Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp3651324ybd;
        Tue, 25 Jun 2019 06:19:30 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzQGEHDWMeE0U1kgzpXN0MCBmIYb6ZfiDaEdEXHCwGZH0o2o4A975b7FIS+yZ/wBN3lyny2
X-Received: by 2002:a63:e317:: with SMTP id f23mr1399199pgh.39.1561468769840;
        Tue, 25 Jun 2019 06:19:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561468769; cv=none;
        d=google.com; s=arc-20160816;
        b=mEXFZ+BBbamn6qIZW8yny6S2m2Bc3dRct8tTgk7lGT+T6DXl2U9xot6FRk0Kup+wiy
         L1ZvNGqo2Gwg9Be1OWPeIxVyRNYMFWP3Rw6+PgFFQIzRraVkXQxnY4o7c3aarQOOOxBM
         9o2cQwkckhVrE07Vh7XApF6QM/sopyctNGwnZc7p/pgSZspGgEonf1RzrEoIGtFUgvSC
         HUEQ5PsTtkMTUhNL9yjEobKPnscw3XerqgCSUSjmMZmaxeUbHX0B/h6KqGN4eHQhICxg
         9MHq0NxwsdVd4Ffxi19jMZjahUu8lxSQxJgLPz0wo4v7OSTM9reL4u7/6gztZ6D+y2Rc
         wRhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:message-id
         :in-reply-to:date:references:subject:cc:to:from;
        bh=mSpSa68sT0KuGyUNPosGMG0gZRpPV6syWNaCifXTa4g=;
        b=uIxSQsrSk7ZKwhsBNmAiRZIDoSau5h7Dwt1N2fQuuhsbYMz2nYXNOMWxlKChARdLv5
         7Hws1AQr7lWpfchawRMzYVXZKDnCwe4u96dmaX3oUN27x2Cca8iqxtTYcG0VJuvU/BQ4
         K35Bm/E7MWUGKgJxHDmJRDzGiueGGWCaqYGemXvP6F2iKFSD8rbHjrf+nT5fIIOAlGgg
         81lhkusErVWoWmkrksdfWGhRbefWnjnG3GktuIXdAvE2D0OaolU+12RqXdirrBKGb+IJ
         JNha9nYxv8Dap2juSO6Qp8ThkN3vTXAvGvfwvqNgn/XwPtLCgoI6M5HQiAJTCaMlLwmT
         oSFQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g14si14014188pgo.579.2019.06.25.06.19.14;
        Tue, 25 Jun 2019 06:19:29 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728304AbfFYMDx (ORCPT <rfc822;jekfish0@gmail.com> + 99 others);
        Tue, 25 Jun 2019 08:03:53 -0400
Received: from Galois.linutronix.de ([193.142.43.55]:42503 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726628AbfFYMDw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 25 Jun 2019 08:03:52 -0400
Received: from localhost ([127.0.0.1] helo=vostro.local)
        by Galois.linutronix.de with esmtp (Exim 4.80)
        (envelope-from <john.ogness@linutronix.de>)
        id 1hfkAm-0006Fr-Ta; Tue, 25 Jun 2019 14:03:41 +0200
From:   John Ogness <john.ogness@linutronix.de>
To:     Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc:     Petr Mladek <pmladek@suse.com>, linux-kernel@vger.kernel.org,
        Peter Zijlstra <peterz@infradead.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Andrea Parri <andrea.parri@amarulasolutions.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Subject: Re: [RFC PATCH v2 1/2] printk-rb: add a new printk ringbuffer implementation
References: <20190607162349.18199-1-john.ogness@linutronix.de>
        <20190607162349.18199-2-john.ogness@linutronix.de>
        <20190618045117.GA7419@jagdpanzerIV> <87imt2bl0k.fsf@linutronix.de>
        <20190625064543.GA19050@jagdpanzerIV>
        <20190625071500.GB19050@jagdpanzerIV> <875zoujbq4.fsf@linutronix.de>
        <20190625090620.wufhvdxxiryumdra@pathway.suse.cz>
        <20190625100322.GD532@jagdpanzerIV>
Date:   Tue, 25 Jun 2019 14:03:39 +0200
In-Reply-To: <20190625100322.GD532@jagdpanzerIV> (Sergey Senozhatsky's message
        of "Tue, 25 Jun 2019 19:03:22 +0900")
Message-ID: <87woh9hnxg.fsf@linutronix.de>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2019-06-25, Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com> wrote:
