]> www.infradead.org Git - users/dwmw2/linux.git/commitdiff
projects / users / dwmw2 / linux.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 0eb4aaa 55cf2f4)
Merge tag 'execve-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees...
authorLinus Torvalds <torvalds@linux-foundation.org>
Mon, 20 Jan 2025 21:27:58 +0000 (13:27 -0800)
committerLinus Torvalds <torvalds@linux-foundation.org>
Mon, 20 Jan 2025 21:27:58 +0000 (13:27 -0800)
Pull execve updates from Kees Cook:

 - fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case (Tycho
   Andersen, Kees Cook)

 - binfmt_misc: Fix comment typos (Christophe JAILLET)

 - move empty argv[0] warning closer to actual logic (Nir Lichtman)

 - remove legacy custom binfmt modules autoloading (Nir Lichtman)

 - Make sure set_task_comm() always NUL-terminates

 - binfmt_flat: Fix integer overflow bug on 32 bit systems (Dan
   Carpenter)

 - coredump: Do not lock when copying "comm"

 - MAINTAINERS: add auxvec.h and set myself as maintainer

* tag 'execve-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  binfmt_flat: Fix integer overflow bug on 32 bit systems
  selftests/exec: add a test for execveat()'s comm
  exec: fix up /proc/pid/comm in the execveat(AT_EMPTY_PATH) case
  exec: Make sure task->comm is always NUL-terminated
  exec: remove legacy custom binfmt modules autoloading
  exec: move warning of null argv to be next to the relevant code
  fs: binfmt: Fix a typo
  MAINTAINERS: exec: Mark Kees as maintainer
  MAINTAINERS: exec: Add auxvec.h UAPI
  coredump: Do not lock during 'comm' reporting

1  2 
MAINTAINERS patch | diff1 | diff2 | blob | history
fs/binfmt_misc.c patch | diff1 | diff2 | blob | history
fs/exec.c patch | diff1 | diff2 | blob | history
include/linux/sched.h patch | diff1 | diff2 | blob | history
io_uring/sqpoll.c patch | diff1 | diff2 | blob | history
kernel/kthread.c patch | diff1 | diff2 | blob | history

diff --cc MAINTAINERS
Simple merge
diff --cc fs/binfmt_misc.c
Simple merge
diff --cc fs/exec.c
index 98cb7ba9983c7f55017e01a2d53185ef35d87c7c,1843366be6ffd8f40b7fcbadf840e672aeaa8e12..2f0acef8908e56f308d88dfa4c02daf976b7b99a
--- 1/fs/exec.c
--- 2/fs/exec.c
+++ b/fs/exec.c
@@@ -1193,17 -1189,27 +1193,17 @@@ static int unshare_sighand(struct task_
        return 0;
  }
  
 -char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk)
 -{
 -      task_lock(tsk);
 -      /* Always NUL terminated and zero-padded */
 -      strscpy_pad(buf, tsk->comm, buf_size);
 -      task_unlock(tsk);
 -      return buf;
 -}
 -EXPORT_SYMBOL_GPL(__get_task_comm);
 -
  /*
-  * These functions flushes out all traces of the currently running executable
-  * so that a new one can be started
+  * This is unlocked -- the string will always be NUL-terminated, but
+  * may show overlapping contents if racing concurrent reads.
   */
  void __set_task_comm(struct task_struct *tsk, const char *buf, bool exec)
  {
-       task_lock(tsk);
+       size_t len = min(strlen(buf), sizeof(tsk->comm) - 1);
        trace_task_rename(tsk, buf);
-       strscpy_pad(tsk->comm, buf, sizeof(tsk->comm));
-       task_unlock(tsk);
+       memcpy(tsk->comm, buf, len);
+       memset(&tsk->comm[len], 0, sizeof(tsk->comm) - len);
        perf_event_comm(tsk, exec);
  }
  
diff --cc include/linux/sched.h
index 64934e0830af3446390dfecca11a99f341202993,ac9f429ddc178ee156062005ef847fffdf3714ae..3c7eb16ab1d52bc70c39a39946c4e5e1919949d2
--- 1/include/linux/sched.h
--- 2/include/linux/sched.h
+++ b/include/linux/sched.h
@@@ -1944,29 -1932,15 +1944,28 @@@ static inline void kick_process(struct 
  #endif
  
  extern void __set_task_comm(struct task_struct *tsk, const char *from, bool exec);
- static inline void set_task_comm(struct task_struct *tsk, const char *from)
- {
-       __set_task_comm(tsk, from, false);
- }
+ #define set_task_comm(tsk, from) ({                   \
+       BUILD_BUG_ON(sizeof(from) != TASK_COMM_LEN);    \
+       __set_task_comm(tsk, from, false);              \
+ })
  
 -extern char *__get_task_comm(char *to, size_t len, struct task_struct *tsk);
 +/*
 + * - Why not use task_lock()?
 + *   User space can randomly change their names anyway, so locking for readers
 + *   doesn't make sense. For writers, locking is probably necessary, as a race
 + *   condition could lead to long-term mixed results.
 + *   The strscpy_pad() in __set_task_comm() can ensure that the task comm is
 + *   always NUL-terminated and zero-padded. Therefore the race condition between
 + *   reader and writer is not an issue.
 + *
 + * - BUILD_BUG_ON() can help prevent the buf from being truncated.
 + *   Since the callers don't perform any return value checks, this safeguard is
 + *   necessary.
 + */
  #define get_task_comm(buf, tsk) ({                    \
 -      BUILD_BUG_ON(sizeof(buf) != TASK_COMM_LEN);     \
 -      __get_task_comm(buf, sizeof(buf), tsk);         \
 +      BUILD_BUG_ON(sizeof(buf) < TASK_COMM_LEN);      \
 +      strscpy_pad(buf, (tsk)->comm);                  \
 +      buf;                                            \
  })
  
  #ifdef CONFIG_SMP
diff --cc io_uring/sqpoll.c
Simple merge
diff --cc kernel/kthread.c
Simple merge
Unnamed repository; edit this file 'description' to name the repository.