linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Steven Rostedt <rostedt@goodmis.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: LKML <linux-kernel@vger.kernel.org>,
	Masami Hiramatsu <mhiramat@kernel.org>,
	Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
	Sachin Sant <sachinp@linux.ibm.com>
Subject: Re: [GIT PULL] tracing: Prevent trace_marker being bigger than unsigned short
Date: Mon, 4 Mar 2024 17:10:34 -0500	[thread overview]
Message-ID: <20240304171034.08d037aa@gandalf.local.home> (raw)
In-Reply-To: <CAHk-=wgwy-p_zodT0JvkVkkd5MWy9NffC3jiDiczMMHPj1eQ9w@mail.gmail.com>

On Mon, 4 Mar 2024 13:50:13 -0800
Linus Torvalds <torvalds@linux-foundation.org> wrote:

> On Mon, 4 Mar 2024 at 13:40, Steven Rostedt <rostedt@goodmis.org> wrote:
> >
> > As I mentioned that the design is based on that the allocated buffer size is
> > the string length rounded up to the word size, all I need to do is to make
> > sure that there's a nul terminating byte within the last word of the
> > allocated buffer. Then "%s" is all I need.  
> 
> Please don't add pointless code that helps nothing.
> 
> > Would this work for you?  
> 
> No. This code only adds debug code, and doesn't actually improve anything.
> 
> We *have* debug code already. Things like KASAN already find array
> overruns, and your ex-tempore debug code adds zero actual value.

Sorry I thought debug code was OK. But I guess I was mistaken. KASAN isn't
run in the field, where this would trigger. But I get your point. If it's
passing my tests (which I do run with KASAN), I guess that's good enough
for you.

> 
> That, btw, is why your old stupid precision code was not only
> triggering warnings, but was ACTIVELY DETRIMENTAL.
> 
> All that precision code could ever do was to potentially hide bugs if
> the string wasn't NUL-terminated.
> 
> So no. I absolutely do NOT want you to write more code to hide bugs or
> do half-arsed checking.

Well, it wouldn't hide it. It would trigger a big fat warning if it was
missing a nul terminator.

> 
> I want you to *simplify* the code, and put proper limits in place for strings.
> 
> I want to see the code that actually notices when somebody generates a
> crazy string, and stops that garbage in its tracks.
> 
> What I do *not* want to see is more ad-hoc code that tries to deal
> with the symptoms of you not having done so.

This warning is just making sure the code is nul terminated. It has nothing
to do with size. The bug that triggered when I was working on other code
was a miscalculation of the input. I didn't write the entire string into
the ring buffer which meant that the terminating nul was also missing. On
reading the string, it crashed the kernel.

I put in the precision when debugging the code, and that's where I found the
mismatch in string size vs writing to the buffer. I then kept the precision
just in case I hit a similar bug. Which is what you have issues with.

Fine, I'll just remove the precision as that's not needed. There was no
other overflows involved here.

-- Steve

  reply	other threads:[~2024-03-04 22:08 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-02 16:12 [GIT PULL] tracing: Prevent trace_marker being bigger than unsigned short Steven Rostedt
2024-03-02 17:24 ` Linus Torvalds
2024-03-02 19:59   ` Steven Rostedt
2024-03-02 20:25     ` Linus Torvalds
2024-03-02 20:33     ` Linus Torvalds
2024-03-02 20:47       ` Steven Rostedt
2024-03-02 20:55         ` Linus Torvalds
2024-03-03 12:59           ` Steven Rostedt
2024-03-03 13:02             ` Steven Rostedt
2024-03-03 17:38             ` Linus Torvalds
2024-03-03 19:07               ` Steven Rostedt
2024-03-03 20:09                 ` Linus Torvalds
2024-03-03 21:00                   ` Steven Rostedt
2024-03-04 21:42                     ` Steven Rostedt
2024-03-04 21:50                       ` Linus Torvalds
2024-03-04 22:10                         ` Steven Rostedt [this message]
2024-03-04 23:20                           ` Linus Torvalds
2024-03-04 23:47                             ` Steven Rostedt
2024-03-04 23:52                               ` Steven Rostedt
2024-03-05  0:17                                 ` Linus Torvalds
2024-03-05  0:43                                   ` Steven Rostedt
2024-03-05  1:20                                     ` Mathieu Desnoyers
2024-03-02 20:26   ` Steven Rostedt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240304171034.08d037aa@gandalf.local.home \
    --to=rostedt@goodmis.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=mhiramat@kernel.org \
    --cc=sachinp@linux.ibm.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).