Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1741957yba; Thu, 9 May 2019 23:43:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqzVEy2+i1ZC78OWOd98IefI6Su8pu/K+BMKt3Si7Q/vaIV3WO7/JkHZvOGi/46HWm80Ov8E X-Received: by 2002:aa7:9356:: with SMTP id 22mr11477534pfn.188.1557470628280; Thu, 09 May 2019 23:43:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557470628; cv=none; d=google.com; s=arc-20160816; b=uxNi4S2jv1qQD9KI6aOoCsnoV/kZSnSBFMMC7eYxZm1lsiditv23i/2MlYKVhrGVQp K0tRlIdWv46vYGenriaZBExKMxEpHgqoFDfR8F0kPmR35xGDbHFQmaTAQsGAe1z6m0CA zV0Pgh85pn41876/UisytxlpPMp1jDl9T3HacuzxxYaT+T5wcMNaSKYuVAZhnft+yXTp 2zUrUeBxkWwxHzeMx8KSjwqlCak+bSjxL9P3ek7x5R1y2sL0ALJbgDp+NjMB4/f0glXG ESQWMn2RQ77oQC0rXuJPyNVUrEZSufw6SMVrAokAUToXx2cKi1/bxP2lDLi1sr3L1JT5 Zw+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from; bh=42Fjt2l9NG86lWXObRjdb32vC/DBX1oXAkTeyDYGbIo=; b=sagoWGF+s/BIVwI+auT5DP0XIqOGYvN6SKcYn44DGxHUeWakUIzFt6qIFU+xuNK9Hq b8GD72F4j60MmiWxITfi9NVQ7BFfP8R1viUQ3a9Bl4whnfYHUdMNmmpyyAvqFG1b3qoZ 08l2oix0igxc/Uuq6v9kEpLbR970PWdq76Pv4nvEcT0eGLU7Lt9eXqDzG5Sf5QB0nQRD M7gGtV75r8bsvdNi7WutHXRI5snYx5lVMz7I84dMlRu/bW1VVm1Ahrn/3frh+9p1ZJQw afznvIv6P6sLWF/Dz3/mxpvv/PytFE4LMStPszVghiNUbhylQfFLxugGNb3ImSoex6TB tJ8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d19si6294292pls.221.2019.05.09.23.43.31; Thu, 09 May 2019 23:43:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727068AbfEJGlb (ORCPT + 99 others); Fri, 10 May 2019 02:41:31 -0400 Received: from bilbo.ozlabs.org ([203.11.71.1]:38563 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726816AbfEJGla (ORCPT ); Fri, 10 May 2019 02:41:30 -0400 Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 450gbT04kgz9sBr; Fri, 10 May 2019 16:41:24 +1000 (AEST) From: Michael Ellerman To: Sergey Senozhatsky , Linus Torvalds Cc: Sergey Senozhatsky , Petr Mladek , Andy Shevchenko , Rasmus Villemoes , "Tobin C . Harding" , Michal Hocko , Sergey Senozhatsky , Steven Rostedt , linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, Russell Currey , Christophe Leroy , Stephen Rothwell , Heiko Carstens , linux-arch@vger.kernel.org, linux-s390@vger.kernel.org, Martin Schwidefsky Subject: Re: [PATCH] vsprintf: Do not break early boot with probing addresses In-Reply-To: <20190510050709.GA1831@jagdpanzerIV> References: <20190509121923.8339-1-pmladek@suse.com> <20190510043200.GC15652@jagdpanzerIV> <20190510050709.GA1831@jagdpanzerIV> Date: Fri, 10 May 2019 16:41:24 +1000 Message-ID: <87h8a2vmjv.fsf@concordia.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sergey Senozhatsky writes: > On (05/09/19 21:47), Linus Torvalds wrote: >> [ Sorry about html and mobile crud, I'm not at the computer right now ] >> How about we just undo the whole misguided probe_kernel_address() thing? > > But the problem will remain - %pS/%pF on PPC (and some other arch-s) > do dereference_function_descriptor(), which calls probe_kernel_address(). (Only on 64-bit big endian, and we may even change that one day) > So if probe_kernel_address() starts to dump_stack(), then we are heading > towards stack overflow. Unless I'm totally missing something. We only ended up calling dump_stack() from probe_kernel_address() due to a combination of things: 1. probe_kernel_address() actually uses __copy_from_user_inatomic() which is silly because it's not doing a user access. 2. our user access code uses mmu_has_feature() which uses jump labels, and so isn't safe to call until we've initialised those jump labels. This is unnecessarily fragile, we can easily make the user access code safe to call before the jump labels are initialised. 3. we had extra debug code enabled in mmu_has_feature() which calls dump_stack(). I've fixed 2, and plan to fix 1 as well at some point. And 3 is behind a CONFIG option that no one except me is going to have enabled in practice. So in future we shouldn't be calling dump_stack() in that path. cheers