Let's look at the numbers: > > - 39 uses of get_task_comm() > > - 2 uses of __get_task_comm() because the locking doesn't work > > - 447 uses of raw "current->comm" > > - 112 uses of raw 'ta*sk->comm' (and possibly > > IOW, we need to just accept the fact that nobody actually wants to use > "get_task_comm()". It's a broken interface. It's inconvenient, and the > locking makes it worse. > > Now, I'm not convinced that kstrdup() is what anybody should use > should, but of the 600 "raw" uses of ->comm, four of them do seem to > be kstrdup. > > Not great, I think they could be removed, but they are examples of > people doing this. And I think it *would* be good to have the > guarantee that yes, the kstrdup() result is always a proper string, > even if it's used for unstable sources. Who knows what other unstable > sources exist? > > I do suspect that most of the raw uses of 'xyz->comm' is for > printouts. And I think we would be better with a '%pTSK' vsnprintf() > format thing for that. I will implement this change in the next step if no one else handles it. > > Sadly, I don't think coccinelle can do the kinds of transforms that > involve printf format strings. Yes, we need to carefully check them one by one. > > And no, a printk() string still couldn't use the locking version. > > Linus --=20 Regards Yafang