On Thu, Jul 24, 2025 at 06:06:12PM +0530, Bhupesh wrote:
> Historically due to the 16-byte length of TASK_COMM_LEN, the
> users of 'tsk->comm' are restricted to use a fixed-size target
> buffer also of TASK_COMM_LEN for 'memcpy()' like use-cases.
>
> To fix the same, we now use a 64-byte TASK_COMM_EXT_LEN and
> set the comm element inside 'task_struct' to the same length:
> struct task_struct {
> .....
> char comm[TASK_COMM_EXT_LEN];
> .....
> };
>
> where TASK_COMM_EXT_LEN is 64-bytes.
>
> Now, in order to maintain existing ABI, we ensure that:
>
> - Existing users of 'get_task_comm'/ 'set_task_comm' will get 'tsk->comm'
> truncated to a maximum of 'TASK_COMM_LEN' (16-bytes) to maintain ABI,
> - New / Modified users of 'get_task_comm'/ 'set_task_comm' will get
> 'tsk->comm' supported up to the maximum of 'TASK_COMM_EXT_LEN' (64-bytes).
>
> Note, that the existing users have not been modified to migrate to
> 'TASK_COMM_EXT_LEN', in case they have hard-coded expectations of
> dealing with only a 'TASK_COMM_LEN' long 'tsk->comm'.
>
> Signed-off-by: Bhupesh <bhupesh@xxxxxxxxxx>
> ---
> include/linux/sched.h | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/sched.h b/include/linux/sched.h
> index 8bbd03f1b978..b6abb759292c 100644
> --- a/include/linux/sched.h
> +++ b/include/linux/sched.h
> @@ -317,6 +317,7 @@ struct user_event_mm;
> */
> enum {
> TASK_COMM_LEN = 16,
> + TASK_COMM_EXT_LEN = 64,
> };
>
> extern void sched_tick(void);
> @@ -1159,7 +1160,7 @@ struct task_struct {
> * - logic inside set_task_comm() will ensure it is always NUL-terminated and
> * zero-padded
> */
> - char comm[TASK_COMM_LEN];
> + char comm[TASK_COMM_EXT_LEN];
>
> struct nameidata *nameidata;
>
> @@ -1954,7 +1955,7 @@ extern void kick_process(struct task_struct *tsk);
>
> extern void __set_task_comm(struct task_struct *tsk, const char *from, bool exec);
> #define set_task_comm(tsk, from) ({ \
> - BUILD_BUG_ON(sizeof(from) != TASK_COMM_LEN); \
> + BUILD_BUG_ON(sizeof(from) < TASK_COMM_LEN); \
> __set_task_comm(tsk, from, false); \
> })
>
> @@ -1974,6 +1975,10 @@ extern void __set_task_comm(struct task_struct *tsk, const char *from, bool exec
> #define get_task_comm(buf, tsk) ({ \
> BUILD_BUG_ON(sizeof(buf) < TASK_COMM_LEN); \
> strscpy_pad(buf, (tsk)->comm); \
> + if ((sizeof(buf)) == TASK_COMM_LEN) \
> + buf[TASK_COMM_LEN - 1] = '\0'; \
> + else \
> + buf[TASK_COMM_EXT_LEN - 1] = '\0'; \
strscpy_pad() will already make sure buf is NUL-terminated, so I don't
see why there is a need for explicit final byte termination? (And even
if we do need it, then it should just be buf[sizeof(buf) - 1] otherwise
using a buf that is < TASK_COMM_EXT_LEN but > TASK_COMM_LEN will have
a spurious NUL byte write beyond its buffer.)
--
Kees Cook
