linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [patch] fs, proc: truncate /proc/pid/comm writes to first TASK_COMM_LEN bytes
@ 2013-04-09  1:55 David Rientjes
  2013-04-09 20:03 ` Andrew Morton
  0 siblings, 1 reply; 3+ messages in thread
From: David Rientjes @ 2013-04-09  1:55 UTC (permalink / raw)
  To: Andrew Morton; +Cc: John Stultz, linux-kernel

Currently, a write to /proc/pid/write will return the number of bytes
successfully written.  If the actual string is greater than this, the
remainder of the string will normally be written.

This results in things such as 

	$ echo -n "abcdefghijklmnopqrs" > /proc/self/comm

to result in

	$ cat /proc/$$/comm
	pqrs

since the final four bytes were written with a second write() since
TASK_COMM_LEN == 16.  This is obviously an undesired result and not
equivalent to prctl(PR_SET_NAME).  The implementation should not need to
know the definition of TASK_COMM_LEN.

This patch truncates the string to the first TASK_COMM_LEN bytes and
returns the bytes written as the length of the string written so the
second write() is suppressed.

	$ cat /proc/$$/comm
	abcdefghijklmno

Signed-off-by: David Rientjes <rientjes@google.com>
---
 fs/proc/base.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1347,11 +1347,10 @@ static ssize_t comm_write(struct file *file, const char __user *buf,
 	struct inode *inode = file_inode(file);
 	struct task_struct *p;
 	char buffer[TASK_COMM_LEN];
+	const size_t maxlen = sizeof(buffer) - 1;
 
 	memset(buffer, 0, sizeof(buffer));
-	if (count > sizeof(buffer) - 1)
-		count = sizeof(buffer) - 1;
-	if (copy_from_user(buffer, buf, count))
+	if (copy_from_user(buffer, buf, count > maxlen ? maxlen : count))
 		return -EFAULT;
 
 	p = get_proc_task(inode);

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [patch] fs, proc: truncate /proc/pid/comm writes to first TASK_COMM_LEN bytes
  2013-04-09  1:55 [patch] fs, proc: truncate /proc/pid/comm writes to first TASK_COMM_LEN bytes David Rientjes
@ 2013-04-09 20:03 ` Andrew Morton
  2013-04-09 20:11   ` John Stultz
  0 siblings, 1 reply; 3+ messages in thread
From: Andrew Morton @ 2013-04-09 20:03 UTC (permalink / raw)
  To: David Rientjes; +Cc: John Stultz, linux-kernel, John Stultz


> cc: John Stultz <johnstul@us.ibm.com>

I don't know if that address still works.

On Mon, 8 Apr 2013 18:55:13 -0700 (PDT) David Rientjes <rientjes@google.com> wrote:

> Currently, a write to /proc/pid/write will return the number of bytes
> successfully written.  If the actual string is greater than this, the
> remainder of the string will normally be written.

The paragraph is a bit of a head-scratcher.  I did some subediting.

> This results in things such as 
> 
> 	$ echo -n "abcdefghijklmnopqrs" > /proc/self/comm
> 
> to result in
> 
> 	$ cat /proc/$$/comm
> 	pqrs

hah, that's pretty sad.

> since the final four bytes were written with a second write() since
> TASK_COMM_LEN == 16.  This is obviously an undesired result and not
> equivalent to prctl(PR_SET_NAME).  The implementation should not need to
> know the definition of TASK_COMM_LEN.
> 
> This patch truncates the string to the first TASK_COMM_LEN bytes and
> returns the bytes written as the length of the string written so the
> second write() is suppressed.
> 
> 	$ cat /proc/$$/comm
> 	abcdefghijklmno

From: David Rientjes <rientjes@google.com>
Subject: fs, proc: truncate /proc/pid/comm writes to first TASK_COMM_LEN bytes

Currently, a write to a procfs file will return the number of bytes
successfully written.  If the actual string is longer than this, the
remainder of the string will not be be written and userspace will complete
the operation by issuing additional write()s.

