On (09/23/15 11:43), Michal Hocko wrote: [..] > > > the previous name was already null terminated, > > > > Yeah, but if the old name is shorter than the new one, set_task_comm() > > overwrites the terminating null of the old name before writing the new > > terminating null, so there is a short time window during which tsk->comm > > might be not null-terminated, no? > > Not really: > case PR_SET_NAME: > comm[sizeof(me->comm) - 1] = 0; > if (strncpy_from_user(comm, (char __user *)arg2, > sizeof(me->comm) - 1) < 0) > return -EFAULT; > > So it first writes the terminating 0 and only then starts copying. right. hm, shouldn't set_task_comm()->__set_task_comm() do the same? -ss -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>