linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
@ 2018-11-13 16:55 Qian Cai
  2018-11-13 17:20 ` Geert Uytterhoeven
  2018-11-13 17:29 ` Andy Shevchenko
  0 siblings, 2 replies; 10+ messages in thread
From: Qian Cai @ 2018-11-13 16:55 UTC (permalink / raw)
  To: linux-kernel
  Cc: Petr Mladek, Andy Shevchenko, Tobin C. Harding,
	Steven Rostedt (VMware),
	Geert Uytterhoeven

Running the trinity fuzzer with a non-root user on an aarch64 server with the
latest mainline (rc2) generated this. Is it just a false alarm to ignore?

[  807.847370] precision 65525 too large
[  807.847449] WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193
set_precision+0x84/0x90
[  807.860161] Modules linked in: cast6_generic cast_common lrw bridge 8021q
garp mrp stp llc dlci tcp_diag inet_diag af_key pptp gre l2tp_ppp l2tp_netlink
l2tp_core ip6_udp_tunnel udp_tunnel pppoe pppox ppp_generic slhc crypto_user
ib_core nfnetlink scsi_transport_iscsi atm sctp vfat fat ghash_ce sha2_ce
sha256_arm64 sha1_ce ses enclosure ipmi_ssif sg ipmi_si ipmi_devintf sbsa_gwdt
ipmi_msghandler sch_fq_codel xfs libcrc32c marvell mpt3sas mlx5_core raid_class
hibmc_drm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm
ixgbe hisi_sas_v2_hw igb hisi_sas_main libsas hns_dsaf mlxfw devlink
hns_enet_drv mdio i2c_designware_platform i2c_algo_bit i2c_designware_core
ehci_platform scsi_transport_sas hns_mdio hnae dm_mirror dm_region_hash dm_log
dm_mod
[  807.927838] CPU: 26 PID: 64391 Comm: trinity-c90 Kdump: loaded Tainted:
G        W         4.20.0-rc2+ #16
[  807.937494] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.50
06/01/2018
[  807.944718] pstate: 60000005 (nZCv daif -PAN -UAO)
[  807.949515] pc : set_precision+0x84/0x90
[  807.953439] lr : set_precision+0x84/0x90
[  807.957362] sp : ffff801e6430f6b0
[  807.960677] x29: ffff801e6430f6b0 x28: ffff801e6430fb10 
[  807.965992] x27: 0000000000000003 x26: 00000000ffffffd8 
[  807.971307] x25: ffff801e6430fba0 x24: ffff801e6430fb48 
[  807.976622] x23: ffff2000093ddfa0 x22: ffff801e6430f770 
[  807.981937] x21: ffff2000090eb4a6 x20: ffff801e6430f770 
[  807.987252] x19: 000000000000fff5 x18: 0000000000000000 
[  807.992569] x17: 0000000000000000 x16: 0000000000000000 
[  807.997884] x15: 0000000000000000 x14: 3878302031343220 
[  808.003201] x13: 6265783020303939 x12: ffff04000172b49c 
[  808.008516] x11: 1fffe4000172b49b x10: ffff04000172b49b 
[  808.013832] x9 : 0000000000000000 x8 : 203532353536206e 
[  808.019148] x7 : 6f69736963657270 x6 : 0000000041b58ab3 
[  808.024463] x5 : dfff200000000000 x4 : dfff200000000000 
[  808.029779] x3 : dfff200000000000 x2 : 65a2459128144800 
[  808.035093] x1 : 65a2459128144800 x0 : 0000000000000000 
[  808.040408] Call trace:
[  808.042861]  set_precision+0x84/0x90
[  808.046440]  vsnprintf+0x23c/0x858
[  808.049845]  __request_module+0x1a0/0x8b8
[  808.053860]  get_fs_type+0xb0/0x138
[  808.057351]  do_mount+0x2c4/0x13c0
[  808.060756]  ksys_mount+0xf4/0x110
[  808.064160]  __arm64_sys_mount+0x70/0x88
[  808.068087]  el0_svc_handler+0xd4/0x198
[  808.071928]  el0_svc+0x8/0xc
[  808.074810] irq event stamp: 347872
[  808.078305] hardirqs last  enabled at (347871): [<ffff2000082080e8>]
vprintk_emit+0x2b0/0x5c0
[  808.086833] hardirqs last disabled at (347872): [<ffff200008081490>]
do_debug_exception+0xd8/0x190
[  808.095795] softirqs last  enabled at (347844): [<ffff200008082210>]
__do_softirq+0x7c8/0x9c8
[  808.104325] softirqs last disabled at (347837): [<ffff20000812dbe4>]
irq_exit+0x25c/0x2f0
[  808.112502] ---[ end trace 598902d30712b79e ]---

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
  2018-11-13 16:55 WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90 Qian Cai
@ 2018-11-13 17:20 ` Geert Uytterhoeven
  2018-11-13 17:32   ` Andy Shevchenko
  2018-11-13 17:29 ` Andy Shevchenko
  1 sibling, 1 reply; 10+ messages in thread
From: Geert Uytterhoeven @ 2018-11-13 17:20 UTC (permalink / raw)
  To: cai
  Cc: Linux Kernel Mailing List, Petr Mladek, Andy Shevchenko,
	Tobin C. Harding, Steven Rostedt, Geert Uytterhoeven

