Re: [PATCH] proc: fix comm_write return value when truncated or error

Next message: Mario Limonciello: "Re: [PATCH V1 2/3] accel/amdxdna: Add configuring low and medium power mode"
Previous message: Andrew Morton: "Re: [PATCH v5 0/4] mm/memory-failure: add panic option for unrecoverable pages"
In reply to: Andrew Morton: "Re: [PATCH] proc: fix comm_write return value when truncated or error"
Next in thread: Shengzhuo Wei: "Re: [PATCH] proc: fix comm_write return value when truncated or error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexey Dobriyan

Date: Fri Apr 24 2026 - 09:28:56 EST

On Fri, Apr 24, 2026 at 03:50:28AM -0700, Andrew Morton wrote:
> On Fri, 24 Apr 2026 04:06:21 +0800 "Shengzhuo Wei" <me@xxxxxxxx> wrote:
>
> > When count exceeds TASK_COMM_LEN-1, comm_write() copies at most
> > TASK_COMM_LEN-1 bytes but returns the original count. This violates
> > write(2) semantics, which require returning the number of bytes
> > actually written.
> >
> > The count parameter is size_t and should not be repurposed to carry a
> > negative error code on the same_thread_group() failure path.
> >
> > Introduce a local len for the truncated length and a separate ssize_t
> > ret for the return value.
>
> Looks right to me.

> > Fixes: 4614a696bd1c ("procfs: allow threads to rename siblings via /proc/pid/tasks/tid/comm")
>
> December 2009.
>
> Hopefully no userspace is depending on the broken return value of a
> write to /proc/pid/comm.
>
> Arguably we should leave the code as-is and add an apologetic comment
> explaining the situation.

Yes, this issue must all over virtual filesystems.

Patch may break stuff in the other direction too:

if process is doing "full write" loop, and write hook gets string
which is too long, then the last piece will be written, not truncated
first part.

/proc/alexey