Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1341877ybl; Tue, 3 Dec 2019 05:47:06 -0800 (PST) X-Google-Smtp-Source: APXvYqwGKIZ+GLZjKXwhEOSbR3D0G0pRv2nPhijlnEtze45OW4UY1a0ZgZHIwktRErL/sWQucUX9 X-Received: by 2002:a9d:7483:: with SMTP id t3mr3206989otk.262.1575380826213; Tue, 03 Dec 2019 05:47:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575380826; cv=none; d=google.com; s=arc-20160816; b=1H1vEaxyaBtcMQZny+76j0BLkHgO0EaekBpPQCQBYIFNRsvkokqM15XJv/eUSYkXcM qHVLB3xmahUZR3Ezl+IcH2sbOl+Ix/Ez54O6Mg8XGF5ZjDmqSw3SKeBr9CIHcABmoyO1 bdxVohfEJz2unTc0YxyrlYAtZoL3PgVtCYLQe0rknYj6W5a9wPLndZYJ1oDcVA4lsh/n sX5nyQG6bizBH4Mw/qBBupGdkPd8ypSnnNCJnHpl8j2bNu6/VG3m2mFxvjxVs2hSEILN K/118xlt0AQ6UhHNzLqqS6MpoGpf8ZlemqygMLCWX3Bx/t9hmIEW4HUZi0MjnhqMNfRw AuYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from; bh=oJ3HvRLv/cV88jYtoh8HOXZjBry6vwhIl//aAX5g8Vc=; b=rlEqnxoOy6OGThV8mP4xlTTKMktFv1nk/7SdadWHimu5EiO+0TIlYvrqeZE5J9vaOm 9m0n5NMyCHY2SRTx8ph3/GLuXlm/e8V9fAZzTgDjUhdb/zSIwHC/kUD2qIeLH+jF4S7f dQCXn4pf1wOCaT+B8YOrhpHlDehsIqMo8SIKpuKgJ/O+LWvlkdgFfx1gr91XJeYWASV2 GiktCVh2qMz2FAdnPzVm1mCywvFDM0Jlj1F5nk89bwVniTReK9S4RtAYzhZ83dsRZUGT zBVU6/I3dOMgz/NorPHXuQ9Hqd63v7u1oNONEDj1RRIRD8A6GQeN6wiixlpjeeuxbSh5 IUhg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w138si1287247oiw.46.2019.12.03.05.46.53; Tue, 03 Dec 2019 05:47:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726087AbfLCNqV (ORCPT + 99 others); Tue, 3 Dec 2019 08:46:21 -0500 Received: from Galois.linutronix.de ([193.142.43.55]:54672 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725848AbfLCNqV (ORCPT ); Tue, 3 Dec 2019 08:46:21 -0500 Received: from localhost ([127.0.0.1] helo=vostro.local) by Galois.linutronix.de with esmtp (Exim 4.80) (envelope-from ) id 1ic8VE-000255-VF; Tue, 03 Dec 2019 14:46:09 +0100 From: John Ogness To: Petr Mladek Cc: linux-kernel@vger.kernel.org, Peter Zijlstra , Sergey Senozhatsky , Steven Rostedt , Linus Torvalds , Greg Kroah-Hartman , Andrea Parri , Thomas Gleixner , Sergey Senozhatsky , Brendan Higgins , kexec@lists.infradead.org Subject: Re: [RFC PATCH v5 2/3] printk-rb: new printk ringbuffer implementation (reader) References: <20191128015235.12940-1-john.ogness@linutronix.de> <20191128015235.12940-3-john.ogness@linutronix.de> <20191203120622.zux33do54rmjafns@pathway.suse.cz> Date: Tue, 03 Dec 2019 14:46:07 +0100 In-Reply-To: <20191203120622.zux33do54rmjafns@pathway.suse.cz> (Petr Mladek's message of "Tue, 3 Dec 2019 13:06:22 +0100") Message-ID: <87pnh5bjz4.fsf@linutronix.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-12-03, Petr Mladek wrote: >> Add the reader implementation for the new ringbuffer. >> >> Signed-off-by: John Ogness >> --- >> kernel/printk/printk_ringbuffer.c | 234 ++++++++++++++++++++++++++++++ >> kernel/printk/printk_ringbuffer.h | 12 +- >> 2 files changed, 245 insertions(+), 1 deletion(-) >> >> diff --git a/kernel/printk/printk_ringbuffer.c b/kernel/printk/printk_ringbuffer.c >> index 09c32e52fd40..f85762713583 100644 >> --- a/kernel/printk/printk_ringbuffer.c >> +++ b/kernel/printk/printk_ringbuffer.c >> @@ -674,3 +674,237 @@ void prb_commit(struct prb_reserved_entry *e) >> local_irq_restore(e->irqflags); >> } >> EXPORT_SYMBOL(prb_commit); >> + >> +/* >> + * Given @blk_lpos, return a pointer to the raw data from the data block >> + * and calculate the size of the data part. A NULL pointer is returned >> + * if @blk_lpos specifies values that could never be legal. >> + * >> + * This function (used by readers) performs strict validation on the lpos >> + * values to possibly detect bugs in the writer code. A WARN_ON_ONCE() is >> + * triggered if an internal error is detected. >> + */ >> +static char *get_data(struct prb_data_ring *data_ring, >> + struct prb_data_blk_lpos *blk_lpos, >> + unsigned long *data_size) >> +{ >> + struct prb_data_block *db; >> + >> + if (blk_lpos->begin == INVALID_LPOS && >> + blk_lpos->next == INVALID_LPOS) { >> + /* descriptor without a data block */ >> + return NULL; >> + } else if (DATA_WRAPS(data_ring, blk_lpos->begin) == >> + DATA_WRAPS(data_ring, blk_lpos->next)) { >> + /* regular data block */ >> + if (WARN_ON_ONCE(blk_lpos->next <= blk_lpos->begin)) >> + return NULL; >> + db = to_block(data_ring, blk_lpos->begin); >> + *data_size = blk_lpos->next - blk_lpos->begin; >> + >> + } else if ((DATA_WRAPS(data_ring, blk_lpos->begin) + 1 == >> + DATA_WRAPS(data_ring, blk_lpos->next)) || >> + ((DATA_WRAPS(data_ring, blk_lpos->begin) == >> + DATA_WRAPS(data_ring, -1UL)) && >> + (DATA_WRAPS(data_ring, blk_lpos->next) == 0))) { > > I am a bit confused. I would expect that (-1UL + 1) = 0. So the second > condition after || looks just like a special variant of the first > valid condition. > > Or do I miss anything? Is there a problems with type casting? Sorry, this code deserves a comment. Here we are only comparing the number of wraps. For a wrapping data block, @begin will be 1 wrap less than @next. The first part of the check is checking the typical case, making sure that: 1 + WRAPS(@begin) == WRAPS(@next) There is also the case when the lpos overflows. In that case the number of wraps starts over at zero (without having overflowed). (Note: The lpos overflows, _not_ the number of wraps. This is why the first check is not enough.) In this case, the number of wraps of the highest possible lpos value (-1UL) should be the same as the number of wraps of @begin. And the number of wraps of @next should be 0. The simplified pseudo-code check is: WRAPS(@begin) == WRAPS(-1UL) && WRAPS(@next) == 0 >> + /* wrapping data block */ >> + db = to_block(data_ring, 0); >> + *data_size = DATA_INDEX(data_ring, blk_lpos->next); >> + >> + } else { >> + WARN_ON_ONCE(1); >> + return NULL; >> + } >> + >> + /* A valid data block will always be aligned to the ID size. */ >> + if (WARN_ON_ONCE(blk_lpos->begin != >> + ALIGN(blk_lpos->begin, sizeof(db->id))) || >> + WARN_ON_ONCE(blk_lpos->next != >> + ALIGN(blk_lpos->next, sizeof(db->id)))) { >> + return NULL; >> + } >> + >> + /* A valid data block will always have at least an ID. */ >> + if (WARN_ON_ONCE(*data_size < sizeof(db->id))) >> + return NULL; >> + >> + /* Subtract descriptor ID space from size. */ >> + *data_size -= sizeof(db->id); >> + >> + return &db->data[0]; >> +} >> + >> +/* Given @blk_lpos, copy an expected @len of data into the provided buffer. */ >> +static bool copy_data(struct prb_data_ring *data_ring, >> + struct prb_data_blk_lpos *blk_lpos, u16 len, char *buf, >> + unsigned int buf_size) >> +{ >> + unsigned long data_size; >> + char *data; >> + >> + /* Caller might not want the data. */ >> + if (!buf || !buf_size) >> + return true; >> + >> + data = get_data(data_ring, blk_lpos, &data_size); >> + if (!data) >> + return false; >> + >> + /* Actual cannot be less than expected. */ >> + if (WARN_ON_ONCE(data_size < len)) >> + return false; > > I do not have a good feeling that the record gets lost here. > > I could imagine that a writer would reserve more space than > needed in the end. Then it would want to modify desc.info.text_len > and could do a mistake. > > By other words, I would expect a bug on the writer side here. > And I would try to preserve the data by calling: > > pr_warn_once("Wrong data_size (%lu) for data: %.*s\n", data_size, > data_size, data); > > Well, I do not resist on it. WARN_ON_ONCE() is fine as well. Since readers will run in their own kthread, the WARN_ON_ONCE() will not be sufficient to identify the bug. Attempting to print the bad string would help. (Although I expect we will not hit these WARN_ON's since we are the ones implementing printk.) John Ogness