lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20141106161313.GI2001@dhcp128.suse.cz>
Date:	Thu, 6 Nov 2014 17:13:13 +0100
From:	Petr Mladek <pmladek@...e.cz>
To:	Steven Rostedt <rostedt@...dmis.org>
Cc:	linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Jiri Kosina <jkosina@...e.cz>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [RFC][PATCH 03/12 v3] tracing: Create seq_buf layer in trace_seq

On Wed 2014-11-05 13:41:47, Steven Rostedt wrote:
> On Wed, 5 Nov 2014 15:22:22 +0100
> Petr Mladek <pmladek@...e.cz> wrote:
> 
> > On Tue 2014-11-04 10:52:40, Steven Rostedt wrote:
> > > From: "Steven Rostedt (Red Hat)" <rostedt@...dmis.org>
> > Also I would add an explanation of the overall logic. If I get it
> > correctly from the code, it is:
> > 
> > /*
> >  * The last byte of the buffer is used to detect an overflow in some
> >  * operations. Therefore, the buffer offers (@size - 1) bytes for valid
> >  * data.
> 
> Well, this will change in the future. And it is commented with the
> seq_buf_has_overflowed() function. I don't want to comment about it
> with the structure.

Fair enough.

> > > + */
> > > +#include <linux/uaccess.h>
> > > +#include <linux/seq_file.h>
> > > +#include <linux/seq_buf.h>
> > > +
> > > +/* How much buffer is left on the seq_buf? */
> > 
> > I would write the following to explain the -1:
> 
> Later patches gets rid of the -1. It's -1 because seq_file is -1 as
> well.

Yup. Let's leave it as is.
 
> > 
> > /* How much buffer is left for valid data */
> > 
> > > +#define SEQ_BUF_LEFT(s) (((s)->size - 1) - (s)->len)
> > 
> > Hmm, it might overflow when the buffer has overflown (s->len == s->size)
> > or when the buffer is not initialized (s->size == 0). Note that the
> > result should be unsigned int.
> 
> The two places that use it is "unsigned int" so that should not be a
> problem.

It might overflow. If ("size == len"), the result will be -1
which is UINT_MAX.

Well, this should not happen if callers check the overflow before
any use. Also we are going to remove the -1 in the followup patches.
I am fine with it after all.

> > > +
> > > +/**
> > > + * seq_buf_puts - sequence printing of simple string
> > > + * @s: seq_buf descriptor
> > > + * @str: simple string to record
> > > + *
> > > + * Copy a simple string into the sequence buffer.
> > > + *
> > > + * Returns zero on success, -1 on overflow
> > > + */
> > > +int seq_buf_puts(struct seq_buf *s, const char *str)
> > > +{
> > > +	unsigned int len = strlen(str);
> > > +
> > > +	WARN_ON(s->size == 0);
> > > +
> > > +	if (s->len + len < s->size) {
> > > +		memcpy(s->buffer + s->len, str, len);
> > > +		s->len += len;
> > > +		return 0;
> > > +	}
> > 
> > We might want to copy the maximum possible number of bytes.
> > It will then behave the same as the other functions.
> 
> I'm converting all this to be like seq_file in the other patches.

Fair enough.