On Tue, Nov 13, 2018 at 5:57 PM Qian Cai <cai@gmx.us> wrote:
> Running the trinity fuzzer with a non-root user on an aarch64 server with the
> latest mainline (rc2) generated this. Is it just a false alarm to ignore?
>
> [  807.847370] precision 65525 too large
> [  807.847449] WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193
> set_precision+0x84/0x90
> [  807.860161] Modules linked in: cast6_generic cast_common lrw bridge 8021q
> garp mrp stp llc dlci tcp_diag inet_diag af_key pptp gre l2tp_ppp l2tp_netlink
> l2tp_core ip6_udp_tunnel udp_tunnel pppoe pppox ppp_generic slhc crypto_user
> ib_core nfnetlink scsi_transport_iscsi atm sctp vfat fat ghash_ce sha2_ce
> sha256_arm64 sha1_ce ses enclosure ipmi_ssif sg ipmi_si ipmi_devintf sbsa_gwdt
> ipmi_msghandler sch_fq_codel xfs libcrc32c marvell mpt3sas mlx5_core raid_class
> hibmc_drm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm
> ixgbe hisi_sas_v2_hw igb hisi_sas_main libsas hns_dsaf mlxfw devlink
> hns_enet_drv mdio i2c_designware_platform i2c_algo_bit i2c_designware_core
> ehci_platform scsi_transport_sas hns_mdio hnae dm_mirror dm_region_hash dm_log
> dm_mod
> [  807.927838] CPU: 26 PID: 64391 Comm: trinity-c90 Kdump: loaded Tainted:
> G        W         4.20.0-rc2+ #16
> [  807.937494] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.50
> 06/01/2018
> [  807.944718] pstate: 60000005 (nZCv daif -PAN -UAO)
> [  807.949515] pc : set_precision+0x84/0x90
> [  807.953439] lr : set_precision+0x84/0x90
> [  807.957362] sp : ffff801e6430f6b0
> [  807.960677] x29: ffff801e6430f6b0 x28: ffff801e6430fb10
> [  807.965992] x27: 0000000000000003 x26: 00000000ffffffd8
> [  807.971307] x25: ffff801e6430fba0 x24: ffff801e6430fb48
> [  807.976622] x23: ffff2000093ddfa0 x22: ffff801e6430f770
> [  807.981937] x21: ffff2000090eb4a6 x20: ffff801e6430f770
> [  807.987252] x19: 000000000000fff5 x18: 0000000000000000
> [  807.992569] x17: 0000000000000000 x16: 0000000000000000
> [  807.997884] x15: 0000000000000000 x14: 3878302031343220
> [  808.003201] x13: 6265783020303939 x12: ffff04000172b49c
> [  808.008516] x11: 1fffe4000172b49b x10: ffff04000172b49b
> [  808.013832] x9 : 0000000000000000 x8 : 203532353536206e
> [  808.019148] x7 : 6f69736963657270 x6 : 0000000041b58ab3
> [  808.024463] x5 : dfff200000000000 x4 : dfff200000000000
> [  808.029779] x3 : dfff200000000000 x2 : 65a2459128144800
> [  808.035093] x1 : 65a2459128144800 x0 : 0000000000000000
> [  808.040408] Call trace:
> [  808.042861]  set_precision+0x84/0x90
> [  808.046440]  vsnprintf+0x23c/0x858
> [  808.049845]  __request_module+0x1a0/0x8b8
> [  808.053860]  get_fs_type+0xb0/0x138
> [  808.057351]  do_mount+0x2c4/0x13c0
> [  808.060756]  ksys_mount+0xf4/0x110

Looks like someone is calling the mount syscall with a very long filesystemtype
parameter.

    struct file_system_type *get_fs_type(const char *name)
    {
            struct file_system_type *fs;
            const char *dot = strchr(name, '.');
            int len = dot ? dot - name : strlen(name);

            fs = __get_fs_type(name, len);
            if (!fs && (request_module("fs-%.*s", len, name) == 0)) {

set_precision() complains about any prevision that doesn't fit in signed
16-bits.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
  2018-11-13 16:55 WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90 Qian Cai
  2018-11-13 17:20 ` Geert Uytterhoeven
@ 2018-11-13 17:29 ` Andy Shevchenko
  2018-11-13 18:58   ` Qian Cai
  1 sibling, 1 reply; 10+ messages in thread
From: Andy Shevchenko @ 2018-11-13 17:29 UTC (permalink / raw)
  To: Qian Cai
  Cc: linux-kernel, Petr Mladek, Tobin C. Harding,
	Steven Rostedt (VMware),
	Geert Uytterhoeven, Rasmus Villemoes

On Tue, Nov 13, 2018 at 11:55:32AM -0500, Qian Cai wrote:

+Cc Rasmus

> Running the trinity fuzzer with a non-root user on an aarch64 server with the
> latest mainline (rc2) generated this. Is it just a false alarm to ignore?
> 
> [  807.847370] precision 65525 too large

It seems like someone uses -EAGAIN as a parameter to printf().

Or rather this line

  if (!fs && (request_module("fs-%.*s", len, name) == 0)) {
	  ...
  }

Care to print the len and name parameters before this line?


