From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8196CD4978C for ; Sun, 1 Dec 2024 21:49:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B9A166B0085; Sun, 1 Dec 2024 16:49:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B22C46B0088; Sun, 1 Dec 2024 16:49:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 99C7F6B008A; Sun, 1 Dec 2024 16:49:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 7A8DC6B0085 for ; Sun, 1 Dec 2024 16:49:54 -0500 (EST) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 007DF120A2F for ; Sun, 1 Dec 2024 21:49:53 +0000 (UTC) X-FDA: 82847732562.03.60012B9 Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by imf02.hostedemail.com (Postfix) with ESMTP id 8B92480016 for ; Sun, 1 Dec 2024 21:49:30 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=kernel-dk.20230601.gappssmtp.com header.s=20230601 header.b=3fzoOAic; dmarc=none; spf=pass (imf02.hostedemail.com: domain of axboe@kernel.dk designates 209.85.210.177 as permitted sender) smtp.mailfrom=axboe@kernel.dk ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733089787; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ckF5QGnSsa0BB01QMlPw18K2Y6z5eE1xBtBTmSkmOrU=; b=ZyNkG9nM2kaqt1E4oTBrjyx2TefquOwAAMZ+Muh+no1kLUG9rw9TLll4w5aLgYAUyX9vTR THFJFLRmg9a0kmq/AUCf3SXIOE1JHVv0KTJ6uL1eOeTNwb2H583yYk0Fc0MCr1mdySCH4s jyyz2GC6y/X6MmGZDUQh5MjpCeuCO6E= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733089787; a=rsa-sha256; cv=none; b=YCIqmKEnM/WzJ4Eri0M+/1x2qRo2EdIBd7MulWYu20wZkpGK0A5e8R+RrUu3ktOBPlZdZW yGRKrSanwVCSvzjJwLE1GE47ECRoDTskxxXCU7PCOXbzp62gNM6NW91PdVMXl2ez/63m30 MTTrH7pOOSJ7gCf6gj+koLdyreME+fI= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=kernel-dk.20230601.gappssmtp.com header.s=20230601 header.b=3fzoOAic; dmarc=none; spf=pass (imf02.hostedemail.com: domain of axboe@kernel.dk designates 209.85.210.177 as permitted sender) smtp.mailfrom=axboe@kernel.dk Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-7242f559a9fso3489044b3a.1 for ; Sun, 01 Dec 2024 13:49:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernel-dk.20230601.gappssmtp.com; s=20230601; t=1733089790; x=1733694590; darn=kvack.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=ckF5QGnSsa0BB01QMlPw18K2Y6z5eE1xBtBTmSkmOrU=; b=3fzoOAict0HgEt+CWFswd26jSQkNwsXA7zM0aADQPQrKDkpzJt1uv+WBAEzhs5JFns v+re719xYgzehLDqDj2AJGLmeSEE0KLKQcLsKYyyFHenHpsqEdqJ6IoUtzGNpBOWLgkX aWp53/yT1P+V25MSh8iUhL+3E2l9TCbO7+y6fK9XHPSWQ1JiYgSzNxSSLAHVwaJrwpeT Klc/TTtP4rbLBpIH/q6toMTZ3ROLPQ+HpPWCfP9o+TWoCXnFBvWhM1fDchg7LRmxyxrI biCBUV7/WcscDsuAxWAENEyFVn7Ex/VNj1sobwlh/uZ0trGNdOCpxFJcCQzWWEmsXZ9u PVuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733089790; x=1733694590; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ckF5QGnSsa0BB01QMlPw18K2Y6z5eE1xBtBTmSkmOrU=; b=SYsYLN07q61SiX5v9SiOa//gBMpJpnZdjakG0kw3yYyUJF4XS7xjpAAQNwuAthxT8y SQfRDbZY/NUojCSJ105ZluCZn47tHUA8BSN8HRNbgPmFw4pbnvRnVd+ax4wXuO7LmKeY bSzMqjRzHOTutt+Hxw0WQ+R8BgUdb8lidNk00Udp45NEmJr00mJp5u250iWyJINz7B6r JA9k909ajeAjH8kAHEqJaOqQW4V3pfzge7PXwvAy7iSRvzzRM4JjZjFdy5ydNPw1fiQz HWzjlCuuTB/mKy2pUAeKQ7uyNwMzKHZaZypuyggBZ1GnhGC4sgyLL9FCDlU4KjDtuA3E Ytkw== X-Forwarded-Encrypted: i=1; AJvYcCV3DrB+N0UIbDOKqRY7PPqPea0FYHDxVxrP3aobl2NJDKKEKU4JkzfCIY9+NhSKYq22i9aOW+cmiQ==@kvack.org X-Gm-Message-State: AOJu0YwwQCWOiWyMxPUyEorbmSgQvTJBA6+D/DJDvHycQZpLQvpeb2GT Zu+RzjsifGUdMvUoa4gz7nS8S6FDDONHeQC3AsuhWlBp1+ZBqzgMhHmLtxpy3PU= X-Gm-Gg: ASbGnctXHRD1bW0IujYmcTujHCKimcs7fXSGak/1x6idmIupowx9zCf4FVRIuxBIPyz sUVUujoyDDDknY37bcCkUtmYKNPT/net/0Nl7MZLktMPUejhetbf1rhOIun7SV1FLNLLNRO9YyK 9vcR2uUA5QmEvlEE729TFwuneTqUU4jYj2kbqbLOp0I3FubiyydaryEdE/Qk0RR121LmaGFObCY RjHJj9Bhm0qxbAslkrPuwcKEM49hYkHtpCNHh3wP4FjuB0= X-Google-Smtp-Source: