From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28C21C7114C for ; Thu, 29 Aug 2024 00:25:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A8E516B009E; Wed, 28 Aug 2024 20:25:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A155C6B00B3; Wed, 28 Aug 2024 20:25:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 88F4C6B00CF; Wed, 28 Aug 2024 20:25:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 660F56B009E for ; Wed, 28 Aug 2024 20:25:15 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id CBBFA140860 for ; Thu, 29 Aug 2024 00:25:14 +0000 (UTC) X-FDA: 82503388548.10.E7877A4 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf14.hostedemail.com (Postfix) with ESMTP id 83B81100002 for ; Thu, 29 Aug 2024 00:25:12 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B4lHRAJg; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of alx@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1724891048; a=rsa-sha256; cv=none; b=2aeYefPFu8AQarXU1Y/SG04C2jk8f640D4s8LXrTms5GahM8vZzaz+hvcbx1oYNWB9cKuI jKGfA+a58epyvvY6ENBki7goUFmATRy9w6kNLtyxWTbsj3rrRpjemFgGvRX7VXvaXPJBqd 6Dl4UqFqsmtgA8HgCORiwD01iDoN80E= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=B4lHRAJg; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf14.hostedemail.com: domain of alx@kernel.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=alx@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1724891048; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aG71LyY73j5ijS5z5ob16s7WYm7uL/H0CKBS+0rMsFY=; b=5UY8EOlntcz4e0OzZ2LEusIzAn40MrVgtympXHS2a20+ls2ApqYrd0WyIRwwuZH+mQS4sS hM0J6rEOweqxGECNJRMxD+d+486MaDiL3gmLxBU1rMEfjHZwetB2AbOv5pMRMq/mh7aZL0 w4XgugTudoSOpBP9/EKrQc0v1BolSq4= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 0A9D4CE19B0; Thu, 29 Aug 2024 00:25:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9C767C4CEC0; Thu, 29 Aug 2024 00:25:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1724891107; bh=nCM8XvqCff53EEr64RnHMSHTUq4K5/SJ/d7fShpXRWA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=B4lHRAJg6X7XqkRKlrJ+YCiTKqMVqdBCKwXygNvBCntYpT5Vq6fZbbC+Nl0QovgDE BFcwORztl1ocSysdnEElSTbXDVJQ9CxTFxF+BSpUYXYJtMKiShrT5IEZ1V38H8RA6N Hf/pEQMJVXY5VRKwDto8lQoZMKdmlkI5keOQcIeRZZGqi8FY16e8TvC2FYJQmAJuYW yf/9525rDiO7baZJw4ny+zdrGylPp6H1khY2PrsBSc200YRIlkH5k14t2QGtrQI5BA HkIXGqgoBXNSYKoma2iEL73nWmWUkWMtVdW2JxHb5ffcxRp0a7mDeklktF8oiSQ0S3 MQmp6Wq+CgrJQ== Date: Thu, 29 Aug 2024 02:25:00 +0200 From: Alejandro Colomar To: Kees Cook Cc: Yafang Shao , akpm@linux-foundation.org, torvalds@linux-foundation.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Alexander Viro , Christian Brauner , Jan Kara , Matus Jokay , "Serge E. Hallyn" Subject: Re: [PATCH v8 1/8] Get rid of __get_task_comm() Message-ID: References: <20240828030321.20688-1-laoar.shao@gmail.com> <20240828030321.20688-2-laoar.shao@gmail.com> <7839453E-CA06-430A-A198-92EB906F94D9@kernel.org> <202408281712.F78440FF@keescook> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="o6w5uwkuyqtfps7p" Content-Disposition: inline In-Reply-To: <202408281712.F78440FF@keescook> X-Rspamd-Queue-Id: 83B81100002 X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: oehhkh8cbbqohmj9mbuubusxjmxkpnrx X-HE-Tag: 1724891112-139828 X-HE-Meta: