Re: [PATCH] proc: fix comm_write return value when truncated or error

Next message: Thorsten Leemhuis: "Regression fyi: pci usb3 card in 32bit P4 s478 stopped working"
Previous message: Johan Hovold: "[PATCH] staging: vme_user: fix root device leak on init failure"
Next in thread: Alexey Dobriyan: "Re: [PATCH] proc: fix comm_write return value when truncated or error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton

Date: Fri Apr 24 2026 - 06:50:43 EST

On Fri, 24 Apr 2026 04:06:21 +0800 "Shengzhuo Wei" <me@xxxxxxxx> wrote:

> When count exceeds TASK_COMM_LEN-1, comm_write() copies at most
> TASK_COMM_LEN-1 bytes but returns the original count. This violates
> write(2) semantics, which require returning the number of bytes
> actually written.
>
> The count parameter is size_t and should not be repurposed to carry a
> negative error code on the same_thread_group() failure path.
>
> Introduce a local len for the truncated length and a separate ssize_t
> ret for the return value.

Looks right to me.

> Fixes: 4614a696bd1c ("procfs: allow threads to rename siblings via /proc/pid/tasks/tid/comm")

December 2009.

Hopefully no userspace is depending on the broken return value of a
write to /proc/pid/comm.

Arguably we should leave the code as-is and add an apologetic comment
explaining the situation.