Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp279713yba; Wed, 15 May 2019 00:55:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqytR0uz83URr0Xzbflsg9LE4AMvdgFiUuuFZm5yGr4fjWzTUIODDq0o/1a6tjZ0FVdaS/5h X-Received: by 2002:aa7:9e9a:: with SMTP id p26mr14042390pfq.176.1557906915872; Wed, 15 May 2019 00:55:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557906915; cv=none; d=google.com; s=arc-20160816; b=zMBUs4zkVQl6utY7Swe6KK6TnodeL9GxcFIdRudsJBkzGBlb+PThrx0zAVkGnUpBK2 u9XruENPqTn7hMdjJ8pY5DwSb2taCi/fhSVUSSP/YoorbCVKdnDKv4oR8EF67gLpWweb sWE610IZTs6oIlPmaK+KoFlQ9bOG62HFmh0VP2kB3Y9HK66432gf0zwH3wgyygFEiKAm 042248bNCz2QBLDAbuvxhu2dL6xZ7x1Vs8AJ1mO2k7a0/IsQZLCFtqlIfCa5+u3hN+r/ XYAX89up2dS+fY/WFb7kh2R4i5UFeLlNwiQsGYTLbqVAX7HC7As5LJZp+8muNWMleQxo S8zQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=7L0gKZrEaGwHGjCyQUtjTtcKrDoFY4YYpeEwPzX+XCE=; b=v2DnJPtJtrv/GN5PgPsL71oZYcYDoQyIqYDrXx6iahwPVGeVayxetWk0UtPYbH3W2Z 7DYcexTZSQmj+jkdOveLilfvFm8Ziy8LVxTUC9YJ+w/QGzuVykqJzZb4hySRSwrYHucx z58KLioTWg1YHRZ258/X/xGjUanb9IKO1zpBNgQnrNjLVEMN2VigjMOBZQX44zxw30AZ wdoWkDU9MnH8WM4QTDc8f3ibxkqiI57eCHBiC8NcQgcnlPbkS+4uwqj0jdZBBuwqIUd1 9QDC5cfLkI9gES6O2eQzFCe1CYMw44wikhRdjdVJRP/2L7s89eg0eUcM/jN1XRgeL4vr KwQQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c8si1425055pfn.208.2019.05.15.00.55.01; Wed, 15 May 2019 00:55:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726465AbfEOHxn (ORCPT + 99 others); Wed, 15 May 2019 03:53:43 -0400 Received: from mx2.suse.de ([195.135.220.15]:57100 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725902AbfEOHxm (ORCPT ); Wed, 15 May 2019 03:53:42 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 8FDD9AF3F; Wed, 15 May 2019 07:53:40 +0000 (UTC) Date: Wed, 15 May 2019 09:53:39 +0200 From: Petr Mladek To: Geert Uytterhoeven Cc: Steven Rostedt , David Laight , Sergey Senozhatsky , Andy Shevchenko , christophe leroy , Linus Torvalds , Rasmus Villemoes , "Tobin C . Harding" , Michal Hocko , Sergey Senozhatsky , "linux-kernel@vger.kernel.org" , Michael Ellerman , "linuxppc-dev@lists.ozlabs.org" , Russell Currey , Stephen Rothwell , Heiko Carstens , "linux-arch@vger.kernel.org" , "linux-s390@vger.kernel.org" , Martin Schwidefsky Subject: Re: [PATCH] vsprintf: Do not break early boot with probing addresses Message-ID: <20190515075339.7biocrjfpxj77l3b@pathway.suse.cz> References: <096d6c9c17b3484484d9d9d3f3aa3a7c@AcuMS.aculab.com> <20190513091320.GK9224@smile.fi.intel.com> <20190513124220.wty2qbnz4wo52h3x@pathway.suse.cz> <20190514020730.GA651@jagdpanzerIV> <45348cf615fe40d383c1a25688d4a88f@AcuMS.aculab.com> <20190514143751.48e81e05@oasis.local.home> <20190514153503.6b7faaa7@oasis.local.home> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170912 (1.9.0) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed 2019-05-15 09:23:05, Geert Uytterhoeven wrote: > Hi Steve, > > On Tue, May 14, 2019 at 9:35 PM Steven Rostedt wrote: > > On Tue, 14 May 2019 21:13:06 +0200 > > Geert Uytterhoeven wrote: > > > > > Do we care about the value? "(-E%u)"? > > > > > > > > That too could be confusing. What would (-E22) be considered by a user > > > > doing an sprintf() on some string. I know that would confuse me, or I > > > > would think that it was what the %pX displayed, and wonder why it > > > > displayed it that way. Whereas "(fault)" is quite obvious for any %p > > > > use case. > > > > > > I would immediately understand there's a missing IS_ERR() check in a > > > function that can return -EINVAL, without having to add a new printk() > > > to find out what kind of bogus value has been received, and without > > > having to reboot, and trying to reproduce... > > > > I have to ask. Has there actually been a case that you used a %pX and > > it faulted, and you had to go back to find what the value of the > > failure was? > > If it faulted, the bad pointer value is obvious from the backtrace. > If the code avoids the fault by verifying the pointer and returning > "(efault)" instead, the bad pointer value is lost. > > Or am I missing something? Should buggy printk() crash the system? Another problem is that vsprintf() is called in printk() under lockbuf_lock. The messages are stored into printk_safe per CPU buffers. It allows to see the nested messages. But there is still a bigger risk of missing them than with a "normal" fault. Finally, various variants of these checks were already used in "random" printf formats. The only change is that we are using them consistently everywhere[*] a pointer is accessed. [*] Just the top level pointer is checked. Some pointer modifiers are accessing ptr->ptr->val. The lower level pointers are not checked to avoid too much complexity. Best Regards, Petr