AGHT+IEJ8i/d4RS5aNUgb0ZzcIBRhjMpR8RaWqdw3iTHbi813IFT7He4V5pwrlQ+TjGvCu78jA5zjQ== X-Received: by 2002:a05:6a00:2381:b0:71e:5d1d:1aa2 with SMTP id d2e1a72fcca58-7253000347emr24970119b3a.7.1733089790310; Sun, 01 Dec 2024 13:49:50 -0800 (PST) Received: from [192.168.1.150] ([198.8.77.157]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-725417725e9sm7069306b3a.80.2024.12.01.13.49.48 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 01 Dec 2024 13:49:49 -0800 (PST) Message-ID: Date: Sun, 1 Dec 2024 14:49:47 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] exec: Make sure task->comm is always NUL-terminated To: Kees Cook , Eric Biederman Cc: Linus Torvalds , Alexander Viro , Christian Brauner , Jan Kara , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , Pavel Begunkov , Andrew Morton , Chen Yu , Shuah Khan , =?UTF-8?Q?Micka=C3=ABl_Sala=C3=BCn?= , linux-kernel@vger.kernel.org, io-uring@vger.kernel.org, linux-hardening@vger.kernel.org References: <20241130044909.work.541-kees@kernel.org> Content-Language: en-US From: Jens Axboe In-Reply-To: <20241130044909.work.541-kees@kernel.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Stat-Signature: ncerrb8348tegpgoea5dy3mwohq53nbf X-Rspamd-Queue-Id: 8B92480016 X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1733089770-578764 X-HE-Meta: U2FsdGVkX19IDKVCr+yN04h6sdzNueKBvvLiXjSpzgAy/945mB72Ox9XSUjQtAXIZrBdpiqFqx8HRd7UZN0pukttaF4e0e7J31+fZZZBfgqr25obMBrnLT3G/BQn8wnREVqEW9N+jU+VDYtkWT+evNnU7SlKT41oKG4kS+yNKaGfbmnSmDi5NzFmF9o+qqlczsHY929GHrTrjOfPHyeQWHse2PhQizbjiC9dOz5Di6w9NvYeg49b5kp34VX1YCBBIgtA/B8t7ESFhPzsp18HT5/C8sWy79n6grzF8T+yVanxzf+vNPIY5wT4ZSiHuZuXtra5f6hZIc6Fx0FgXPnkI5V0hN+ZI9DQ479TcZMjBGiOinOwa5zXLihzS21LSJ3KGdPSt/lPD4LwkkU2IZCckVIhT3/4dGpxnT63g7r6KapymStiBiIMDk8uX+XGEJN/QUVvPVVdEOBgmfHM553CIGWgHpiFOal5+IwvUHiQrReX9eobmh2trGfqdH/NMWF/7ZoRD5F/tdH48S6+IPO3goZMxs/gMt9MLwqBlT1wTEGC5bDmgqMqYgCRworSgCMlkLBpvdJGdccWVGCetXrbGxqSUWgLdUCsfNdhrHrs54oOjlXBhbuP+papJAy32wD9uDedYx//ukZRu3CD5+Mop5U5ou5z1ryjYn7TI48SFiHrXo1wfMm06Au7hFqRdFNF+ZM3rZkJJTvJu6YGQFH4aJmOV3+t2PiW5TPIDVJOoCMxGBdFVRmnEaMDZXep9Yx0hIt1s7GP09nFWKJzRgbynvEZQHjrZFfgEZb73TJ9I9JuCNKCqV2ISv6I3/YsQv2gv+bP4+V0VNh5/HIFnE9MHIWsO7h22iY9s6BitsqrVG4g4hP2Zo3R6myS+38DwTLeRtOT0J22xIPwqxLNggwF5m12bmeuDsDMqGQFRY8AKcZHKwihCnfQmkdE8a7B2jQXvQQ7P93F/ZPS/6sUwak 02E8XZsS 7czHnb9Z2+l5vwS+Q8K1QaB1YrUqDYYKg21ZcY2PPK/x+UYJjW0C+U8vIYalReON0P1OR1/xYoBPSmIVCbbH0GeYKWxUfD58Ru1QEr/3hX9ghve3KGBO5AFiVnMTA//teK90TdzB2GnicJDB63A26q41vgAvLRL8l5O1Reg/ly0sxB2s+qpQ7E4VXzNVCBbc8EHaoTXHXTZwOcsYfzYfrx0RwyQoJQ2mC3avrtQjtvGBZE5UVXgebunVJCZ/Aws1nMjbgcQjX+Kx+ulVqbLY20SpES0U++1yCTO8a+ErLmB4JnDknXECy4Rl1xmEMCJW7hZWBAbF4ht+Wyh9nQA6XkM4GfSvhER0MxQsOGfKsLwLckvrr/eyaLuMWRWId3biTxBTMRYcJRK2B1FNvf4IU2CPMC1r1QhyU3GDLH09SZAaaXmTGammHUJcIENxPStg5noJ+ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 11/29/24 9:49 PM, Kees Cook wrote: > Using strscpy() meant that the final character in task->comm may be > non-NUL for a moment before the "string too long" truncation happens. > > Instead of adding a new use of the ambiguous strncpy(), we'd want to > use memtostr_pad() which enforces being able to check at compile time > that sizes are sensible, but this requires being able to see string > buffer lengths. Instead of trying to inline __set_task_comm() (which > needs to call trace and perf functions), just open-code it. But to > make sure we're always safe, add compile-time checking like we already > do for get_task_comm(). In terms of the io_uring changes, both of those looks fine to me. Feel free to bundle it with something else. If you're still changing things, then I do prefer = { }; rather than no space... -- Jens Axboe