> [  807.847449] WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193
> set_precision+0x84/0x90
> [  807.860161] Modules linked in: cast6_generic cast_common lrw bridge 8021q
> garp mrp stp llc dlci tcp_diag inet_diag af_key pptp gre l2tp_ppp l2tp_netlink
> l2tp_core ip6_udp_tunnel udp_tunnel pppoe pppox ppp_generic slhc crypto_user
> ib_core nfnetlink scsi_transport_iscsi atm sctp vfat fat ghash_ce sha2_ce
> sha256_arm64 sha1_ce ses enclosure ipmi_ssif sg ipmi_si ipmi_devintf sbsa_gwdt
> ipmi_msghandler sch_fq_codel xfs libcrc32c marvell mpt3sas mlx5_core raid_class
> hibmc_drm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm
> ixgbe hisi_sas_v2_hw igb hisi_sas_main libsas hns_dsaf mlxfw devlink
> hns_enet_drv mdio i2c_designware_platform i2c_algo_bit i2c_designware_core
> ehci_platform scsi_transport_sas hns_mdio hnae dm_mirror dm_region_hash dm_log
> dm_mod
> [  807.927838] CPU: 26 PID: 64391 Comm: trinity-c90 Kdump: loaded Tainted:
> G        W         4.20.0-rc2+ #16
> [  807.937494] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.50
> 06/01/2018
> [  807.944718] pstate: 60000005 (nZCv daif -PAN -UAO)
> [  807.949515] pc : set_precision+0x84/0x90
> [  807.953439] lr : set_precision+0x84/0x90
> [  807.957362] sp : ffff801e6430f6b0
> [  807.960677] x29: ffff801e6430f6b0 x28: ffff801e6430fb10 
> [  807.965992] x27: 0000000000000003 x26: 00000000ffffffd8 
> [  807.971307] x25: ffff801e6430fba0 x24: ffff801e6430fb48 
> [  807.976622] x23: ffff2000093ddfa0 x22: ffff801e6430f770 
> [  807.981937] x21: ffff2000090eb4a6 x20: ffff801e6430f770 
> [  807.987252] x19: 000000000000fff5 x18: 0000000000000000 
> [  807.992569] x17: 0000000000000000 x16: 0000000000000000 
> [  807.997884] x15: 0000000000000000 x14: 3878302031343220 
> [  808.003201] x13: 6265783020303939 x12: ffff04000172b49c 
> [  808.008516] x11: 1fffe4000172b49b x10: ffff04000172b49b 
> [  808.013832] x9 : 0000000000000000 x8 : 203532353536206e 
> [  808.019148] x7 : 6f69736963657270 x6 : 0000000041b58ab3 
> [  808.024463] x5 : dfff200000000000 x4 : dfff200000000000 
> [  808.029779] x3 : dfff200000000000 x2 : 65a2459128144800 
> [  808.035093] x1 : 65a2459128144800 x0 : 0000000000000000 
> [  808.040408] Call trace:
> [  808.042861]  set_precision+0x84/0x90
> [  808.046440]  vsnprintf+0x23c/0x858
> [  808.049845]  __request_module+0x1a0/0x8b8
> [  808.053860]  get_fs_type+0xb0/0x138
> [  808.057351]  do_mount+0x2c4/0x13c0
> [  808.060756]  ksys_mount+0xf4/0x110
> [  808.064160]  __arm64_sys_mount+0x70/0x88
> [  808.068087]  el0_svc_handler+0xd4/0x198
> [  808.071928]  el0_svc+0x8/0xc
> [  808.074810] irq event stamp: 347872
> [  808.078305] hardirqs last  enabled at (347871): [<ffff2000082080e8>]
> vprintk_emit+0x2b0/0x5c0
> [  808.086833] hardirqs last disabled at (347872): [<ffff200008081490>]
> do_debug_exception+0xd8/0x190
> [  808.095795] softirqs last  enabled at (347844): [<ffff200008082210>]
> __do_softirq+0x7c8/0x9c8
> [  808.104325] softirqs last disabled at (347837): [<ffff20000812dbe4>]
> irq_exit+0x25c/0x2f0
> [  808.112502] ---[ end trace 598902d30712b79e ]---

-- 
With Best Regards,
Andy Shevchenko



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
  2018-11-13 17:20 ` Geert Uytterhoeven
@ 2018-11-13 17:32   ` Andy Shevchenko
  0 siblings, 0 replies; 10+ messages in thread
From: Andy Shevchenko @ 2018-11-13 17:32 UTC (permalink / raw)
  To: Geert Uytterhoeven
  Cc: cai, Linux Kernel Mailing List, Petr Mladek, Tobin C. Harding,
	Steven Rostedt, Geert Uytterhoeven

