Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp3651324ybd; Tue, 25 Jun 2019 06:19:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqzQGEHDWMeE0U1kgzpXN0MCBmIYb6ZfiDaEdEXHCwGZH0o2o4A975b7FIS+yZ/wBN3lyny2 X-Received: by 2002:a63:e317:: with SMTP id f23mr1399199pgh.39.1561468769840; Tue, 25 Jun 2019 06:19:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561468769; cv=none; d=google.com; s=arc-20160816; b=mEXFZ+BBbamn6qIZW8yny6S2m2Bc3dRct8tTgk7lGT+T6DXl2U9xot6FRk0Kup+wiy L1ZvNGqo2Gwg9Be1OWPeIxVyRNYMFWP3Rw6+PgFFQIzRraVkXQxnY4o7c3aarQOOOxBM 9o2cQwkckhVrE07Vh7XApF6QM/sopyctNGwnZc7p/pgSZspGgEonf1RzrEoIGtFUgvSC HUEQ5PsTtkMTUhNL9yjEobKPnscw3XerqgCSUSjmMZmaxeUbHX0B/h6KqGN4eHQhICxg 9MHq0NxwsdVd4Ffxi19jMZjahUu8lxSQxJgLPz0wo4v7OSTM9reL4u7/6gztZ6D+y2Rc wRhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from; bh=mSpSa68sT0KuGyUNPosGMG0gZRpPV6syWNaCifXTa4g=; b=uIxSQsrSk7ZKwhsBNmAiRZIDoSau5h7Dwt1N2fQuuhsbYMz2nYXNOMWxlKChARdLv5 7Hws1AQr7lWpfchawRMzYVXZKDnCwe4u96dmaX3oUN27x2Cca8iqxtTYcG0VJuvU/BQ4 K35Bm/E7MWUGKgJxHDmJRDzGiueGGWCaqYGemXvP6F2iKFSD8rbHjrf+nT5fIIOAlGgg 81lhkusErVWoWmkrksdfWGhRbefWnjnG3GktuIXdAvE2D0OaolU+12RqXdirrBKGb+IJ JNha9nYxv8Dap2juSO6Qp8ThkN3vTXAvGvfwvqNgn/XwPtLCgoI6M5HQiAJTCaMlLwmT oSFQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g14si14014188pgo.579.2019.06.25.06.19.14; Tue, 25 Jun 2019 06:19:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728304AbfFYMDx (ORCPT + 99 others); Tue, 25 Jun 2019 08:03:53 -0400 Received: from Galois.linutronix.de ([193.142.43.55]:42503 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726628AbfFYMDw (ORCPT ); Tue, 25 Jun 2019 08:03:52 -0400 Received: from localhost ([127.0.0.1] helo=vostro.local) by Galois.linutronix.de with esmtp (Exim 4.80) (envelope-from ) id 1hfkAm-0006Fr-Ta; Tue, 25 Jun 2019 14:03:41 +0200 From: John Ogness To: Sergey Senozhatsky Cc: Petr Mladek , linux-kernel@vger.kernel.org, Peter Zijlstra , Steven Rostedt , Linus Torvalds , Greg Kroah-Hartman , Andrea Parri , Thomas Gleixner , Sergey Senozhatsky Subject: Re: [RFC PATCH v2 1/2] printk-rb: add a new printk ringbuffer implementation References: <20190607162349.18199-1-john.ogness@linutronix.de> <20190607162349.18199-2-john.ogness@linutronix.de> <20190618045117.GA7419@jagdpanzerIV> <87imt2bl0k.fsf@linutronix.de> <20190625064543.GA19050@jagdpanzerIV> <20190625071500.GB19050@jagdpanzerIV> <875zoujbq4.fsf@linutronix.de> <20190625090620.wufhvdxxiryumdra@pathway.suse.cz> <20190625100322.GD532@jagdpanzerIV> Date: Tue, 25 Jun 2019 14:03:39 +0200 In-Reply-To: <20190625100322.GD532@jagdpanzerIV> (Sergey Senozhatsky's message of "Tue, 25 Jun 2019 19:03:22 +0900") Message-ID: <87woh9hnxg.fsf@linutronix.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-06-25, Sergey Senozhatsky wrote: >>>> In vprintk_emit(), are we going to always reserve 1024-byte >>>> records, since we don't know the size in advance, e.g. >>>> >>>> printk("%pS %s\n", regs->ip, current->name) >>>> prb_reserve(&e, &rb, ????); >>>> >>>> or are we going to run vscnprintf() on a NULL buffer first, >>>> then reserve the exactly required number of bytes and afterwards >>>> vscnprintf(s) -> prb_commit(&e)? >>> >>> (As suggested by Petr) I want to use vscnprintf() on a NULL >>> buffer. However, a NULL buffer is not sufficient because things like the >>> loglevel are sometimes added via %s (for example, in /dev/kmsg). So >>> rather than a NULL buffer, I would use a small buffer on the stack >>> (large enough to store loglevel/cont information). This way we can use >>> vscnprintf() to get the exact size _and_ printk_get_level() will see >>> enough of the formatted string to parse what it needs. >> >> vscnprintf() with NULL pointer is perfectly fine. Only the formatted >> string has variable size. > > Yeah, that should work. Probably. Can't think of any issues, except > for increased CPU usage. Some sprintf() format specifiers are heavier > than the rest (pS/pF on ia64/ppc/hppa). > > OK, very theoretically. > > There is a difference. > > Doing "sz = vscprintf(NULL, msg); vscnprintf(buf, sz, msg)" for > msg_print_text() and msg_print_ext_header() was safe, because the > data - msg - would not change under us, we would work with logbuf > records, IOW with data which is owned by printk() and printk only. > > But doing > sz = vcsprintf(NULL, "xxx", random_pointer); > if ((buf = prb_reserve(... sz))) { > vscnprintf(buf, sz, "xxx", random_pointer); > prb_commit(...); > } > > might have different outcome sometimes. We probably (!!!) can have > some race conditions. The problem is that, unlike msg_print_text() > and msg_print_ext_header(), printk() works with pointers which it > does not own nor control. IOW within single printk() we will access > some random kernel pointers, then do prb stuff, then access those > same pointers, expecting that none of them will ever change their > state. A very simple example > > printk("Comm %s\n", current->comm) > > Suppose printk on CPU0 and ia64_mca_modify_comm on CPU1 > > CPU0 CPU1 > printk(...) > sz = vscprintf(NULL, "Comm %s\n", current->comm); > ia64_mca_modify_comm() > snprintf(comm, sizeof(comm), "%s %d", current->comm, previous_current->pid); > memcpy(current->comm, comm, sizeof(current->comm)); > if ((buf = prb_reserve(... sz))) { > vscnprintf(buf, "Comm %s\n", current->comm); > ^^^^^^^^^^^^^^ ->comm has changed. > Nothing critical, we > should not corrupt > anything, but we will > truncate ->comm if its > new size is larger than > what it used to be when > we did vscprintf(NULL). > prb_commit(...); > } > > Probably there can be other examples. This is a very good point, and quite important. It is not acceptable if some crash output is cut off because of this effect. In my v1 rfc series, I avoided this issue by having a separate dedicated ringbuffer (rb_sprintf) that was used to allocate a temporary max-size (2KB) buffer for sprinting to. Then _that_ was used for the real ringbuffer input (strlen, prb_reserve, memcpy, prb_commit). That would still be the approach of my choice. John Ogness