Hence

	$ echo -n "abcdefghijklmnopqrs" > /proc/self/comm

results in

	$ cat /proc/$$/comm
	pqrs

since the final four bytes were written with a second write() since
TASK_COMM_LEN == 16.  This is obviously an undesired result and not
equivalent to prctl(PR_SET_NAME).  The implementation should not need to
know the definition of TASK_COMM_LEN.

This patch truncates the string to the first TASK_COMM_LEN bytes and
returns the bytes written as the length of the string written so the
second write() is suppressed.

	$ cat /proc/$$/comm
	abcdefghijklmno

Signed-off-by: David Rientjes <rientjes@google.com>
Cc: John Stultz <john.stultz@linaro.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/proc/base.c |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff -puN fs/proc/base.c~fs-proc-truncate-proc-pid-comm-writes-to-first-task_comm_len-bytes fs/proc/base.c
--- a/fs/proc/base.c~fs-proc-truncate-proc-pid-comm-writes-to-first-task_comm_len-bytes
+++ a/fs/proc/base.c
@@ -1347,11 +1347,10 @@ static ssize_t comm_write(struct file *f
 	struct inode *inode = file_inode(file);
 	struct task_struct *p;
 	char buffer[TASK_COMM_LEN];
+	const size_t maxlen = sizeof(buffer) - 1;
 
 	memset(buffer, 0, sizeof(buffer));
-	if (count > sizeof(buffer) - 1)
-		count = sizeof(buffer) - 1;
-	if (copy_from_user(buffer, buf, count))
+	if (copy_from_user(buffer, buf, count > maxlen ? maxlen : count))
 		return -EFAULT;
 
 	p = get_proc_task(inode);
_


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [patch] fs, proc: truncate /proc/pid/comm writes to first TASK_COMM_LEN bytes
  2013-04-09 20:03 ` Andrew Morton
@ 2013-04-09 20:11   ` John Stultz
  0 siblings, 0 replies; 3+ messages in thread
From: John Stultz @ 2013-04-09 20:11 UTC (permalink / raw)
  To: Andrew Morton; +Cc: David Rientjes, John Stultz, linux-kernel

On 04/09/2013 01:03 PM, Andrew Morton wrote:
>> cc: John Stultz <johnstul@us.ibm.com>
> I don't know if that address still works.

No, that email is no longer active. Thanks for noticing this.


> From: David Rientjes <rientjes@google.com>
> Subject: fs, proc: truncate /proc/pid/comm writes to first TASK_COMM_LEN bytes
>
> Currently, a write to a procfs file will return the number of bytes
> successfully written.  If the actual string is longer than this, the
> remainder of the string will not be be written and userspace will complete
> the operation by issuing additional write()s.
>
> Hence
>
> 	$ echo -n "abcdefghijklmnopqrs" > /proc/self/comm
>
> results in
>
> 	$ cat /proc/$$/comm
> 	pqrs
>
> since the final four bytes were written with a second write() since
> TASK_COMM_LEN == 16.  This is obviously an undesired result and not
> equivalent to prctl(PR_SET_NAME).  The implementation should not need to
> know the definition of TASK_COMM_LEN.

That's embarrassing, thanks for catching it!


> This patch truncates the string to the first TASK_COMM_LEN bytes and
> returns the bytes written as the length of the string written so the
> second write() is suppressed.
>
> 	$ cat /proc/$$/comm
> 	abcdefghijklmno
>
> Signed-off-by: David Rientjes <rientjes@google.com>
> Cc: John Stultz <john.stultz@linaro.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Acked-by: John Stultz <john.stultz@linaro.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-04-09 20:11 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-04-09  1:55 [patch] fs, proc: truncate /proc/pid/comm writes to first TASK_COMM_LEN bytes David Rientjes
2013-04-09 20:03 ` Andrew Morton
2013-04-09 20:11   ` John Stultz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).