[PATCH v2 00/10] Improve the copy of task comm
Yafang Shao
laoar.shao at gmail.com
Thu Jun 13 02:30:34 UTC 2024
Using {memcpy,strncpy,strcpy,kstrdup} to copy the task comm relies on the
length of task comm. Changes in the task comm could result in a destination
string that is overflow. Therefore, we should explicitly ensure the destination
string is always NUL-terminated, regardless of the task comm. This approach
will facilitate future extensions to the task comm.
As suggested by Linus [0], we can identify all relevant code with the
following git grep command:
git grep 'memcpy.*->comm\>'
git grep 'kstrdup.*->comm\>'
git grep 'strncpy.*->comm\>'
git grep 'strcpy.*->comm\>'
PATCH #2~#4: memcpy
PATCH #5: kstrdup
PATCH #6~#8: strncpy
PATCH #9~#10: strcpy
Suggested-by: Linus Torvalds <torvalds at linux-foundation.org>
Link: https://lore.kernel.org/all/CAHk-=wjAmmHUg6vho1KjzQi2=psR30+CogFd4aXrThr2gsiS4g@mail.gmail.com/ [0]
Changes:
v1->v2:
- Add comment for dropping task_lock() in __get_task_comm() (Alexei)
- Drop changes in trace event (Steven)
- Fix comment on task comm (Matus)
v1: https://lore.kernel.org/all/20240602023754.25443-1-laoar.shao@gmail.com/
Yafang Shao (10):
fs/exec: Drop task_lock() inside __get_task_comm()
auditsc: Replace memcpy() with __get_task_comm()
security: Replace memcpy() with __get_task_comm()
bpftool: Ensure task comm is always NUL-terminated
mm/util: Fix possible race condition in kstrdup()
mm/kmemleak: Replace strncpy() with __get_task_comm()
tsacct: Replace strncpy() with __get_task_comm()
tracing: Replace strncpy() with __get_task_comm()
net: Replace strcpy() with __get_task_comm()
drm: Replace strcpy() with __get_task_comm()
drivers/gpu/drm/drm_framebuffer.c | 2 +-
drivers/gpu/drm/i915/i915_gpu_error.c | 2 +-
fs/exec.c | 10 ++++++++--
include/linux/sched.h | 4 ++--
kernel/auditsc.c | 6 +++---
kernel/trace/trace.c | 2 +-
kernel/trace/trace_events_hist.c | 2 +-
kernel/tsacct.c | 2 +-
mm/kmemleak.c | 8 +-------
mm/util.c | 4 +++-
net/ipv6/ndisc.c | 2 +-
security/lsm_audit.c | 4 ++--
security/selinux/selinuxfs.c | 2 +-
tools/bpf/bpftool/pids.c | 2 ++
14 files changed, 28 insertions(+), 24 deletions(-)
--
2.39.1
More information about the Linux-security-module-archive
mailing list