[PATCH 1/6] fs/exec: Drop task_lock() inside __get_task_comm()

Alexei Starovoitov alexei.starovoitov at gmail.com
Mon Jun 10 23:01:33 UTC 2024


On Mon, Jun 10, 2024 at 5:34 AM Eric W. Biederman <ebiederm at xmission.com> wrote:
>
> Alexei Starovoitov <alexei.starovoitov at gmail.com> writes:
>
> > On Sun, Jun 2, 2024 at 10:53 AM Eric W. Biederman <ebiederm at xmission.com> wrote:
> >>
> >> If you are performing lockless reads and depending upon a '\0'
> >> terminator without limiting yourself to the size of the buffer
> >> there needs to be a big fat comment as to how in the world
> >> you are guaranteed that a '\0' inside the buffer will always
> >> be found.
> >
> > I think Yafang can certainly add such a comment next to
> > __[gs]et_task_comm.
> >
> > I prefer to avoid open coding memcpy + mmemset when strscpy_pad works.
>
> Looking through the code in set_task_comm
> strscpy_pad only works when both the source and designation are aligned.
> Otherwise it performs a byte a time copy, and is most definitely
> susceptible to the race I observed.

Byte copy doesn't have an issue either.
Due to padding there is always a zero there.
Worst case in the last byte. So dst buffer will be zero terminated.



More information about the Linux-security-module-archive mailing list