On Tue, Nov 13, 2018 at 06:20:20PM +0100, Geert Uytterhoeven wrote:
> On Tue, Nov 13, 2018 at 5:57 PM Qian Cai <cai@gmx.us> wrote:
> > Running the trinity fuzzer with a non-root user on an aarch64 server with the
> > latest mainline (rc2) generated this. Is it just a false alarm to ignore?
> >
> > [  807.847370] precision 65525 too large
> > [  807.847449] WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193
> > set_precision+0x84/0x90
> > [  807.860161] Modules linked in: cast6_generic cast_common lrw bridge 8021q
> > garp mrp stp llc dlci tcp_diag inet_diag af_key pptp gre l2tp_ppp l2tp_netlink
> > l2tp_core ip6_udp_tunnel udp_tunnel pppoe pppox ppp_generic slhc crypto_user
> > ib_core nfnetlink scsi_transport_iscsi atm sctp vfat fat ghash_ce sha2_ce
> > sha256_arm64 sha1_ce ses enclosure ipmi_ssif sg ipmi_si ipmi_devintf sbsa_gwdt
> > ipmi_msghandler sch_fq_codel xfs libcrc32c marvell mpt3sas mlx5_core raid_class
> > hibmc_drm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm
> > ixgbe hisi_sas_v2_hw igb hisi_sas_main libsas hns_dsaf mlxfw devlink
> > hns_enet_drv mdio i2c_designware_platform i2c_algo_bit i2c_designware_core
> > ehci_platform scsi_transport_sas hns_mdio hnae dm_mirror dm_region_hash dm_log
> > dm_mod
> > [  807.927838] CPU: 26 PID: 64391 Comm: trinity-c90 Kdump: loaded Tainted:
> > G        W         4.20.0-rc2+ #16
> > [  807.937494] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.50
> > 06/01/2018
> > [  807.944718] pstate: 60000005 (nZCv daif -PAN -UAO)
> > [  807.949515] pc : set_precision+0x84/0x90
> > [  807.953439] lr : set_precision+0x84/0x90
> > [  807.957362] sp : ffff801e6430f6b0
> > [  807.960677] x29: ffff801e6430f6b0 x28: ffff801e6430fb10
> > [  807.965992] x27: 0000000000000003 x26: 00000000ffffffd8
> > [  807.971307] x25: ffff801e6430fba0 x24: ffff801e6430fb48
> > [  807.976622] x23: ffff2000093ddfa0 x22: ffff801e6430f770
> > [  807.981937] x21: ffff2000090eb4a6 x20: ffff801e6430f770
> > [  807.987252] x19: 000000000000fff5 x18: 0000000000000000
> > [  807.992569] x17: 0000000000000000 x16: 0000000000000000
> > [  807.997884] x15: 0000000000000000 x14: 3878302031343220
> > [  808.003201] x13: 6265783020303939 x12: ffff04000172b49c
> > [  808.008516] x11: 1fffe4000172b49b x10: ffff04000172b49b
> > [  808.013832] x9 : 0000000000000000 x8 : 203532353536206e
> > [  808.019148] x7 : 6f69736963657270 x6 : 0000000041b58ab3
> > [  808.024463] x5 : dfff200000000000 x4 : dfff200000000000
> > [  808.029779] x3 : dfff200000000000 x2 : 65a2459128144800
> > [  808.035093] x1 : 65a2459128144800 x0 : 0000000000000000
> > [  808.040408] Call trace:
> > [  808.042861]  set_precision+0x84/0x90
> > [  808.046440]  vsnprintf+0x23c/0x858
> > [  808.049845]  __request_module+0x1a0/0x8b8
> > [  808.053860]  get_fs_type+0xb0/0x138
> > [  808.057351]  do_mount+0x2c4/0x13c0
> > [  808.060756]  ksys_mount+0xf4/0x110
> 
> Looks like someone is calling the mount syscall with a very long filesystemtype
> parameter.
> 
>     struct file_system_type *get_fs_type(const char *name)
>     {
>             struct file_system_type *fs;
>             const char *dot = strchr(name, '.');
>             int len = dot ? dot - name : strlen(name);
> 
>             fs = __get_fs_type(name, len);
>             if (!fs && (request_module("fs-%.*s", len, name) == 0)) {
> 
> set_precision() complains about any prevision that doesn't fit in signed
> 16-bits.

Or maybe \0 is missed and it found first one at that position.


-- 
With Best Regards,
Andy Shevchenko



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
  2018-11-13 17:29 ` Andy Shevchenko
@ 2018-11-13 18:58   ` Qian Cai
  2018-11-13 19:23     ` Steven Rostedt
  0 siblings, 1 reply; 10+ messages in thread
From: Qian Cai @ 2018-11-13 18:58 UTC (permalink / raw)
  To: Andy Shevchenko
  Cc: linux-kernel, Petr Mladek, Tobin C. Harding,
	Steven Rostedt (VMware),
	Geert Uytterhoeven, Rasmus Villemoes

