Using memcpy to copy the task comm relies on the length of task comm. Changes in the task comm could result in a destination string that is not NUL-terminated. Therefore, we should explicitly ensure the destination string is always NUL-terminated, regardless of the task comm. This approach will facilitate future extensions to the task comm. As suggested by Linus [0], we can identify all relevant code with the following git grep command: git grep 'memcpy.*->comm\>' Suggested-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Link: https://lore.kernel.org/all/CAHk-=wjAmmHUg6vho1KjzQi2=psR30+CogFd4aXrThr2gsiS4g@xxxxxxxxxxxxxx/ [0] Yafang Shao (6): fs/exec: Drop task_lock() inside __get_task_comm() tracing: Replace memcpy() with __get_task_comm() auditsc: Replace memcpy() with __get_task_comm() security: Replace memcpy() with __get_task_comm() bpftool: Make task comm always be NUL-terminated selftests/bpf: Replace memcpy() with __get_task_comm() fs/exec.c | 7 +++-- include/linux/sched.h | 2 +- include/linux/tracepoint.h | 4 +-- include/trace/events/block.h | 10 +++---- include/trace/events/oom.h | 2 +- include/trace/events/osnoise.h | 2 +- include/trace/events/sched.h | 27 ++++++++++--------- include/trace/events/signal.h | 2 +- include/trace/events/task.h | 4 +-- kernel/auditsc.c | 6 ++--- security/lsm_audit.c | 4 +-- security/selinux/selinuxfs.c | 2 +- tools/bpf/bpftool/pids.c | 2 ++ .../bpf/bpf_testmod/bpf_testmod-events.h | 2 +- 14 files changed, 41 insertions(+), 35 deletions(-) -- 2.39.1