U2FsdGVkX1/xr/hjretkn0ZFvBpP/CsuaL5g5ZOXB8u3vSt8WiW+Gjl7KCSUoF3vbw/1GYD7GOnfEu+rUb2vDlUxsRXvcc2qwXPoTbUeiKcXKOnnAb/JAxINFdHkwzWmNWRP/1zRr3SdvmUND5+f1m2Nnqz09vmvW9mEmUJr8pvqacoPV6ImRfnl6aLN+Nct3+72vN5+B5WAYketMfu/xxtYFhRqz0XuZrBmYhiP/Ud1JG7vC+MZLGsJqd/5DGh/Q4oXZL1VUlGbvVhzkEPKhaEIx4xE6/bcLcq6eVUFcYnGGYkdwQSfxuWsuGWFWNO0E7FNyJ5qsMHbyn27RlpsR2lZJDC74II93eKoWImJcAvzClDsg55KudzM9TRzY+NobsitRK9FlrMOK30ZNAk4cJw1ivLrkuAxQUwYuuJbP+G/SCrknMMjhpW7l0nMh2xDMRH82h91MZxD6bQnJCNiczH1RgvEZKj08KnUxa/PuC96/7ccgOgO3atz4AP7Pyx/1Pmoee0TzUgqBK0az8oa0klLdOWw0AJtSPibOJfzeUguChW9cEsthHVZczGYp2klVF/VcvgrmYiuL2FVcXUJLdn/9kO2RfLG9LFM1DZ3PcyHtF0g++kZ30jCUXb9HoNPZO9XldZsn8aAOiDfKHDeTiKsyhqIAJdplMRXeG0MznOrrJqykbY5wEcBn2Gf0OexxV3TNjcyYJflaKrm9yxWrYOtIDLKIxBCf7xQz5jzyZsnzqUbPXxvMDqh+W/rjHcMNsEoWk46vYBuYpCZQ8wVTe79UYib1thl4+33lpQQzDlPlQdINQCvvVM0wQZl6fa42idT/lZ7K/eoONZnwyUDAfNpnyst5K9tm1Y/rU5P+gfFVhnhEHoC9S+wzWI/33zwq79rKnP6dqVV+So5dX3Psty/o7VoWlVCglDOsAxc905eVW0CCh/18rn2zyOe1KYKGmMLl681Xy7BitSp1M+ D2J+h+Wt VIe5tY2np7DOz+V4e6VbVUelg7+CN48PA5vcoGZv3tGPAWRhx4mrEkdvfxTBJ1NXqmh8W87RwRCHN7vvSMoxX1TGwbgRScyRunsnyhWrXwIrhhcoFDQawHZQ5KRlpY8sVw067kyQ5UygKLM8dkwYk2Xll6Yo5YFca0dXyOyjIynifSTpXZfV88UnoW09bCQgWc1s7kmYhy3DGgeEzmFZstbk6XGW029HjAGOqYrb24KeoAX5m45yg35Dlu4KIKiOofSwH30msCt8D0b9gNOirv3CCpqrEyqgsH4Rqk/paRI7mzzUFiQqT3IqXWtl5oI8Lu9vvwZZiiVLoxPo7KOXL+6vb2A50cZogq8lSB1DrpjaNM9x5HOOwCM1dJAhTy4/+cuNTVZqljuBbJdfmq9P1Ntz78OUCnb+9WrHd2hMehCxAcnaErS1eJM/LIR+JUEQrCOJBSwNHGH23U5XzHiHC7vhraNSY7B+wId5/e3xrE5r14hOEkjsYpnZZyiJNUvZKE8cbCXDIYiF069+Jm6nXqKlRQ39aMVq/l38COTByUA12E3KG1DXVYnGCxaNMbsekDb4kKblFUvyA7qM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: --o6w5uwkuyqtfps7p Content-Type: text/plain; protected-headers=v1; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable From: Alejandro Colomar To: Kees Cook Cc: Yafang Shao , akpm@linux-foundation.org, torvalds@linux-foundation.org, justinstitt@google.com, ebiederm@xmission.com, alexei.starovoitov@gmail.com, rostedt@goodmis.org, catalin.marinas@arm.com, penguin-kernel@i-love.sakura.ne.jp, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, bpf@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, Alexander Viro , Christian Brauner , Jan Kara , Matus Jokay , "Serge E. Hallyn" Subject: Re: [PATCH v8 1/8] Get rid of __get_task_comm() References: <20240828030321.20688-1-laoar.shao@gmail.com> <20240828030321.20688-2-laoar.shao@gmail.com> <7839453E-CA06-430A-A198-92EB906F94D9@kernel.org> <202408281712.F78440FF@keescook> MIME-Version: 1.0 In-Reply-To: <202408281712.F78440FF@keescook> Hi Kees, On Wed, Aug 28, 2024 at 05:17:55PM GMT, Kees Cook wrote: > On Wed, Aug 28, 2024 at 05:09:08PM +0200, Alejandro Colomar wrote: > > Hi Kees, > >=20 > > On Wed, Aug 28, 2024 at 06:48:39AM GMT, Kees Cook wrote: > >=20 > > [...] > >=20 > > > >Thank you for your suggestion. How does the following commit log look > > > >to you? Does it meet your expectations? > > > > > > > > string: Use ARRAY_SIZE() in strscpy() > > > > > > > > We can use ARRAY_SIZE() instead to clarify that they are regular= characters. > > > > > > > > Co-developed-by: Alejandro Colomar > > > > Signed-off-by: Alejandro Colomar > > > > Signed-off-by: Yafang Shao > > > > > > > >diff --git a/arch/um/include/shared/user.h b/arch/um/include/shared/= user.h > > > >index bbab79c0c074..07216996e3a9 100644 > > > >--- a/arch/um/include/shared/user.h > > > >+++ b/arch/um/include/shared/user.h > > > >@@ -14,7 +14,7 @@ > > > > * copying too much infrastructure for my taste, so userspace files > > > > * get less checking than kernel files. > > > > */ > > > >-#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) > > > >+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + __must_be_array= (x)) > > > > > > > > /* This is to get size_t and NULL */ > > > > #ifndef __UM_HOST__ > > > >@@ -60,7 +60,7 @@ static inline void print_hex_dump(const char *leve= l, > > > >const char *prefix_str, > > > > extern int in_aton(char *str); > > > > extern size_t strlcat(char *, const char *, size_t); > > > > extern size_t sized_strscpy(char *, const char *, size_t); > > > >-#define strscpy(dst, src) sized_strscpy(dst, src, sizeof(dst)) > > > >+#define strscpy(dst, src) sized_strscpy(dst, src, ARRAY_SIZE(d= st)) > > >=20 > > > Uh, but why? strscpy() copies bytes, not array elements. Using sizeof= () is already correct and using ARRAY_SIZE() could lead to unexpectedly sma= ll counts (in admittedly odd situations). > > >=20 > > > What is the problem you're trying to solve here? > >=20 > > I suggested that here: > > > >=20 > > There, you'll find the rationale (and also for avoiding the _pad calls > > where not necessary --I ignore if it's necessary here--). >=20 > Right, so we only use byte strings for strscpy(), so sizeof() is > sufficient. There's no technical need to switch to ARRAY_SIZE(), and I'd > like to minimize any changes to such core APIs without a good reason. Makes sense. My original proposal was ignoring that the wrapper was already using __must_be_array(). Having already sizeof() + __must_be_array(), I'd leave it like that, since both do effectively the same. > And for the _pad change, we are also doing strncpy() replacement via > case-by-case analysis, but with a common function like get_task_comm(), > I don't want to change the behavior without a complete audit of the > padding needs of every caller. Agree. I had the same problem with shadow. Removing padding was the worst part, because it was hard to justify that nothing was relying on the padding. > Since that's rather a lot for this series, > I'd rather we just leave the existing behavior as-is, and if padding > removal is wanted after that, we can do it on a case-by-case basis then. >=20 > -Kees Have a lovely night! Alex >=20 > --=20 > Kees Cook --=20 --o6w5uwkuyqtfps7p Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmbPv9wACgkQnowa+77/ 2zLmfhAAqsMngDf8es0F6qRd7cwzD5RwLYJ8tk1KfFfVJjLJN6kb3mV29YiA0pl7 LsZlkqQ/rmDcqE2Ex9UoiAlIrJw154+Dg63MqkrOYnXf3vDpMopi4jtGlBSG3cJn Jm9toPA7lNWwiDe6q19RzLraVFl4+t2ik2wUWtC+SYxBN/vFkU0CRQqwbSg78DMJ S3ZIJfLKdkkSeSV9wbddJTwtolje98WEKLtGxbnc7urnmtlvIFqcYACYe9MGVeqf kuq//H0SGfCjVEpzizecG93wlp5B2q1Q1sulb1l7mj5rfgaaNE/NilFGv7y/+GwY zEyhm6rEjbWZjsh1PxuofuN4ftlJyqlpioondQryrcE370W1Ugfcac6oP5t8ornD pdjU1JgIVwY+3Nug3vBKggFwOuy3aQOYP2s6E06KnDEP7GYY1xpzVE6WRbPPzO/T FNisBNfvY1FE9M09QiaSkbbePpvTbvYK3RSR7goiKWRMj7gB5NyTuimpZX4Z3Hxa y190DotOM8xuALV0EQnx/2quq2+GgT0+N2Et4UdB0U9ENq0X8hAcYYtF1MGnOsCj cn3A+JU5VJjLEkFyLF9g9j2dimru4mnxyT7IKtO0NqPjEb7R7TLQPWA1yqwt0Sfm pf5ipWUVNTfZ/CEKirXNhGKFwGyva449J3Pu8od1GEbyS8yEj7Q= =UqVz -----END PGP SIGNATURE----- --o6w5uwkuyqtfps7p--