From mboxrd@z Thu Jan 1 00:00:00 1970 From: john stultz Subject: Re: [PATCH] sanitize task->comm to avoid leaking escape codes Date: Tue, 29 Jun 2010 15:32:11 -0700 Message-ID: <1277850731.1821.44.camel@localhost> References: <20100623181129.GM5876@outflux.net> <20100623194145.GA19628@redhat.com> <1277787505.3599.25.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Cc: Oleg Nesterov , Kees Cook , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Alexander Viro , Andrew Morton , KOSAKI Motohiro , Neil Horman , Roland McGrath , Ingo Molnar , Peter Zijlstra , Thomas Gleixner To: dedekind1@gmail.com Return-path: In-Reply-To: <1277787505.3599.25.camel@localhost.localdomain> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Tue, 2010-06-29 at 07:58 +0300, Artem Bityutskiy wrote: > On Wed, 2010-06-23 at 21:41 +0200, Oleg Nesterov wrote: > > On 06/23, Kees Cook wrote: > > > > > > @@ -956,7 +957,15 @@ void set_task_comm(struct task_struct *tsk, char *buf) > > > */ > > > memset(tsk->comm, 0, TASK_COMM_LEN); > > > wmb(); > > > > Off-topic. I'd wish I could understand this barrier. Since the lockless > > reader doesn't do rmb() I don't see how this can help. > > This wmb() looks wrong to me as well. To achieve what the comment in > this function says, it should be smp_wmb() and we should have smp_rmb() > in the reading side, AFAIU. > > > OTOH, I don't > > understand why it is needed, we never change ->comm[TASK_COMM_LEN-1] == '0'. > > I think the idea was that readers can see incomplete names, but not > messed up names, consisting of old and new ones. Yes, that was the intent, but I do see how it is unnecessary. So I'm fine with it and the memset being removed. Thanks for catching this! -john