From: John Ogness <john.ogness@linutronix.de>
To: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
lijiang <lijiang@redhat.com>, Petr Mladek <pmladek@suse.com>,
Peter Zijlstra <peterz@infradead.org>,
Steven Rostedt <rostedt@goodmis.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrea Parri <parri.andrea@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 0/2] printk: replace ringbuffer
Date: Wed, 05 Feb 2020 16:48:32 +0100 [thread overview]
Message-ID: <87wo919grz.fsf@linutronix.de> (raw)
In-Reply-To: <20200205110522.GA456@jagdpanzerIV.localdomain> (Sergey Senozhatsky's message of "Wed, 5 Feb 2020 20:07:44 +0900")
On 2020-02-05, Sergey Senozhatsky <sergey.senozhatsky@gmail.com> wrote:
> 3BUG: KASAN: wild-memory-access in copy_data+0x129/0x220>
> 3Write of size 4 at addr 5a5a5a5a5a5a5a5a by task cat/474>
The problem was due to an uninitialized pointer.
Very recently the ringbuffer API was expanded so that it could
optionally count lines in a record. This made it possible for me to
implement record_print_text_inline(), which can do all the kmsg_dump
multi-line madness without requiring a temporary buffer. Rather than
passing an extra argument around for the optional line count, I added
the text_line_count pointer to the printk_record struct. And since line
counting is rarely needed, it is only performed if text_line_count is
non-NULL.
I oversaw that devkmsg_open() setup a printk_record and so I did not see
to add the extra NULL initialization of text_line_count. There should be
be an initializer function/macro to avoid this danger.
John Ogness
The quick fixup:
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index d0d24ee1d1f4..5ad67ff60cd9 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -883,6 +883,7 @@ static int devkmsg_open(struct inode *inode, struct file *file)
user->record.text_buf_size = sizeof(user->text_buf);
user->record.dict_buf = &user->dict_buf[0];
user->record.dict_buf_size = sizeof(user->dict_buf);
+ user->record.text_line_count = NULL;
logbuf_lock_irq();
user->seq = prb_first_seq(prb);
next prev parent reply other threads:[~2020-02-05 15:48 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-28 16:19 [PATCH 0/2] printk: replace ringbuffer John Ogness
2020-01-28 16:19 ` [PATCH 1/2] printk: add lockless buffer John Ogness
2020-01-29 3:53 ` Steven Rostedt
2020-02-21 11:54 ` more barriers: " Petr Mladek
2020-02-27 12:04 ` John Ogness
2020-03-04 15:08 ` Petr Mladek
2020-03-13 10:13 ` John Ogness
2020-02-21 12:05 ` misc nits " Petr Mladek
2020-03-02 10:38 ` John Ogness
2020-03-02 12:17 ` Joe Perches
2020-03-02 12:32 ` Petr Mladek
2020-03-02 13:43 ` John Ogness
2020-03-03 9:47 ` Petr Mladek
2020-03-03 15:42 ` John Ogness
2020-03-04 10:09 ` Petr Mladek
2020-03-04 9:40 ` Petr Mladek
2020-01-28 16:19 ` [PATCH 2/2] printk: use the lockless ringbuffer John Ogness
2020-02-13 9:07 ` Sergey Senozhatsky
2020-02-13 9:42 ` John Ogness
2020-02-13 11:59 ` Sergey Senozhatsky
2020-02-13 22:36 ` John Ogness
2020-02-14 1:41 ` Sergey Senozhatsky
2020-02-14 2:09 ` Sergey Senozhatsky
2020-02-14 9:48 ` John Ogness
2020-02-14 13:29 ` lijiang
2020-02-14 13:50 ` John Ogness
2020-02-15 4:15 ` lijiang
2020-02-17 15:40 ` crashdump: " Petr Mladek
2020-02-17 16:14 ` John Ogness
2020-02-17 14:41 ` misc details: " Petr Mladek
2020-02-25 20:11 ` John Ogness
2020-02-26 9:54 ` Petr Mladek
2020-02-05 4:25 ` [PATCH 0/2] printk: replace ringbuffer lijiang
2020-02-05 4:42 ` Sergey Senozhatsky
2020-02-05 4:48 ` Sergey Senozhatsky
2020-02-05 5:02 ` Sergey Senozhatsky
2020-02-05 5:38 ` lijiang
2020-02-05 6:36 ` Sergey Senozhatsky
2020-02-05 9:00 ` John Ogness
2020-02-05 9:28 ` Sergey Senozhatsky
2020-02-05 10:19 ` lijiang
2020-02-05 16:12 ` John Ogness
2020-02-06 9:12 ` lijiang
2020-02-13 13:07 ` Petr Mladek
2020-02-14 1:07 ` Sergey Senozhatsky
2020-02-05 11:07 ` Sergey Senozhatsky
2020-02-05 15:48 ` John Ogness [this message]
2020-02-05 19:29 ` Joe Perches
2020-02-06 6:31 ` Sergey Senozhatsky
2020-02-06 7:30 ` lijiang
2020-02-07 1:40 ` Steven Rostedt
2020-02-07 7:43 ` John Ogness
2020-02-14 15:56 ` Petr Mladek
2020-02-17 11:13 ` John Ogness
2020-02-17 14:50 ` Petr Mladek
2020-02-25 19:27 ` John Ogness
2020-02-05 9:36 ` lijiang
2020-02-06 9:21 ` lijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87wo919grz.fsf@linutronix.de \
--to=john.ogness@linutronix.de \
--cc=gregkh@linuxfoundation.org \
--cc=kexec@lists.infradead.org \
--cc=lijiang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=parri.andrea@gmail.com \
--cc=peterz@infradead.org \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=sergey.senozhatsky@gmail.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).