On Tue, 2018-11-13 at 19:29 +0200, Andy Shevchenko wrote:
> On Tue, Nov 13, 2018 at 11:55:32AM -0500, Qian Cai wrote:
> 
> +Cc Rasmus
> 
> > Running the trinity fuzzer with a non-root user on an aarch64 server with
> > the
> > latest mainline (rc2) generated this. Is it just a false alarm to ignore?
> > 
> > [  807.847370] precision 65525 too large
> 
> It seems like someone uses -EAGAIN as a parameter to printf().
> 
> Or rather this line
> 
>   if (!fs && (request_module("fs-%.*s", len, name) == 0)) {
> 	  ...
>   }
> 
> Care to print the len and name parameters before this line?
len = 60612; name =
%d%d%d%d%d%d%s%s%s%d%s%d%d%d%s%s%s%s%s%d%s%d%s%s%s%d%s%d%d%s%s%d%s%s%d%d%s%s%s%s
%s%d%s%d%d%s%s%s%d%d%d%d%d%s%s%s%s%d%s%s%s%s%d%d%d%d%d%d%d%s%s%s%s%d%s%d%s%d%s%d
%s%s%d%s%d%s%s%s%s%d%s%d%s%s%d%d%s%s%d%s%d%s%s%d%s%d%d%s%s%s%s%d%s%s%s%s%d%d%s%s
%s%d%s%d%s%s%d%d%d%d%d%s%s%s%s%s%s%s%d%d%d%s%d%s%d%d%s%d%d%d%s%s%d%d%d%s%s%d%s%d
%s%s%s%d%d%d%s%d%s%s%d%s%d%s%s%d%s%d%d%s%d%s%s%d%s%s%s%s%s%d%s%d%d%d%s%d%d%d%d%s
%d%s%d%d%d%s%s%s%s%s%d%s%s%s%s%d%d%d%s%d%s%d%d%s%d%s%s%d%d%d%s%d%s%d%d%s%s%s%d%s
%s%d%d%d%d%d%d%d%d%d%d%s%d%s%d%s%d%d%s%d%d%s%d%s%s%s%d%d%d%d%s%s%d%d%s%d%d%d%s%d
%d%s%d%d%d%d%s%s%d%s%s%d%d%d%s%s%s%s%s%s%s%s%s%d%s%d%d%s%d%s%s%d%s%s%s%s%d%d%d%d
%s%d%s%s%d%d%d%s%d%d%d%s%s%s%s%d%d%d%s%d%s%d%s%d%d%d%d%d%d%d%d%d%d%s%s%d%d%d%s%d
%d%d%s%s%s%s%s%s%s%d%d%d%d%s%s%d%s%s%d%s%s%s%s%d%d%s%d%d%s%d%d%s%d%d%d%s%s%s%s%d
%s%s%d%s%d%s%d%s%d%d%d%d%s%d%d%d%s%d%d%d%d%s%s%d%s%s%d%d%d%s%d%s%d%d%d%d%d%d%s%d
%s%s%d%d%s%d%d%d%s%s%d%s%d%s%d%s%d%d%s%d%s%s%s%s%s%d%s%s%d%d%d%s%s%d%d%s%s%d%s%d
%s%d%s%s%s%
[  833.044728] ------------[ cut here ]------------
[  833.137184] precision 60612 too large
> 
> 
> > [  807.847449] WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193
> > set_precision+0x84/0x90
> > [  807.860161] Modules linked in: cast6_generic cast_common lrw bridge 8021q
> > garp mrp stp llc dlci tcp_diag inet_diag af_key pptp gre l2tp_ppp
> > l2tp_netlink
> > l2tp_core ip6_udp_tunnel udp_tunnel pppoe pppox ppp_generic slhc crypto_user
> > ib_core nfnetlink scsi_transport_iscsi atm sctp vfat fat ghash_ce sha2_ce
> > sha256_arm64 sha1_ce ses enclosure ipmi_ssif sg ipmi_si ipmi_devintf
> > sbsa_gwdt
> > ipmi_msghandler sch_fq_codel xfs libcrc32c marvell mpt3sas mlx5_core
> > raid_class
> > hibmc_drm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm
> > drm
> > ixgbe hisi_sas_v2_hw igb hisi_sas_main libsas hns_dsaf mlxfw devlink
> > hns_enet_drv mdio i2c_designware_platform i2c_algo_bit i2c_designware_core
> > ehci_platform scsi_transport_sas hns_mdio hnae dm_mirror dm_region_hash
> > dm_log
> > dm_mod
> > [  807.927838] CPU: 26 PID: 64391 Comm: trinity-c90 Kdump: loaded Tainted:
> > G        W         4.20.0-rc2+ #16
> > [  807.937494] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.50
> > 06/01/2018
> > [  807.944718] pstate: 60000005 (nZCv daif -PAN -UAO)
> > [  807.949515] pc : set_precision+0x84/0x90
> > [  807.953439] lr : set_precision+0x84/0x90
> > [  807.957362] sp : ffff801e6430f6b0
> > [  807.960677] x29: ffff801e6430f6b0 x28: ffff801e6430fb10 
> > [  807.965992] x27: 0000000000000003 x26: 00000000ffffffd8 
> > [  807.971307] x25: ffff801e6430fba0 x24: ffff801e6430fb48 
> > [  807.976622] x23: ffff2000093ddfa0 x22: ffff801e6430f770 
> > [  807.981937] x21: ffff2000090eb4a6 x20: ffff801e6430f770 
> > [  807.987252] x19: 000000000000fff5 x18: 0000000000000000 
> > [  807.992569] x17: 0000000000000000 x16: 0000000000000000 
> > [  807.997884] x15: 0000000000000000 x14: 3878302031343220 
> > [  808.003201] x13: 6265783020303939 x12: ffff04000172b49c 
> > [  808.008516] x11: 1fffe4000172b49b x10: ffff04000172b49b 
> > [  808.013832] x9 : 0000000000000000 x8 : 203532353536206e 
> > [  808.019148] x7 : 6f69736963657270 x6 : 0000000041b58ab3 
> > [  808.024463] x5 : dfff200000000000 x4 : dfff200000000000 
> > [  808.029779] x3 : dfff200000000000 x2 : 65a2459128144800 
> > [  808.035093] x1 : 65a2459128144800 x0 : 0000000000000000 
> > [  808.040408] Call trace:
> > [  808.042861]  set_precision+0x84/0x90
> > [  808.046440]  vsnprintf+0x23c/0x858
> > [  808.049845]  __request_module+0x1a0/0x8b8
> > [  808.053860]  get_fs_type+0xb0/0x138
> > [  808.057351]  do_mount+0x2c4/0x13c0
> > [  808.060756]  ksys_mount+0xf4/0x110
> > [  808.064160]  __arm64_sys_mount+0x70/0x88
> > [  808.068087]  el0_svc_handler+0xd4/0x198
> > [  808.071928]  el0_svc+0x8/0xc
> > [  808.074810] irq event stamp: 347872
> > [  808.078305] hardirqs last  enabled at (347871): [<ffff2000082080e8>]
> > vprintk_emit+0x2b0/0x5c0
> > [  808.086833] hardirqs last disabled at (347872): [<ffff200008081490>]
> > do_debug_exception+0xd8/0x190
> > [  808.095795] softirqs last  enabled at (347844): [<ffff200008082210>]
> > __do_softirq+0x7c8/0x9c8
> > [  808.104325] softirqs last disabled at (347837): [<ffff20000812dbe4>]
> > irq_exit+0x25c/0x2f0
> > [  808.112502] ---[ end trace 598902d30712b79e ]---
> 
> 

