Received: by 10.213.65.68 with SMTP id h4csp3607655imn; Tue, 3 Apr 2018 07:52:08 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+OK6CxsiJRWu7stssSqzPUOUbfDNLRdzH9eLGnBIpLAAs1tDTq3fuzTBrqacrE19Rwaqho X-Received: by 10.99.136.194 with SMTP id l185mr9490449pgd.419.1522767128654; Tue, 03 Apr 2018 07:52:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522767128; cv=none; d=google.com; s=arc-20160816; b=M+pU0RCBVqjxJfqnMwIY4A5XdQKOB99AtLWiTjiPKiXuZfzjJwfGnbUho+rCSQexgu Nc9bo4Xn14x3QRgj0yO0qn60OeyFJPy2mirvjbDy8GBqSTAIc4qJBOcSr5yTL2zPUJeR vesoJkdjhJBicTeEUoWEH6Z4wySyxQTuKc1HTpgbEdyJ7fn5rm1N+I8ANV5CxnNbEx2u /Tsh2QAk82FYfpPhBvX6uFI9McrbLU/FklNB51aTCJCw69bAKV1l9tPpBV0lXFz/FbPN 0J1/AzL6lVRIdVlqXGDLnImwOEe3xgaMhRRJWx+XP4pyhfOaZ42/usInuwmbWYRjzQ+X iZNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=cGpcKWdsmtlGsQ1zCOCSWmpxdZB/v/kNFjnZOKo0bfI=; b=uVqspw9Bjjo2NeJpCgy0l3fMuTYf0I4kBeOO5d0kFiYUoGX18WvRmMHbcTZXtpHgCx RMTeRbmMFMfgBilX47wDSKmPx3C6V9zj4Z0HmV3zgxiNN4Oxfz/nQRco7o1fAhEZtwaB ZzGlgvbdzKwkcxHrHvu400T6CFjBQbdUsu9o3SmDjp05uSuCd4ld8CzWzrrw5pXWMXfj OqEsFFC4+zFp1cmvfTHv+AWXwqS9QsUemuF0sP0XoWq209l/1KecmHWXSjE8ZOal/1ut NgGa+n6Rw8N6r/SpyYN92g2ACOoHnkn/d9zefFhfS9D3+j/p1mGn8ZMHDGRHEeBHZIdw 04vA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f7si2052828pgs.556.2018.04.03.07.51.54; Tue, 03 Apr 2018 07:52:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751679AbeDCOuV (ORCPT + 99 others); Tue, 3 Apr 2018 10:50:21 -0400 Received: from mx2.suse.de ([195.135.220.15]:34357 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751279AbeDCOuU (ORCPT ); Tue, 3 Apr 2018 10:50:20 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id C05F3AD2C; Tue, 3 Apr 2018 14:50:18 +0000 (UTC) Date: Tue, 3 Apr 2018 16:50:18 +0200 From: Petr Mladek To: Andy Shevchenko Cc: Linus Torvalds , Rasmus Villemoes , "Tobin C . Harding" , Joe Perches , Linux Kernel Mailing List , Andrew Morton , Michal Hocko , Sergey Senozhatsky , Steven Rostedt , Sergey Senozhatsky Subject: Re: [PATCH v3] vsprintf: Prevent crash when dereferencing invalid pointers Message-ID: <20180403145017.n6iksx7hchf4ppib@pathway.suse.cz> References: <20180314140947.rs3b6i5gguzzu5wi@pathway.suse.cz> <1521119343.10722.665.camel@linux.intel.com> <20180315152607.xgzjmj5as6lg42dy@pathway.suse.cz> <1521224375.23017.41.camel@linux.intel.com> <20180329145312.4uqygrjqy3fqyl26@pathway.suse.cz> <1522678523.21176.178.camel@linux.intel.com> <20180403114600.uc7sqeoqt7fmdd66@pathway.suse.cz> <1522756458.21176.314.camel@linux.intel.com> <20180403131346.vwjpz475fzah5a6p@pathway.suse.cz> <1522762858.21176.327.camel@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1522762858.21176.327.camel@linux.intel.com> User-Agent: NeoMutt/20170421 (1.8.2) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue 2018-04-03 16:40:58, Andy Shevchenko wrote: > On Tue, 2018-04-03 at 15:13 +0200, Petr Mladek wrote: > > On Tue 2018-04-03 14:54:18, Andy Shevchenko wrote: > > > On Tue, 2018-04-03 at 13:46 +0200, Petr Mladek wrote: > > > > On Mon 2018-04-02 17:15:23, Andy Shevchenko wrote: > > > We have a lot of API functions which returns: > > > -ERR_PTR > > > NULL > > > struct foo * > > > > > > There is no guarantee that one of that API won't be used as a > > > supplier > > > for printf(). > > > > OK, I think that I have finally understood it. You would like to > > detect ERR_PTR values and handle them specially? I mean to show > > the value? > > > > But then we would need to distinguish three types of errors, > > something like: > > > > + (null) for pure NULL address > > + (e:XXXX) for address in IS_ERR_VALUE() range > > // Just IS_ERR(). IS_ERR_VALUE() is not meant to be used widely IS_ERR() is just a wrapper above IS_ERR_VALUE(). The range is important here and it is the same for both. > > + (efault) for any other invalid address > > > > Then people might want to see values also from the first 4096 bytes. > > This is getting too complicated. > > No, it's not. (null) case is already in kernel, you came with (efault), > but IS_ERR() case or any other case like it is just printing of standard > pointer value. See in the code where special_hex_number() is called. > > > I am not sure if it is worth it. > > Your patch will hide values for error codes. Not good for debugging. It does it in situation where we mostly silently crashed so far. Therefore I do not see this as a big regression. If we hanle IS_ERR() a special way, it will mean more code and more types of error messages. People might be confused by the difference between (e:000e) and (efault). Yes, it might help to distinguish this situation in some cases. But typically the information about invalid address access should be enough. People will either see the problem from the code or they would need to add more debug messages anyway. > > > You can't dereference ERR_PTR value, but anything else except the > > > > > > > > > > Also google gives > > > > > > rather confusing results when searching, for example for > > > > > > "(0x000E)". > > > > > > > > > > It's not primarily for google, though yeah, people would google > > > > > for > > > > > error messages... > > > > > > > > > > Another question is what the format: decimal versus hex for > > > > > errors. > > > > > Maybe just "(-DDDDD)"? > > > > > > > > This still looks confusing and google does not help. > > > > > > ...then we have a last option just to print a value as a pointer > > > address. > > > > We could not print the real address from security reasons. The hashed > > pointer value is not much helpful. IMHO, a common error string is > > easier to spot or search for. > > Did you read what I'm writing? How on the earth the pointer in the range > of -1...-4095 would be a security issue?! Please, read your mails again. You never wrote that you were talking about handling error codes specially. I mean this thread starting at https://lkml.kernel.org/r/20180314140947.rs3b6i5gguzzu5wi@pathway.suse.cz Most of the time I though that you were talking about displaying the single error code -EFAULT for any invalid address or showing any invalid address directly. I am not a psychic. OK, you mentioned this in the early mail at https://lkml.kernel.org/r/1520446689.10722.493.camel@linux.intel.com But it was in a bit different context. Also it was right before the mail from Linus who wrote: "Guys, stop this idiocy. printk() needs to be *simple* and *reliable*, not fancy." He then wrote many times that NULL might be considered special. But that we should really keep it simple. Best Regards, Petr