From patchwork Tue Dec 5 15:17:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 120686 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5874594qgn; Tue, 5 Dec 2017 07:19:17 -0800 (PST) X-Google-Smtp-Source: AGs4zMZ0qTz4//bEHu/VgfsPWefxdtCb9cbALav4IUQdvu+UYpNIOww3giW7VyY7vvYY7hH5nyS2 X-Received: by 10.84.233.1 with SMTP id j1mr19059895plk.311.1512487157196; Tue, 05 Dec 2017 07:19:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512487157; cv=none; d=google.com; s=arc-20160816; b=gNw0SYEj37hvem+MwKgjjIs8hmAyVpTFfu7S0n9EMo0v0sjUufJZgvaGO1/yQkkRqN 2koZd+CSjrbddeVyAsXdXpVJN+uo00Vu3Cy9nIndHZnH6EvwkXP7ep2/p6G9SLbp+NXk PJs5UBzLzg4mL5ipTT+jZMMY3SlAJr+8te/SDJ4ufielCD4MXeMA9v17dZ3Al8xNrOv9 qqPlGbr5dkdd0GrsjbNOvFGjXtvQ1Q3W4CkLJgfPeN1GpIIRpM8lC8Y8I/PcyVgkGDpm mirQqI/0fFIvIUSDjwRldSE/GWftcZgNyQ0Zx97llGtXo6a1m2IEGv3F4572ELYvxZ3z FwWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=3PHl9T3Yw9ZyMHz1xy+5X8vFqek1JT4C8aJRw9Tfm5o=; b=nkkmINZOhNDvG+EMisKt0gpbKF7gi8ZOrA084dVD08nx1JnapZz/mvDFWXozsKXQj7 GucIYwg2EErGo2Es0F6woIMvUMP3JIGdGucO6GG4ZzFxnL+7JgsVzpoWE43ZdeDxyvBw ekTmdcygb8kJ0iw/QebY1NuNaf+bTyoaMt2Jkqh6SfsAwjpsGsC8wo2Gii3FYNnVV4W6 JQR/b2Y2uZSReeSQ5R/wVZ7e/lw4etEtA4IMSoU+0sHEgovIK7jbxT9EOa4TY+jlqYih 4vHMEH6SEREHZaiyySog0DFki4ty6zdl69H+BHGBW4crkp7wmXctxJHSwuqfznTOQwGs O7OQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s189si216210pgc.225.2017.12.05.07.19.12; Tue, 05 Dec 2017 07:19:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752771AbdLEPTL (ORCPT + 28 others); Tue, 5 Dec 2017 10:19:11 -0500 Received: from mout.kundenserver.de ([212.227.17.13]:58515 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752366AbdLEPTH (ORCPT ); Tue, 5 Dec 2017 10:19:07 -0500 Received: from wuerfel.lan ([149.172.96.106]) by mrelayeu.kundenserver.de (mreue102 [212.227.15.145]) with ESMTPA (Nemesis) id 0MWAdl-1ebvNl2JHV-00XL2y; Tue, 05 Dec 2017 16:17:56 +0100 From: Arnd Bergmann To: Alexander Viro , Ingo Molnar , Peter Zijlstra Cc: Arnd Bergmann , Kees Cook , Serge Hallyn , James Morris , Andrew Morton , Aleksa Sarai , "Eric W. Biederman" , Frederic Weisbecker , Thomas Gleixner , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] exec: avoid gcc-8 warning for get_task_comm Date: Tue, 5 Dec 2017 16:17:02 +0100 Message-Id: <20171205151724.1764896-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:d0DkDNyleifYRQnHewUmcLgYhcAhtcKrSPOaEC4lFXh+PzFvrRI mH+2Jb9uMaGUW9hsM3bqbPwW2cOysAEN0uG2Gk99lk2OKhHE5Eg214GUlnswQE0NrqPEVTp r6OxPo11yZMGQmVDRT2nvtGHGgycoOl3hlY2cTSxTZqw+ezf3UY6rek/b363mdH6g1z+sVm eDj542mF/eK9PQh5fd+tg== X-UI-Out-Filterresults: notjunk:1; V01:K0:X8MnT2+nMcw=:jr2G9BZFSKWIsNVqWBF5pi 2qOIzP0xDZ7QJkxORZgxLWNS+jOZ3Vb5cCb3KwLBBF4+KX14h/ckHcPqqtEVSVUN8/86NNYJq n468MrdY0iLCzzFnZ8ouRIw9Xc5Sk+/a9sf5h2GXvx41mcPD6xSJsJ+gztaqw4IdM5HcZ/i7A FpV1amnPLdqVw6xf9DNasq1Ef1X3J9m/MQMdnUNFnkEEBjPqvl6uXe/ie3obF0PLXGpAr9bqU 