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
  2018-11-13 18:58   ` Qian Cai
@ 2018-11-13 19:23     ` Steven Rostedt
  2018-11-13 23:05       ` Petr Mladek
  2018-11-14 20:35       ` Qian Cai
  0 siblings, 2 replies; 10+ messages in thread
From: Steven Rostedt @ 2018-11-13 19:23 UTC (permalink / raw)
  To: Qian Cai
  Cc: Andy Shevchenko, linux-kernel, Petr Mladek, Tobin C. Harding,
	Geert Uytterhoeven, Rasmus Villemoes

On Tue, 13 Nov 2018 13:58:18 -0500
Qian Cai <cai@gmx.us> wrote:

> > Care to print the len and name parameters before this line?  
> len = 60612; name =

How big are pages on arm64? Because we shouldn't get to this path if
the string is bigger than PAGE_SIZE. But I know that on PPC64,
PAGE_SIZE can be 64K, and 60612 is less than that. Thus, if we get
there, the test is against signed int:16 (16 bit signed integer) that
can go up to most 32768. If the string size is bigger than that, you
would get this error.

I would just say to ignore it. The only thing that can happen if
someone does this is to trigger the warning. Unless if it is considered
a form of DOS, where userspace just bombards the console by triggering
this waring. But I don't see a problem with the actual design. There's
no reason we should be processing string variables bigger than 32768 in
vsprintf.

-- Steve


> %d%d%d%d%d%d%s%s%s%d%s%d%d%d%s%s%s%s%s%d%s%d%s%s%s%d%s%d%d%s%s%d%s%s%d%d%s%s%s%s
> %s%d%s%d%d%s%s%s%d%d%d%d%d%s%s%s%s%d%s%s%s%s%d%d%d%d%d%d%d%s%s%s%s%d%s%d%s%d%s%d
> %s%s%d%s%d%s%s%s%s%d%s%d%s%s%d%d%s%s%d%s%d%s%s%d%s%d%d%s%s%s%s%d%s%s%s%s%d%d%s%s
> %s%d%s%d%s%s%d%d%d%d%d%s%s%s%s%s%s%s%d%d%d%s%d%s%d%d%s%d%d%d%s%s%d%d%d%s%s%d%s%d
> %s%s%s%d%d%d%s%d%s%s%d%s%d%s%s%d%s%d%d%s%d%s%s%d%s%s%s%s%s%d%s%d%d%d%s%d%d%d%d%s
> %d%s%d%d%d%s%s%s%s%s%d%s%s%s%s%d%d%d%s%d%s%d%d%s%d%s%s%d%d%d%s%d%s%d%d%s%s%s%d%s
> %s%d%d%d%d%d%d%d%d%d%d%s%d%s%d%s%d%d%s%d%d%s%d%s%s%s%d%d%d%d%s%s%d%d%s%d%d%d%s%d
> %d%s%d%d%d%d%s%s%d%s%s%d%d%d%s%s%s%s%s%s%s%s%s%d%s%d%d%s%d%s%s%d%s%s%s%s%d%d%d%d
> %s%d%s%s%d%d%d%s%d%d%d%s%s%s%s%d%d%d%s%d%s%d%s%d%d%d%d%d%d%d%d%d%d%s%s%d%d%d%s%d
> %d%d%s%s%s%s%s%s%s%d%d%d%d%s%s%d%s%s%d%s%s%s%s%d%d%s%d%d%s%d%d%s%d%d%d%s%s%s%s%d
> %s%s%d%s%d%s%d%s%d%d%d%d%s%d%d%d%s%d%d%d%d%s%s%d%s%s%d%d%d%s%d%s%d%d%d%d%d%d%s%d
> %s%s%d%d%s%d%d%d%s%s%d%s%d%s%d%s%d%d%s%d%s%s%s%s%s%d%s%s%d%d%d%s%s%d%d%s%s%d%s%d
> %s%d%s%s%s%
> [  833.044728] ------------[ cut here ]------------
> [  833.137184] precision 60612 too large
> > 

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
  2018-11-13 19:23     ` Steven Rostedt
@ 2018-11-13 23:05       ` Petr Mladek
  2018-11-14  9:38         ` Andy Shevchenko
  2018-11-14 20:35       ` Qian Cai
  1 sibling, 1 reply; 10+ messages in thread
From: Petr Mladek @ 2018-11-13 23:05 UTC (permalink / raw)
  To: Steven Rostedt
  Cc: Qian Cai, Andy Shevchenko, linux-kernel, Tobin C. Harding,
	Geert Uytterhoeven, Rasmus Villemoes

On Tue 2018-11-13 14:23:17, Steven Rostedt wrote:
> On Tue, 13 Nov 2018 13:58:18 -0500
> Qian Cai <cai@gmx.us> wrote:
> 
> > > Care to print the len and name parameters before this line?  
> > len = 60612; name =
> 
> How big are pages on arm64? Because we shouldn't get to this path if
> the string is bigger than PAGE_SIZE. But I know that on PPC64,
> PAGE_SIZE can be 64K, and 60612 is less than that. Thus, if we get
> there, the test is against signed int:16 (16 bit signed integer) that
> can go up to most 32768. If the string size is bigger than that, you
> would get this error.
> 
> I would just say to ignore it.

