Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp76145lqs;
        Mon, 4 Mar 2024 15:46:46 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCVXmWtZMQCmmErxrVJ8VVLdtmNZfDkBIdXN1WZMEnZvE4pSa2p9lD0v9hnlCzdRKc3i0dcAW5UU3lSlrsKUmB5kn0q8xo67R67eX968tQ==
X-Google-Smtp-Source: AGHT+IHKwqb5RX9H4iFqU39jvW1MVnYC962Xx+9x4z77KcothB5R5yeJgaoLZNhXw92c3E8jRyOv
X-Received: by 2002:a05:6122:da7:b0:4ca:615e:1b61 with SMTP id bc39-20020a0561220da700b004ca615e1b61mr250225vkb.10.1709596005801;
        Mon, 04 Mar 2024 15:46:45 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709596005; cv=pass;
        d=google.com; s=arc-20160816;
        b=Sun5nkr1hfdv0tRYjUdsvNVosF8VWx+7fZBI1nfnKR6NbAb6FhmnIWXQYFeiqny9pB
         USaVs7Pg+ut6w1j+/vNqQj2SVVxpOa654LOATgv4p1J1lNic2d1X2Csy97AG6p0RmrSE
         bqDhDtMSzQCiW/ICOzzsA1tolot/Qu8HCEKbVnGQvAg4zZHYdhcrbTe6VSmn533DQyXG
         cqty5FFruVlOlK9w0Tac05ATwtZadfSR7ppMIuEa6xfZ5xn7yfVWWAZ3gbDhwg34CX0s
         KaLxyyjr33xMwTf+DBogG6I2Qq8XHDZPflIIML4jMzlosnQ+fUzkZ5SCtU9k71orWMB0
         bCWQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :subject:cc:to:from:date;
        bh=pSLRvnoaLzUldcC94RkKVKPenGQkDDBv1IMUpXrqiNA=;
        fh=Z4tsOB/IV38gOyR2qPehPYRd6/PjJOdZwylA30ksxfw=;
        b=pfFHhPqGjj6GbUjYcYnaMFmiXYUyhIc6vxNNDG4DxU5+0z3iOloY/91+mYlIrYNkwK
         YqpPDTPBgHwbXnjGcjcP6YCQ0KG5/YK7ETfPad70gf1tKdAy6gCL2vcgALfjpVbV/hWj
         WE28KuwGXUGTY6nIck8NPtEcwQpKOe0DzjJxHwJSjRlvCB7brJGakUFjgmQ9QyXlRV+/
         9mQiriqdIvK1MHt1hl1QmD/bvIXKw1iYovcTYbJzCDnAnsSlQsB+2nolUrRfmSdGssZJ
         niXGAW/suMlx4g2UCgKSrpW28lINg4LdLSFQB1tx35xjg8+vpUb8ch6k+s4lsj7QpuXN
         QIRQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       arc=pass (i=1);
       spf=pass (google.com: domain of linux-kernel+bounces-91421-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-91421-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-91421-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id n1-20020ac85a01000000b0042efb0e915fsi1242901qta.759.2024.03.04.15.46.45
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Mar 2024 15:46:45 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-91421-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       arc=pass (i=1);
       spf=pass (google.com: domain of linux-kernel+bounces-91421-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-91421-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 0AC6A1C21CAF
	for <linux.lists.archive@gmail.com>; Mon,  4 Mar 2024 23:45:45 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 622917D3E7;
	Mon,  4 Mar 2024 23:45:38 +0000 (UTC)
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E23EA7D06E
	for <linux-kernel@vger.kernel.org>; Mon,  4 Mar 2024 23:45:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709595937; cv=none; b=CGgLucPXjXCBAacKaOJHI/rCOXJwbuzVkQVoqya4GWkC10qAPCxeJQJFRQ6GP30GdX0K/3TWNSpqGGXFPj/Z0ETJY3LimVUWycHHmBYJJsYNdeH8vZwP2WIZOiMfoy9sgx8mF+GNWPLuLGY8og6oqliX5lDoL/pAi8FlBeS1Hcg=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709595937; c=relaxed/simple;
	bh=rWCalsQ/ubomWP4T3IoTLD+8DsTwXYo/CmCx4jzu1OA=;
	h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type; b=a3OBiKqiQyBNuPW1PKzzGJDqC7pqRTCy3vW4E+r1nDSmb9KbyKIbblLI9daUN4RPJQ1rd/o/qAuktPL6dvNfR3VxCnfQ3DtOYA9XX+MJWq8QbOyySykzMslOxuuiALzK4Hs6qt8Ep9jzCXjiobZGCfhXrf2uzTrzisQIgs6xIF0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF6A4C43390;
	Mon,  4 Mar 2024 23:45:36 +0000 (UTC)
Date: Mon, 4 Mar 2024 18:47:25 -0500
From: Steven Rostedt <rostedt@goodmis.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: LKML <linux-kernel@vger.kernel.org>, Masami Hiramatsu
 <mhiramat@kernel.org>, Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
 Sachin Sant <sachinp@linux.ibm.com>
Subject: Re: [GIT PULL] tracing: Prevent trace_marker being bigger than
 unsigned short
Message-ID: <20240304184725.55449e70@gandalf.local.home>
In-Reply-To: <CAHk-=wi53cJEKim7UvUXtdhQG1BR7oU5TABPXaOq5SmBKLSKYg@mail.gmail.com>
References: <20240302111244.3a1674be@gandalf.local.home>
	<CAHk-=wj376WMgZ24wKGEWDs_ojNtod-LDZBedPzDYRRcY60UYA@mail.gmail.com>
	<20240302145958.05aabdd2@rorschach.local.home>
	<CAHk-=wgjhdRj1V847NTF4veMN_tCbrySiEHXO8RO3n05cNeXeA@mail.gmail.com>
	<20240302154713.71e29402@rorschach.local.home>
	<CAHk-=wioeo5vyEWUZcGBKMsf3jnjrnnHc3uJiV=JjSKPdvZOEw@mail.gmail.com>
	<20240303075937.36fc6043@rorschach.local.home>
	<CAHk-=wiLdWetJgKHB72VeDALZsjpggEyyuiZ2KmoY_g+3horwQ@mail.gmail.com>
	<20240303140705.0f655e36@rorschach.local.home>
	<CAHk-=wiTGmAXfHiRB8ku4diLxRpN=Hac_q86=j65oiP3J5uXKg@mail.gmail.com>
	<20240303160024.458d4f91@rorschach.local.home>
	<20240304164205.3245608a@gandalf.local.home>
	<CAHk-=wgwy-p_zodT0JvkVkkd5MWy9NffC3jiDiczMMHPj1eQ9w@mail.gmail.com>
	<20240304171034.08d037aa@gandalf.local.home>
	<CAHk-=wi53cJEKim7UvUXtdhQG1BR7oU5TABPXaOq5SmBKLSKYg@mail.gmail.com>
X-Mailer: Claws Mail 3.19.1 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Mon, 4 Mar 2024 15:20:52 -0800
Linus Torvalds <torvalds@linux-foundation.org> wrote:

