From: Steven Rostedt <rostedt@goodmis.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Yafang Shao <laoar.shao@gmail.com>,
linux-mm@kvack.org, linux-fsdevel@vger.kernel.org,
linux-trace-kernel@vger.kernel.org, audit@vger.kernel.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
bpf@vger.kernel.org, Masami Hiramatsu <mhiramat@kernel.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Subject: Re: [PATCH 2/6] tracing: Replace memcpy() with __get_task_comm()
Date: Mon, 3 Jun 2024 18:19:43 -0400 [thread overview]
Message-ID: <20240603181943.09a539aa@gandalf.local.home> (raw)
In-Reply-To: <CAHk-=whPUBbug2PACOzYXFbaHhA6igWgmBzpr5tOQYzMZinRnA@mail.gmail.com>
On Mon, 3 Jun 2024 14:42:10 -0700
Linus Torvalds <torvalds@linux-foundation.org> wrote:
> On Mon, 3 Jun 2024 at 14:19, Steven Rostedt <rostedt@goodmis.org> wrote:
> >
> > - __array( char, comm, TASK_COMM_LEN )
> > + __string( comm, strlen(comm) )
>
> Is this actually safe is 'comm[]' is being modified at the same time?
> The 'strlen()' will not be consistent with the string copy.
First, I realized that it should actually be:
__string( comm, task->comm )
But your question is still a valid question, as the internal logic will
call strlen() on the second parameter.
>
> Because that is very much the case. It's not a stable source.
>
> For example, strlen() may return 5. But by the time you then actually
> copy the data, the string may have changed, and there would not
> necessarily be a NUL character at comm[5] any more. It might be
> further in the string, or it might be earlier.
The logic behind __string() and __assign_str() will always add a NUL
character.
__string() is defined as:
static inline const char *__string_src(const char *str)
{
if (!str)
return EVENT_NULL_STR;
return str;
}
#undef __dynamic_array
#define __dynamic_array(type, item, len) \
__item_length = (len) * sizeof(type); \
__data_offsets->item = __data_size + \
offsetof(typeof(*entry), __data); \
__data_offsets->item |= __item_length << 16; \
__data_size += __item_length;
#undef __string
#define __string(item, src) __dynamic_array(char, item, \
strlen(__string_src(src)) + 1) \
__data_offsets->item##_ptr_ = src;
The above will use the strlen(src) to specify the amount of memory to
allocate on the ring buffer: "strlen(__string_src(src)) + 1)"
This is stored on a special structure for the entry and used in the
__assign_str() (the reason I removed the source to that macro during this
merge window).
#undef __assign_str
#define __assign_str(dst) \
do { \
char *__str__ = __get_str(dst); \
int __len__ = __get_dynamic_array_len(dst) - 1; \
memcpy(__str__, __data_offsets.dst##_ptr_ ? : \
EVENT_NULL_STR, __len__); \
__str__[__len__] = '\0'; \
} while (0)
The source of the string is copied via memcpy() using the length stored
from the __string() macro (minus 1), and then '\0' is added to it to force
the NUL character to be in the memory for the string.
-- Steve
next prev parent reply other threads:[~2024-06-03 22:18 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-02 2:37 [PATCH 0/6] kernel: Avoid memcpy of task comm Yafang Shao
2024-06-02 2:37 ` [PATCH 1/6] fs/exec: Drop task_lock() inside __get_task_comm() Yafang Shao
2024-06-02 3:51 ` Eric W. Biederman
2024-06-02 6:56 ` Yafang Shao
2024-06-02 16:35 ` Alexei Starovoitov
2024-06-02 17:52 ` Eric W. Biederman
2024-06-02 18:23 ` Alexei Starovoitov
2024-06-03 11:35 ` Yafang Shao
2024-06-10 12:34 ` Eric W. Biederman
2024-06-10 23:01 ` Alexei Starovoitov
2024-06-02 20:11 ` Linus Torvalds
2024-06-02 17:56 ` Eric W. Biederman
2024-06-04 13:02 ` Matus Jokay
2024-06-04 20:01 ` Matus Jokay
2024-06-05 2:48 ` Yafang Shao
2024-06-02 2:37 ` [PATCH 2/6] tracing: Replace memcpy() with __get_task_comm() Yafang Shao
2024-06-03 21:20 ` Steven Rostedt
2024-06-03 21:42 ` Linus Torvalds
2024-06-03 22:19 ` Steven Rostedt [this message]
2024-06-03 22:23 ` Linus Torvalds
2024-06-03 22:37 ` Steven Rostedt
2024-06-03 22:38 ` Linus Torvalds
2024-06-03 22:40 ` Steven Rostedt
2024-06-04 2:35 ` Yafang Shao
2024-06-02 2:37 ` [PATCH 3/6] auditsc: " Yafang Shao
2024-06-03 21:03 ` Paul Moore
2024-06-02 2:37 ` [PATCH 4/6] security: " Yafang Shao
2024-06-03 22:06 ` Paul Moore
2024-06-02 2:37 ` [PATCH 5/6] bpftool: Make task comm always be NUL-terminated Yafang Shao
2024-06-02 21:01 ` Quentin Monnet
2024-06-02 2:46 ` [PATCH 6/6] selftests/bpf: Replace memcpy() with __get_task_comm() Yafang Shao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240603181943.09a539aa@gandalf.local.home \
--to=rostedt@goodmis.org \
--cc=audit@vger.kernel.org \
--cc=bpf@vger.kernel.org \
--cc=laoar.shao@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).