I tend to agree.

> The only thing that can happen if
> someone does this is to trigger the warning. Unless if it is considered
> a form of DOS, where userspace just bombards the console by triggering
> this waring.

We are actually on the safe side because it is WARN_ONCE().

> But I don't see a problem with the actual design. There's
> no reason we should be processing string variables bigger than 32768 in
> vsprintf.

It is not even needed in this case. The string is limited also by
MODULE_NAME_LEN.

Best Regards,
Petr

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
  2018-11-13 23:05       ` Petr Mladek
@ 2018-11-14  9:38         ` Andy Shevchenko
  2018-11-14 19:29           ` Petr Mladek
  0 siblings, 1 reply; 10+ messages in thread
From: Andy Shevchenko @ 2018-11-14  9:38 UTC (permalink / raw)
  To: Petr Mladek
  Cc: Steven Rostedt, Qian Cai, linux-kernel, Tobin C. Harding,
	Geert Uytterhoeven, Rasmus Villemoes

On Wed, Nov 14, 2018 at 12:05:12AM +0100, Petr Mladek wrote:
> On Tue 2018-11-13 14:23:17, Steven Rostedt wrote:
> > On Tue, 13 Nov 2018 13:58:18 -0500
> > Qian Cai <cai@gmx.us> wrote:
> > 
> > > > Care to print the len and name parameters before this line?  
> > > len = 60612; name =
> > 
> > How big are pages on arm64? Because we shouldn't get to this path if
> > the string is bigger than PAGE_SIZE. But I know that on PPC64,
> > PAGE_SIZE can be 64K, and 60612 is less than that. Thus, if we get
> > there, the test is against signed int:16 (16 bit signed integer) that
> > can go up to most 32768. If the string size is bigger than that, you
> > would get this error.
> > 
> > I would just say to ignore it.
> 
> I tend to agree.
> 
> > The only thing that can happen if
> > someone does this is to trigger the warning. Unless if it is considered
> > a form of DOS, where userspace just bombards the console by triggering
> > this waring.
> 
> We are actually on the safe side because it is WARN_ONCE().
> 
> > But I don't see a problem with the actual design. There's
> > no reason we should be processing string variables bigger than 32768 in
> > vsprintf.
> 
> It is not even needed in this case. The string is limited also by
> MODULE_NAME_LEN.

At least not in this code.

Are you proposing to replace strlen(name) with strnlen(name, MODULE_NAME_LEN)?


-- 
With Best Regards,
Andy Shevchenko



^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
  2018-11-14  9:38         ` Andy Shevchenko
@ 2018-11-14 19:29           ` Petr Mladek
  0 siblings, 0 replies; 10+ messages in thread
From: Petr Mladek @ 2018-11-14 19:29 UTC (permalink / raw)
  To: Andy Shevchenko
  Cc: Steven Rostedt, Qian Cai, linux-kernel, Tobin C. Harding,
	Geert Uytterhoeven, Rasmus Villemoes

On Wed 2018-11-14 11:38:19, Andy Shevchenko wrote:
> On Wed, Nov 14, 2018 at 12:05:12AM +0100, Petr Mladek wrote:
> > On Tue 2018-11-13 14:23:17, Steven Rostedt wrote:
> > > On Tue, 13 Nov 2018 13:58:18 -0500
> > > Qian Cai <cai@gmx.us> wrote:
> > > 
> > > > > Care to print the len and name parameters before this line?  
> > > > len = 60612; name =
> > > 
> > > How big are pages on arm64? Because we shouldn't get to this path if
> > > the string is bigger than PAGE_SIZE. But I know that on PPC64,
> > > PAGE_SIZE can be 64K, and 60612 is less than that. Thus, if we get
> > > there, the test is against signed int:16 (16 bit signed integer) that
> > > can go up to most 32768. If the string size is bigger than that, you
> > > would get this error.
> > > 
> > > I would just say to ignore it.
> > 
> > I tend to agree.
> > 
> > > The only thing that can happen if
> > > someone does this is to trigger the warning. Unless if it is considered
> > > a form of DOS, where userspace just bombards the console by triggering
> > > this waring.
> > 
> > We are actually on the safe side because it is WARN_ONCE().
> > 
> > > But I don't see a problem with the actual design. There's
> > > no reason we should be processing string variables bigger than 32768 in
> > > vsprintf.
> > 
> > It is not even needed in this case. The string is limited also by
> > MODULE_NAME_LEN.
> 
> At least not in this code.
> 
> Are you proposing to replace strlen(name) with strnlen(name, MODULE_NAME_LEN)?

It might be a solution. Well, it looks like a wrong design when we
would need to use MODULE_NAME_LEN outside module loader code. Also
it does not handle other request_module() users that might be
affected.