> On Mon, 4 Mar 2024 at 14:08, Steven Rostedt <rostedt@goodmis.org> wrote:
> >
> > Fine, I'll just remove the precision as that's not needed. There was no
> > other overflows involved here.  
> 
> I really want you to add the size check on the trace buffer *creation* side.
> 
> I don't understand why you refuse to accept the fact that the
> precision warning found a PROBLEM.

And what exactly was that problem? That someone wrote a huge string into
the trace_marker on a machine that had huge page sizes?

What exactly broke?

There was no overflow. No bad memory. KASAN is happy.


> 
> And no, the fix was never to paper over the problem by limiting the
> precision field. Hiding a problem isn't fixing it.

What was broken? The fact that we allowed the buffer to be 64K on a system
that has 64K PAGE_SIZE and we limited the strings to the size of what the
buffer can hold?

I would limit the buffers themselves but they are used in page mappings
which needs to be PAGE_SIZE. Which is most cases is only 4K.

> 
> And no, the fix was also never to chop up the printing of the string
> in smaller pieces to hide paper over the precision field. Again,
> hiding a problem isn't fixing it.

Yes, I didn't like that change either.

> 
> And finally, NO, the fix was also never to add extra debug code to see
> that there was a NUL character there.

That was not a fix, but just a paranoid check. The only times that my
paranoid checks usually trigger is during development which saves a few
hours of debugging as they point out exactly what broke.

> 
> The fix was *always* to simply not accept insanely long strings in the
> first place, and make sure that the field was correctly *set*.

And what exactly is an "insane size"?

The buffer is allocated by page size, and when writing to it I make sure it
fits. I'm now supposed to add some code to tell the user, "No you can't
write that much into the buffer, even though we allocated enough to fit it"?

If I had never added that precision (which I just recently added), there
would have been no bug report, because there would have been no bug.


> 
> IOW, at *creation* time the code needed a proper check for length
> (which obviously indirectly includes checking for the terminating NUL
> character at that point).
> 
> Why do these threads with you always have to end up this long? Why do
> I Nhave to explain every single step of the way that you need to *FIX*
> the problem, not try to hide it with new extra code.

Because I still don't know what exactly the problem is! I'm supposed to add
some arbitrary limit to what people can enter just because we think it's
crazy to have big strings?

If I remove the precision, as I did in this patch. Then adding a limit is
not fixing any bug. It's just adding a limit.

-- Steve