Commit 696ee88a authored by Pavel Begunkov's avatar Pavel Begunkov Committed by Jens Axboe

io_uring/io-wq: protect against sprintf overflow

task_pid may be large enough to not fit into the left space of
TASK_COMM_LEN-sized buffers and overflow in sprintf. We not so care
about uniqueness, so replace it with safer snprintf().
Reported-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: default avatarPavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/1702c6145d7e1c46fbc382f28334c02e1a3d3994.1617267273.git.asml.silence@gmail.comSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 4b982bd0
...@@ -484,7 +484,7 @@ static int io_wqe_worker(void *data) ...@@ -484,7 +484,7 @@ static int io_wqe_worker(void *data)
worker->flags |= (IO_WORKER_F_UP | IO_WORKER_F_RUNNING); worker->flags |= (IO_WORKER_F_UP | IO_WORKER_F_RUNNING);
io_wqe_inc_running(worker); io_wqe_inc_running(worker);
sprintf(buf, "iou-wrk-%d", wq->task_pid); snprintf(buf, sizeof(buf), "iou-wrk-%d", wq->task_pid);
set_task_comm(current, buf); set_task_comm(current, buf);
while (!test_bit(IO_WQ_BIT_EXIT, &wq->state)) { while (!test_bit(IO_WQ_BIT_EXIT, &wq->state)) {
...@@ -711,7 +711,7 @@ static int io_wq_manager(void *data) ...@@ -711,7 +711,7 @@ static int io_wq_manager(void *data)
char buf[TASK_COMM_LEN]; char buf[TASK_COMM_LEN];
int node; int node;
sprintf(buf, "iou-mgr-%d", wq->task_pid); snprintf(buf, sizeof(buf), "iou-mgr-%d", wq->task_pid);
set_task_comm(current, buf); set_task_comm(current, buf);
do { do {
......
...@@ -6718,7 +6718,7 @@ static int io_sq_thread(void *data) ...@@ -6718,7 +6718,7 @@ static int io_sq_thread(void *data)
char buf[TASK_COMM_LEN]; char buf[TASK_COMM_LEN];
DEFINE_WAIT(wait); DEFINE_WAIT(wait);
sprintf(buf, "iou-sqp-%d", sqd->task_pid); snprintf(buf, sizeof(buf), "iou-sqp-%d", sqd->task_pid);
set_task_comm(current, buf); set_task_comm(current, buf);
current->pf_io_worker = NULL; current->pf_io_worker = NULL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment