| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Jan 2024 17:31:49 -0500
From: Rafael Aquini <aquini@...hat.com>
To: Rasmus Villemoes <rasmus.villemoes@...vas.dk>
Cc: Audra Mitchell <audra@...hat.com>, linux-kernel@...r.kernel.org,
tj@...nel.org, jiangshanlai@...il.com,
hirokazu.yamauchi.hk@...achi.com, ddouwsma@...hat.com,
loberman@...hat.com, raquini@...hat.com
Subject: Re: [PATCH v2] workqueue.c: Increase workqueue name length
On Wed, Jan 10, 2024 at 11:06:22PM +0100, Rasmus Villemoes wrote:
> On 10/01/2024 22.52, Rafael Aquini wrote:
> > On Wed, Jan 10, 2024 at 09:47:56PM +0100, Rasmus Villemoes wrote:
> >> On 10/01/2024 21.29, Audra Mitchell wrote:
> >>
> >>> @@ -4663,9 +4663,10 @@ struct workqueue_struct *alloc_workqueue(const char *fmt,
> >>> unsigned int flags,
> >>> int max_active, ...)
> >>> {
> >>> - va_list args;
> >>> + va_list args, args_copy;
> >>> struct workqueue_struct *wq;
> >>> struct pool_workqueue *pwq;
> >>> + int len;
> >>>
> >>> /*
> >>> * Unbound && max_active == 1 used to imply ordered, which is no longer
> >>> @@ -4692,6 +4693,13 @@ struct workqueue_struct *alloc_workqueue(const char *fmt,
> >>> }
> >>>
> >>> va_start(args, max_active);
> >>> + va_copy(args_copy, args);
> >>> + len = vsnprintf(NULL, 0, fmt, args_copy);
> >>> + WARN(len > WQ_NAME_LEN,
> >>> + "workqueue: wq->name too long (%d). Truncated to WQ_NAME_LEN (%d)\n",
> >>> + len, WQ_NAME_LEN);
> >>> +
> >>> + va_end(args_copy);
> >>> vsnprintf(wq->name, sizeof(wq->name), fmt, args);
> >>
> >> Eh, why not just _not_ throw away the return value from the existing
> >> vsnprintf() and do "len >= sizeof(wq->name)" to know if truncation
> >> happened? There's really no need need to do vsnprintf() twice. (And yes,
> >> you want >=, not >).
> >>
> >
> > The extra vsnprintf call is required because the return of the existing
> > vsnprintf() is going to be already capped by sizeof(wq->name).
>
> No, it is not. vsnprintf() returns the length of the would-be-created
> string if the buffer was big enough. That is independent of whether one
> does a dummy NULL,0 call or just calls it with a real, but possibly too
> small, buffer.
>
> This is true for userspace (as required by posix) as well as the kernel
> implementation of vsnprintf(). What makes you think otherwise?
>
this snippet from PRINTF(3) man page
RETURN VALUE
Upon successful return, these functions return the number of characters
printed (excluding the null byte used to end output to strings).
> The kernel _also_ happens to have a non-standardized function called
> vscnprintf (note the c) which returns the possibly-truncated result. But
> that's irrelevant here.
>
> >> Oh, and definitely not WARN, pr_warn() or pr_warn_once() please.
> >>
> >
> > Then you lose the ability to figure out what was trying to create the
> > wq with the inflated name. Also, the _once variants don't seem to do
> > good here, because alloc_workqueue() can be called by different
> > drivers.
>
> I assume that whatever creates the wq will do so on every boot, and the
> name is most likely some fixed thing. So you're essentially setting up
> some configurations to do a WARN on every single boot, not to mention
> that for some machines that implies a panic... It really is not
> something that warrants a WARN.
>
> As for figuring out what caused that too-long name, well, I'd hope that
> the 31 meaningful bytes that did get produced would provide a
> sufficiently good hint.
>
> Rasmus
>
Powered by blists - more mailing lists