> 
> > 
> > > + *
> > > + * Returns -EFAULT if the copy to userspace fails.
> > > + */
> > > +int seq_buf_to_user(struct seq_buf *s, char __user *ubuf, int cnt)
> > > +{
> > > +	int len;
> > > +	int ret;
> > > +
> > > +	if (!cnt)
> > > +		return 0;
> > > +
> > > +	if (s->len <= s->readpos)
> > > +		return -EBUSY;
> > > +
> > > +	len = s->len - s->readpos;
> > > +	if (cnt > len)
> > > +		cnt = len;
> > > +	ret = copy_to_user(ubuf, s->buffer + s->readpos, cnt);
> > > +	if (ret == cnt)
> > > +		return -EFAULT;
> > > +
> > > +	cnt -= ret;
> > > +
> > > +	s->readpos += cnt;
> > > +	return cnt;
> > > +}
> > 
> > [...]
> > 
> > > diff --git a/kernel/trace/trace_seq.c b/kernel/trace/trace_seq.c
> > > index 1f24ed99dca2..960ccfb2f50c 100644
> > > --- a/kernel/trace/trace_seq.c
> > > +++ b/kernel/trace/trace_seq.c
> > > @@ -27,10 +27,19 @@
> > >  #include <linux/trace_seq.h>
> > >  
> > >  /* How much buffer is left on the trace_seq? */
> > > -#define TRACE_SEQ_BUF_LEFT(s) ((PAGE_SIZE - 1) - (s)->len)
> > > +#define TRACE_SEQ_BUF_LEFT(s) ((PAGE_SIZE - 1) - (s)->seq.len)
> > 
> > This might overflow when s->len == PAGE_SIZE. I think that it
> > newer happenes because we always check s->full before. The question
> > is if we really want to depend on this.
> 
> Yeah, we should make this check seq_buf itself. Maybe make a static
> inline function that is in seq_buf.h.

The inline function in seq_buf.h looks like a good idea.

> > 
> > >  /* How much buffer is written? */
> > > -#define TRACE_SEQ_BUF_USED(s) min((s)->len, (unsigned int)(PAGE_SIZE - 1))
> > > +#define TRACE_SEQ_BUF_USED(s) min((s)->seq.len, (unsigned int)(PAGE_SIZE - 1))
> > > +
> > > +/*
> > > + * trace_seq should work with being initialized with 0s.
> > > + */
> > > +static inline void __trace_seq_init(struct trace_seq *s)
> > > +{
> > > +	if (unlikely(!s->seq.size))
> > > +		trace_seq_init(s);
> > > +}
> > >  
> > >  /**
> > >   * trace_print_seq - move the contents of trace_seq into a seq_file
> > > @@ -43,10 +52,11 @@
> > >   */
> > >  int trace_print_seq(struct seq_file *m, struct trace_seq *s)
> > >  {
> > > -	unsigned int len = TRACE_SEQ_BUF_USED(s);
> > >  	int ret;
> > >  
> > > -	ret = seq_write(m, s->buffer, len);
> > > +	__trace_seq_init(s);
> > > +
> > > +	ret = seq_buf_print_seq(m, &s->seq);
> > >  
> > >  	/*
> > >  	 * Only reset this buffer if we successfully wrote to the
> > > @@ -77,25 +87,25 @@ int trace_print_seq(struct seq_file *m, struct trace_seq *s)
> > >   */
> > >  int trace_seq_printf(struct trace_seq *s, const char *fmt, ...)
> > >  {
> > > -	unsigned int len = TRACE_SEQ_BUF_LEFT(s);
> > > +	unsigned int save_len = s->seq.len;
> > >  	va_list ap;
> > > -	int ret;
> > >  
> > > -	if (s->full || !len)
> > > +	if (s->full)
> > >  		return 0;
> > >  
> > > +	__trace_seq_init(s);
> > > +
> > >  	va_start(ap, fmt);
> > > -	ret = vsnprintf(s->buffer + s->len, len, fmt, ap);
> > > +	seq_buf_vprintf(&s->seq, fmt, ap);
> > >  	va_end(ap);
> > >  
> > >  	/* If we can't write it all, don't bother writing anything */
> > > -	if (ret >= len) {
> > > +	if (unlikely(seq_buf_has_overflowed(&s->seq))) {
> > 
> > We might check the return value from seq_buf_vprintf() here.
> 
> No, we are working to get rid of the return values for the seq_*()
> functions (with a few exceptions). One now must check if the buffer has
> overflowed, and not the return value of the seq_*() functions
> themselves.

I see.
 
> There's already patches out to convert the seq_file calls as well.

Good to know.

Best Regards,
Petr
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