| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202507241634.C0346AC@keescook>
Date: Thu, 24 Jul 2025 16:38:02 -0700
From: Kees Cook <kees@...nel.org>
To: Bhupesh <bhupesh@...lia.com>
Cc: akpm@...ux-foundation.org, kernel-dev@...lia.com,
linux-kernel@...r.kernel.org, bpf@...r.kernel.org,
linux-perf-users@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-mm@...ck.org, oliver.sang@...el.com, lkp@...el.com,
laoar.shao@...il.com, pmladek@...e.com, rostedt@...dmis.org,
mathieu.desnoyers@...icios.com, arnaldo.melo@...il.com,
alexei.starovoitov@...il.com, andrii.nakryiko@...il.com,
mirq-linux@...e.qmqm.pl, peterz@...radead.org, willy@...radead.org,
david@...hat.com, viro@...iv.linux.org.uk, ebiederm@...ssion.com,
brauner@...nel.org, jack@...e.cz, mingo@...hat.com,
juri.lelli@...hat.com, bsegall@...gle.com, mgorman@...e.de,
vschneid@...hat.com, linux-trace-kernel@...r.kernel.org,
torvalds@...ux-foundation.org
Subject: Re: [PATCH v6 3/3] include: Set tsk->comm length to 64 bytes
On Thu, Jul 24, 2025 at 06:06:12PM +0530, Bhupesh wrote:
> Historically due to the 16-byte length of TASK_COMM_LEN, the
> users of 'tsk->comm' are restricted to use a fixed-size target
> buffer also of TASK_COMM_LEN for 'memcpy()' like use-cases.
>
> To fix the same, we now use a 64-byte TASK_COMM_EXT_LEN and
> set the comm element inside 'task_struct' to the same length:
> struct task_struct {
> .....
> char comm[TASK_COMM_EXT_LEN];
> .....
> };
>
> where TASK_COMM_EXT_LEN is 64-bytes.
>
> Now, in order to maintain existing ABI, we ensure that:
>
> - Existing users of 'get_task_comm'/ 'set_task_comm' will get 'tsk->comm'
> truncated to a maximum of 'TASK_COMM_LEN' (16-bytes) to maintain ABI,
> - New / Modified users of 'get_task_comm'/ 'set_task_comm' will get
> 'tsk->comm' supported up to the maximum of 'TASK_COMM_EXT_LEN' (64-bytes).
>
> Note, that the existing users have not been modified to migrate to
> 'TASK_COMM_EXT_LEN', in case they have hard-coded expectations of
> dealing with only a 'TASK_COMM_LEN' long 'tsk->comm'.
>
> Signed-off-by: Bhupesh <bhupesh@...lia.com>
> ---
> include/linux/sched.h | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 8bbd03f1b978..b6abb759292c 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -317,6 +317,7 @@ struct user_event_mm;
> */
> enum {
> TASK_COMM_LEN = 16,
> + TASK_COMM_EXT_LEN = 64,
> };
>
> extern void sched_tick(void);
> @@ -1159,7 +1160,7 @@ struct task_struct {
> * - logic inside set_task_comm() will ensure it is always NUL-terminated and
> * zero-padded
> */
> - char comm[TASK_COMM_LEN];
> + char comm[TASK_COMM_EXT_LEN];
>
> struct nameidata *nameidata;
>
> @@ -1954,7 +1955,7 @@ extern void kick_process(struct task_struct *tsk);
>
> extern void __set_task_comm(struct task_struct *tsk, const char *from, bool exec);
> #define set_task_comm(tsk, from) ({ \
> - BUILD_BUG_ON(sizeof(from) != TASK_COMM_LEN); \
> + BUILD_BUG_ON(sizeof(from) < TASK_COMM_LEN); \
> __set_task_comm(tsk, from, false); \
> })
>
> @@ -1974,6 +1975,10 @@ extern void __set_task_comm(struct task_struct *tsk, const char *from, bool exec
> #define get_task_comm(buf, tsk) ({ \
> BUILD_BUG_ON(sizeof(buf) < TASK_COMM_LEN); \
> strscpy_pad(buf, (tsk)->comm); \
> + if ((sizeof(buf)) == TASK_COMM_LEN) \
> + buf[TASK_COMM_LEN - 1] = '\0'; \
> + else \
> + buf[TASK_COMM_EXT_LEN - 1] = '\0'; \
strscpy_pad() will already make sure buf is NUL-terminated, so I don't
see why there is a need for explicit final byte termination? (And even
if we do need it, then it should just be buf[sizeof(buf) - 1] otherwise
using a buf that is < TASK_COMM_EXT_LEN but > TASK_COMM_LEN will have
a spurious NUL byte write beyond its buffer.)
--
Kees Cook
Powered by blists - more mailing lists