summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Rientjes <rientjes@google.com>2013-04-30 15:28:18 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2013-04-30 17:04:07 -0700
commit830e0fc967a7ee5013d5d1cf6a3cea71a8868466 (patch)
tree19d176024decd5ca10601d2cf2ecc8f0e90fe84e
parentdc7ee2aac830e5423f41de87d50441f138f648da (diff)
downloadlinux-830e0fc967a7ee5013d5d1cf6a3cea71a8868466.tar.gz
linux-830e0fc967a7ee5013d5d1cf6a3cea71a8868466.tar.bz2
linux-830e0fc967a7ee5013d5d1cf6a3cea71a8868466.zip
fs, proc: truncate /proc/pid/comm writes to first TASK_COMM_LEN bytes
Currently, a write to a procfs file will return the number of bytes successfully written. If the actual string is longer than this, the remainder of the string will not be be written and userspace will complete the operation by issuing additional write()s. Hence $ echo -n "abcdefghijklmnopqrs" > /proc/self/comm results in $ cat /proc/$$/comm pqrs since the final four bytes were written with a second write() since TASK_COMM_LEN == 16. This is obviously an undesired result and not equivalent to prctl(PR_SET_NAME). The implementation should not need to know the definition of TASK_COMM_LEN. This patch truncates the string to the first TASK_COMM_LEN bytes and returns the bytes written as the length of the string written so the second write() is suppressed. $ cat /proc/$$/comm abcdefghijklmno Signed-off-by: David Rientjes <rientjes@google.com> Acked-by: John Stultz <john.stultz@linaro.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/proc/base.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/fs/proc/base.c b/fs/proc/base.c
index a19308604145..3861bcec41ff 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1348,11 +1348,10 @@ static ssize_t comm_write(struct file *file, const char __user *buf,
struct inode *inode = file_inode(file);
struct task_struct *p;
char buffer[TASK_COMM_LEN];
+ const size_t maxlen = sizeof(buffer) - 1;
memset(buffer, 0, sizeof(buffer));
- if (count > sizeof(buffer) - 1)
- count = sizeof(buffer) - 1;
- if (copy_from_user(buffer, buf, count))
+ if (copy_from_user(buffer, buf, count > maxlen ? maxlen : count))
return -EFAULT;
p = get_proc_task(inode);