git.ipfire.org Git - thirdparty/linux.git/commit

author	Kees Cook <kees@kernel.org>
	Sat, 30 Nov 2024 04:06:55 +0000 (20:06 -0800)
committer	Kees Cook <kees@kernel.org>
	Tue, 17 Dec 2024 00:53:00 +0000 (16:53 -0800)
commit	3a3f61ce5e0b4bcf730acc09c1af91012d241f85
tree	fb789240fafc051aeb40f066152bcae0adf2cc14	tree \| snapshot
parent	fa1bdca98d74472dcdb79cb948b54f63b5886c04	commit \| diff

exec: Make sure task->comm is always NUL-terminated

Using strscpy() meant that the final character in task->comm may be
non-NUL for a moment before the "string too long" truncation happens.

Instead of adding a new use of the ambiguous strncpy(), we'd want to
use memtostr_pad() which enforces being able to check at compile time
that sizes are sensible, but this requires being able to see string
buffer lengths. Instead of trying to inline __set_task_comm() (which
needs to call trace and perf functions), just open-code it. But to
make sure we're always safe, add compile-time checking like we already
do for get_task_comm().

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Suggested-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Kees Cook <kees@kernel.org>

fs/exec.c		diff \| blob \| blame \| history
include/linux/sched.h		diff \| blob \| blame \| history
io_uring/io-wq.c		diff \| blob \| blame \| history
io_uring/sqpoll.c		diff \| blob \| blame \| history
kernel/kthread.c		diff \| blob \| blame \| history