8zcY6rMOG0mK3EcS6EMmOUKA/5XK5qmS3TZCZNbRpJ68FV3EsDhnZa8j5l4grFqC0+Ekt6cnZ RdKNFoAWBIikwXEE308Mh9fSpOx2JIxvXUNkd7OGT2bjbwlKy5+YKsUPVAZYiSdh5ruzPRi7L yoTj8J3EPmL3PXJSBMeS2x1nzTCG4ROJSPEvl0YGIkMWn7q8GnBh//uPEvalQJduzawgzS3js hV7zTtB/g6XoHpsN1XegP5pyXw9+6GpImziOhp+M5k15oYOhIAYF1FzQaL/F/rJmY+xCY7r7s LhGetEQpOdMiNGH1Gg67djJDNPD9k0nn7w++DtDNmeLZiweFQEbXzOhd5g0cHg6xBBB1VydDE pV82aeEfMiC/1GyKq3oXVpRNqe4E46edfqBBpxW+DEMc/OlJfOwhrUKKyFSZFe+RNWFwEOj/K kdjBwvsHBTn2OswiI3Sy654lJ5Ot3NswOOybDjYPpbL6iUW2MbZVhmnw7dryG4B1tzPbKa27e 6aYDdm0BDRUKYCukBXujLyglpn8Qa1dXuW+igQ== Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org gcc-8 warns about using strncpy() with the source size as the limit: fs/exec.c:1223:32: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess] This is indeed slightly suspicious, as it protects us from source arguments without NUL-termination, but does not guarantee that the destination is terminated. This keeps the strncpy() to ensure we have properly padded target buffer, but ensures that we use the correct length, by passing the actual length of the destination buffer as well as adding a build-time check to ensure it is exactly TASK_COMM_LEN. There are only 23 callsights which I all reviewed to ensure this is currently the case. We could get away with doing only the check or passing the right length, but it doesn't hurt to do both. Suggested-by: Kees Cook Signed-off-by: Arnd Bergmann --- fs/exec.c | 7 +++---- include/linux/sched.h | 6 +++++- 2 files changed, 8 insertions(+), 5 deletions(-) -- 2.9.0 Acked-by: Kees Cook Acked-by: Ingo Molnar diff --git a/fs/exec.c b/fs/exec.c index 6be2aa0ab26f..156f56acfe8e 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1216,15 +1216,14 @@ static int de_thread(struct task_struct *tsk) return -EAGAIN; } -char *get_task_comm(char *buf, struct task_struct *tsk) +char *__get_task_comm(char *buf, size_t buf_size, struct task_struct *tsk) { - /* buf must be at least sizeof(tsk->comm) in size */ task_lock(tsk); - strncpy(buf, tsk->comm, sizeof(tsk->comm)); + strncpy(buf, tsk->comm, buf_size); task_unlock(tsk); return buf; } -EXPORT_SYMBOL_GPL(get_task_comm); +EXPORT_SYMBOL_GPL(__get_task_comm); /* * These functions flushes out all traces of the currently running executable diff --git a/include/linux/sched.h b/include/linux/sched.h index 21991d668d35..5124ba709830 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1503,7 +1503,11 @@ static inline void set_task_comm(struct task_struct *tsk, const char *from) __set_task_comm(tsk, from, false); } -extern char *get_task_comm(char *to, struct task_struct *tsk); +extern char *__get_task_comm(char *to, size_t len, struct task_struct *tsk); +#define get_task_comm(buf, tsk) ({ \ + BUILD_BUG_ON(sizeof(buf) != TASK_COMM_LEN); \ + __get_task_comm(buf, sizeof(buf), tsk); \ +}) #ifdef CONFIG_SMP void scheduler_ipi(void);