From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754768Ab2G3VVk (ORCPT <rfc822;w@1wt.eu>);
	Mon, 30 Jul 2012 17:21:40 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:52793 "EHLO
	youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754537Ab2G3VVi (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 30 Jul 2012 17:21:38 -0400
Message-ID: <5016FADD.1030503@canonical.com>
Date: Mon, 30 Jul 2012 14:21:33 -0700
From: John Johansen <john.johansen@canonical.com>
Organization: Canonical
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120724 Thunderbird/15.0
MIME-Version: 1.0
To: Kees Cook <keescook@chromium.org>
CC: linux-kernel@vger.kernel.org, James Morris <james.l.morris@oracle.com>,
        linux-security-module@vger.kernel.org
Subject: Re: [PATCH] Yama: access current->comm directly
References: <20120730165848.GA28288@www.outflux.net>
In-Reply-To: <20120730165848.GA28288@www.outflux.net>
X-Enigmail-Version: 1.5a1pre
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 07/30/2012 09:58 AM, Kees Cook wrote:
> The core ptrace access checking routine already holds the task lock,
> so there is no need to use get_task_comm() which just tries to take the
> lock again. Drop its use and access current->comm directly.
> 
> Reported-by: Fengguang Wu <fengguang.wu@intel.com>
> Suggested-by: Oleg Nesterov <oleg@redhat.com>
> Cc: stable@vger.kernel.org
> Signed-off-by: Kees Cook <keescook@chromium.org>
yep, looks good

Acked-by: John Johansen <john.johansen@canonical.com>

> ---
>  security/yama/yama_lsm.c |    6 ++----
>  1 files changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c
> index 83554ee..20a68ca 100644
> --- a/security/yama/yama_lsm.c
> +++ b/security/yama/yama_lsm.c
> @@ -279,12 +279,10 @@ static int yama_ptrace_access_check(struct task_struct *child,
>  	}
>  
>  	if (rc) {
> -		char name[sizeof(current->comm)];
> +		/* task_lock is held by the caller, so use comm directly. */
>  		printk_ratelimited(KERN_NOTICE
>  			"ptrace of pid %d was attempted by: %s (pid %d)\n",
> -			child->pid,
> -			get_task_comm(name, current),
> -			current->pid);
> +			child->pid, current->comm, current->pid);
>  	}
>  
>  	return rc;
>