On the other hand, I am not sure how a proper solution would look
like. request_module() should not limit printk format before
the arguments are substituted.

The most clean solution probably would be on the vsprintf-level.
I mean to limit the precision by the overall string length
limit. But it looks a bit weird as well.

I still tend to ignore it. The code is safe from the security point of
view. The warning would trigger only when completely misused.


Best Regards,
Petr

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90
  2018-11-13 19:23     ` Steven Rostedt
  2018-11-13 23:05       ` Petr Mladek
@ 2018-11-14 20:35       ` Qian Cai
  1 sibling, 0 replies; 10+ messages in thread
From: Qian Cai @ 2018-11-14 20:35 UTC (permalink / raw)
  To: Steven Rostedt
  Cc: Andy Shevchenko, linux-kernel, Petr Mladek, Tobin C. Harding,
	Geert Uytterhoeven, Rasmus Villemoes

On Tue, 2018-11-13 at 14:23 -0500, Steven Rostedt wrote:
> On Tue, 13 Nov 2018 13:58:18 -0500
> Qian Cai <cai@gmx.us> wrote:
> 
> > > Care to print the len and name parameters before this line?  
> > 
> > len = 60612; name =
> 
> How big are pages on arm64? Because we shouldn't get to this path if
# getconf PAGESIZE
65536
> the string is bigger than PAGE_SIZE. But I know that on PPC64,
> PAGE_SIZE can be 64K, and 60612 is less than that. Thus, if we get
> there, the test is against signed int:16 (16 bit signed integer) that
> can go up to most 32768. If the string size is bigger than that, you
> would get this error.
> 
> I would just say to ignore it. The only thing that can happen if
> someone does this is to trigger the warning. Unless if it is considered
> a form of DOS, where userspace just bombards the console by triggering
> this waring. But I don't see a problem with the actual design. There's
> no reason we should be processing string variables bigger than 32768 in
> vsprintf.
> 
> -- Steve
> 
> 
> > %d%d%d%d%d%d%s%s%s%d%s%d%d%d%s%s%s%s%s%d%s%d%s%s%s%d%s%d%d%s%s%d%s%s%d%d%s%s
> > %s%s
> > %s%d%s%d%d%s%s%s%d%d%d%d%d%s%s%s%s%d%s%s%s%s%d%d%d%d%d%d%d%s%s%s%s%d%s%d%s%d
> > %s%d
> > %s%s%d%s%d%s%s%s%s%d%s%d%s%s%d%d%s%s%d%s%d%s%s%d%s%d%d%s%s%s%s%d%s%s%s%s%d%d
> > %s%s
> > %s%d%s%d%s%s%d%d%d%d%d%s%s%s%s%s%s%s%d%d%d%s%d%s%d%d%s%d%d%d%s%s%d%d%d%s%s%d
> > %s%d
> > %s%s%s%d%d%d%s%d%s%s%d%s%d%s%s%d%s%d%d%s%d%s%s%d%s%s%s%s%s%d%s%d%d%d%s%d%d%d
> > %d%s
> > %d%s%d%d%d%s%s%s%s%s%d%s%s%s%s%d%d%d%s%d%s%d%d%s%d%s%s%d%d%d%s%d%s%d%d%s%s%s
> > %d%s
> > %s%d%d%d%d%d%d%d%d%d%d%s%d%s%d%s%d%d%s%d%d%s%d%s%s%s%d%d%d%d%s%s%d%d%s%d%d%d
> > %s%d
> > %d%s%d%d%d%d%s%s%d%s%s%d%d%d%s%s%s%s%s%s%s%s%s%d%s%d%d%s%d%s%s%d%s%s%s%s%d%d
> > %d%d
> > %s%d%s%s%d%d%d%s%d%d%d%s%s%s%s%d%d%d%s%d%s%d%s%d%d%d%d%d%d%d%d%d%d%s%s%d%d%d
> > %s%d
> > %d%d%s%s%s%s%s%s%s%d%d%d%d%s%s%d%s%s%d%s%s%s%s%d%d%s%d%d%s%d%d%s%d%d%d%s%s%s
> > %s%d
> > %s%s%d%s%d%s%d%s%d%d%d%d%s%d%d%d%s%d%d%d%d%s%s%d%s%s%d%d%d%s%d%s%d%d%d%d%d%d
> > %s%d
> > %s%s%d%d%s%d%d%d%s%s%d%s%d%s%d%s%d%d%s%d%s%s%s%s%s%d%s%s%d%d%d%s%s%d%d%s%s%d
> > %s%d
> > %s%d%s%s%s%
> > [  833.044728] ------------[ cut here ]------------
> > [  833.137184] precision 60612 too large
> > > 

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2018-11-14 20:35 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-13 16:55 WARNING: CPU: 26 PID: 64391 at lib/vsprintf.c:2193 set_precision+0x84/0x90 Qian Cai
2018-11-13 17:20 ` Geert Uytterhoeven
2018-11-13 17:32   ` Andy Shevchenko
2018-11-13 17:29 ` Andy Shevchenko
2018-11-13 18:58   ` Qian Cai
2018-11-13 19:23     ` Steven Rostedt
2018-11-13 23:05       ` Petr Mladek
2018-11-14  9:38         ` Andy Shevchenko
2018-11-14 19:29           ` Petr Mladek
2018-11-14 20:35       ` Qian Cai

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).