From: Jan Kara <jack@suse.cz>
To: Patrick Palka <patrick@parcs.ath.cx>
Cc: linux-kernel@vger.kernel.org, akpm@linux-foundation.org,
pmladek@suse.cz, jack@suse.cz, rostedt@goodmis.org
Subject: Re: [PATCH] Fix faulty logic in the case of recursive printk
Date: Tue, 26 Aug 2014 10:48:33 +0200 [thread overview]
Message-ID: <20140826084833.GA1581@quack.suse.cz> (raw)
In-Reply-To: <1408896096-16605-1-git-send-email-patrick@parcs.ath.cx>
On Sun 24-08-14 12:01:36, Patrick Palka wrote:
> We shouldn't set text_len in the code path that detects printk recursion
> because text_len corresponds to the length of the string inside textbuf.
> A few lines down from the line
>
> text_len = strlen(recursion_msg);
>
> is the line
>
> text_len += vscnprintf(text + text_len, ...);
>
> So if printk detects recursion, it sets text_len to 29 and logs an
> error. Then the message supplied by the caller of printk is stored
> inside textbuf but offset by 29 bytes. This means that the output of
> the recursive call to printk will contain 29 bytes of garbage in front
> of it.
>
> This defect is caused by commit 458df9fd ("printk: remove separate
> printk_sched buffers and use printk buf instead") which turned
>
> text_len = vscnprintf(text + text_len, ...);
>
> into
>
> text_len += vscnprintf(text + text_len, ...);
>
> To fix this, this patch avoids setting text_len when logging the printk
> recursion error. This patch also performs a couple of local
> micro-optimizations (use unlikely() and ARRAY_SIZE()).
Thanks for spotting this! Just one nit below:
> Signed-off-by: Patrick Palka <patrick@parcs.ath.cx>
> ---
> kernel/printk/printk.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
> index e04c455..c101ec2 100644
> --- a/kernel/printk/printk.c
> +++ b/kernel/printk/printk.c
> @@ -1665,15 +1665,15 @@ asmlinkage int vprintk_emit(int facility, int level,
> raw_spin_lock(&logbuf_lock);
> logbuf_cpu = this_cpu;
>
> - if (recursion_bug) {
> + if (unlikely(recursion_bug)) {
> static const char recursion_msg[] =
> "BUG: recent printk recursion!";
>
> recursion_bug = 0;
> - text_len = strlen(recursion_msg);
> /* emit KERN_CRIT message */
> printed_len += log_store(0, 2, LOG_PREFIX|LOG_NEWLINE, 0,
> - NULL, 0, recursion_msg, text_len);
> + NULL, 0, recursion_msg,
> + ARRAY_SIZE(recursion_msg) - 1);
I'd prefer to keep using strlen(recursion_msg). It is more obvious what
it does and is more futureproof.
Honza
--
Jan Kara <jack@suse.cz>
SUSE Labs, CR
next prev parent reply other threads:[~2014-08-26 8:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-24 16:01 [PATCH] Fix faulty logic in the case of recursive printk Patrick Palka
2014-08-26 8:48 ` Jan Kara [this message]
2014-08-26 11:23 ` Patrick Palka
2014-08-26 12:56 ` Jan Kara
2014-08-27 7:36 ` Petr Mládek
2014-08-26 9:19 ` Petr Mládek
2014-08-26 13:53 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140826084833.GA1581@quack.suse.cz \
--to=jack@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=patrick@parcs.ath.cx \
--cc=pmladek@suse.cz \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.