Re: [PATCH] Change task_struct->comm to use RCU.

From: Richard Guy Briggs
Date: Fri Mar 07 2014 - 10:55:38 EST

Next message: David Laight: "RE: [PATCH 2/2] Revert "USBNET: ax88179_178a: enable tso if usb host supports sg dma""
Previous message: Wolfgang Grandegger: "Re: FlexCAN on i.MX28 interrupt flooding retrying send"
In reply to: Tetsuo Handa: "Re: [PATCH] Change task_struct->comm to use RCU."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 14/03/07, Tetsuo Handa wrote:
> Peter Zijlstra wrote:
> > https://lkml.org/lkml/2011/5/17/516

> Thank you for pointing that thread out. I found the following comment in that
> thread.
>
> Linus Torvalds wrote:
> | What folks?
> |
> | I don't think a new lock (or any lock) is at all appropriate.
> |
> | There's just no point. Just guarantee that the last byte is always
> | zero, and you're done.
> |
> | If you just guarantee that, THERE IS NO RACE. The last byte never
> | changes. You may get odd half-way strings, but you've trivially
> | guaranteed that they are C NUL-terminated, with no locking, no memory
> | ordering, no nothing.

> > > Likewise, audit_log_untrustedstring(ab, current->comm) is racy.
> > > If task->comm was "Hello Linux" until audit_string_contains_control() in
> > > audit_log_n_untrustedstring() returns false, and becomes "Penguin" before
> > > memcpy() in audit_log_n_string() is called, memcpy() will emit "Penguin\0nux"
> > > into the audit log, which results in loss of information (e.g. SELinux
> > > context) due to the unexpected '\0' byte.
> >
> > I expect the audit people don't like this? Also, how do audit and the
> > LSM crap things interact? I thought they were both different piles of
> > ignorable goo?
>
> I think the audit people do not like loss of information. Some of LSM modules
> are using audit subsystem for recording security related events. An example is
> shown later.

This is true, however since comm it untrusted because it can be modified
by the user audit doesn't trust it anyways, so who cares?

> > How about you do what you're supposed to do when you want a reliable
> > ->comm and use get_task_comm()?
>
> I always want a reliable ->comm . But get_task_comm() is not for calling from
> vsnprintf(), for somebody might read task's commname from NMI context.
> I tried to use RCU for reading from vsnprintf() but Linus will not accept it.

- RGB

--
Richard Guy Briggs <rbriggs@xxxxxxxxxx>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Laight: "RE: [PATCH 2/2] Revert "USBNET: ax88179_178a: enable tso if usb host supports sg dma""
Previous message: Wolfgang Grandegger: "Re: FlexCAN on i.MX28 interrupt flooding retrying send"
In reply to: Tetsuo Handa: "Re: [PATCH] Change task_struct->comm to use RCU."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]