>>>> In vprintk_emit(), are we going to always reserve 1024-byte
>>>> records, since we don't know the size in advance, e.g.
>>>> 
>>>> 	printk("%pS %s\n", regs->ip, current->name)
>>>> 		prb_reserve(&e, &rb, ????);
>>>> 
>>>> or are we going to run vscnprintf() on a NULL buffer first,
>>>> then reserve the exactly required number of bytes and afterwards
>>>> vscnprintf(s) -> prb_commit(&e)?
>>> 
>>> (As suggested by Petr) I want to use vscnprintf() on a NULL
>>> buffer. However, a NULL buffer is not sufficient because things like the
>>> loglevel are sometimes added via %s (for example, in /dev/kmsg). So
>>> rather than a NULL buffer, I would use a small buffer on the stack
>>> (large enough to store loglevel/cont information). This way we can use
>>> vscnprintf() to get the exact size _and_ printk_get_level() will see
>>> enough of the formatted string to parse what it needs.
>> 
>> vscnprintf() with NULL pointer is perfectly fine. Only the formatted
>> string has variable size.
>
> Yeah, that should work. Probably. Can't think of any issues, except
> for increased CPU usage. Some sprintf() format specifiers are heavier
> than the rest (pS/pF on ia64/ppc/hppa).
>
> OK, very theoretically.
>
> There is a difference.
>
> Doing "sz = vscprintf(NULL, msg); vscnprintf(buf, sz, msg)" for
> msg_print_text() and msg_print_ext_header() was safe, because the
> data - msg - would not change under us, we would work with logbuf
> records, IOW with data which is owned by printk() and printk only.
>
> But doing
> 		sz = vcsprintf(NULL, "xxx", random_pointer);
> 		if ((buf = prb_reserve(... sz))) {
> 			vscnprintf(buf, sz, "xxx", random_pointer);
> 			prb_commit(...);
> 		}
>
> might have different outcome sometimes. We probably (!!!) can have
> some race conditions. The problem is that, unlike msg_print_text()
> and msg_print_ext_header(), printk() works with pointers which it
> does not own nor control. IOW within single printk() we will access
> some random kernel pointers, then do prb stuff, then access those
> same pointers, expecting that none of them will ever change their
> state. A very simple example
>
> 		printk("Comm %s\n", current->comm)
>
> Suppose printk on CPU0 and ia64_mca_modify_comm on CPU1
>
> CPU0								CPU1
> printk(...)
>  sz = vscprintf(NULL, "Comm %s\n", current->comm);
> 								ia64_mca_modify_comm()
> 								  snprintf(comm, sizeof(comm), "%s %d", current->comm, previous_current->pid);
> 								  memcpy(current->comm, comm, sizeof(current->comm));
>  if ((buf = prb_reserve(... sz))) {
>    vscnprintf(buf, "Comm %s\n", current->comm);
> 				^^^^^^^^^^^^^^ ->comm has changed.
> 					       Nothing critical, we
> 					       should not corrupt
> 					       anything, but we will
> 					       truncate ->comm if its
> 					       new size is larger than
> 					       what it used to be when
> 					       we did vscprintf(NULL).
>    prb_commit(...);
>  }
>
> Probably there can be other examples.

This is a very good point, and quite important. It is not acceptable if
some crash output is cut off because of this effect.

In my v1 rfc series, I avoided this issue by having a separate dedicated
ringbuffer (rb_sprintf) that was used to allocate a temporary max-size
(2KB) buffer for sprinting to. Then _that_ was used for the real
ringbuffer input (strlen, prb_reserve, memcpy, prb_commit). That would
still be the approach of my choice.

John Ogness