On Tue, Feb 10, 2026 at 05:41:43PM -0800, Kees Cook wrote:
> > I think this path, where we always do maximally-sized allocations, is
> > the normal case where we're handling paths coming from userspace...
>
> Actually, is there any reason we can't use strnlen_user() in
> do_getname(), and then just use strndup_user() in the long case?
Yes. Not having to deal with the "oh, lookie - it became empty this
time around" case.
> > > if (len <= EMBEDDED_NAME_MAX) {
> > > p = (char *)result->iname;
> > > - memcpy(p, filename, len);
> > > } else {
> > > - p = kmemdup(filename, len, GFP_KERNEL);
> > > + p = kmem_buckets_alloc(names_buckets, len, GFP_KERNEL);
> >
> > ... while this is kind of the exceptional case, where paths are coming
> > from kernelspace.
mount -t ext2 fucking_long_pathname_resolving_to_dev_sda1 /mnt
Watch the show. "Fucking long" here being "longer than 150 bytes or so".
