| Message ID | 20230912150551.401537-1-andriy.shevchenko@linux.intel.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:9ecd:0:b0:3f2:4152:657d with SMTP id t13csp502379vqx;
Tue, 12 Sep 2023 08:52:08 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IFfBNf6t7ZI10bQRA7RBbOPkKrUbNCM0DPeXyO+Ozzt9THBXoCo9ctgtMOqHT7SFO2YrcJ9
X-Received: by 2002:a17:90a:2ca3:b0:273:4672:98b5 with SMTP id
n32-20020a17090a2ca300b00273467298b5mr9821784pjd.42.1694533927687;
Tue, 12 Sep 2023 08:52:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1694533927; cv=none;
d=google.com; s=arc-20160816;
b=HzkpvGPXAT8epE5m8TNbumUfOkPMG35/s6KsJWyI7+iRlzzBysngj7rCiN5/lIsWd6
B0YFEWdZSAMpHBVghYEcdl5/yw+mic1ME0X4XAWRRlGb4MNE5nFqx+sNg4BxrUeA6D8s
/UNVusbGCr73Vx09D7n39AoXftPE8OizYCou3EPkAXK0HaHuMAUKvYj/mlzqg596EQXj
6vSm3iRW++JkS8tqhiimhZFOKGYpISdeMcYuZgtG/M4QGlxWyWk4cykw+2Ww/IrerS9T
7XQ9+Qg8nTzUmyZ6mEqPOgl9b3XpuoRk/vzJfOxASzwr+n0bvihBuYoZOS7RX1GAs/Ts
tSBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=8V4ZvePjdVrvb0+U5P3QIRKW+RKbbr7bAuKeDRfhJOs=;
fh=bHBp+PJACSvucKAvnO3bf9DILRtfHT5RT33jsVWkQ4A=;
b=PPP0gPjJ2Nqf74bLXUPLqXlzEIUyq7Pjo19Csv2a8Ok3l0F/Zn3uVr4oBuDU4BKqeA
VgsXZl9JPABx28+wBCHPxjUbmP3Nhihv5Y/BGRChb2JXDr7GK8jwW2p57qQSjXYFGcIC
nSOH0J60pfysh1MDwXKhOV5gKKWTG/RlqzfZw5vmMZ+oLGMKt0tPCE6vTvspa+pev3/7
owU2BftU/emy6wzUYsuXoxuPpq4LYNlZKDYqAv7JXYOo8Osimgxt3m7P6ElfAuNEa7h6
VL3rBkWxgHHsVQN2FmSjeB1Yl0lmxL6X9p05P0nXLjLnEKWWtQhhrmDN6RDg0odP/8Bi
zgFA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b="I0YV/487";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.32 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32])
by mx.google.com with ESMTPS id
gt9-20020a17090af2c900b00263aff4ccf0si8153855pjb.3.2023.09.12.08.52.02
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 12 Sep 2023 08:52:07 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b="I0YV/487";
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.32 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by agentk.vger.email (Postfix) with ESMTP id 1175480F66B9;
Tue, 12 Sep 2023 08:07:33 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S236278AbjILPHY (ORCPT <rfc822;pwkd43@gmail.com> + 37 others);
Tue, 12 Sep 2023 11:07:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49638 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S236228AbjILPHV (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 12 Sep 2023 11:07:21 -0400
Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.88])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 916B2E7F
for <linux-kernel@vger.kernel.org>;
Tue, 12 Sep 2023 08:07:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1694531233; x=1726067233;
h=from:to:cc:subject:date:message-id:mime-version:
content-transfer-encoding;
bh=5td1gKWCF+rIeOJVYGub5eI8NZKRZhGg2PyDn0c3U94=;
b=I0YV/487jBgkDiNI55mMr/ujdroKXXLEuEinJIx61c1+GJHHnJ6VQ0aL
6BFDDwTE/mkEW2iVxvRyOmRyZuizcGHFDJ6Um216WGiWtUQYR/RhXb7tY
MgweGSdaZWj+/sSqCPHgGINMlXMs93YukOtNNh1Q+T/rpTEcjkPiiWTy0
dZt4tkaj6KEXr8jeW/m/yf5xmBgRgCqiGbXHkYXZ7LxUwDgV+R+UZwW+l
0g9U5IkXi74gOskh6Y/SPUHExS+Y+ofco43Pab89JS1Ge70RTZ7H5pZ+S
jbfjQDqA+eIJj+9vTGeiRHhIgNRaqmMYje66gYiSMn7AKtCu2hbwqcPkz
g==;
X-IronPort-AV: E=McAfee;i="6600,9927,10831"; a="409356428"
X-IronPort-AV: E=Sophos;i="6.02,139,1688454000";
d="scan'208";a="409356428"
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
12 Sep 2023 08:05:56 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10831"; a="858836454"
X-IronPort-AV: E=Sophos;i="6.02,139,1688454000";
d="scan'208";a="858836454"
Received: from black.fi.intel.com ([10.237.72.28])
by fmsmga002.fm.intel.com with ESMTP; 12 Sep 2023 08:05:55 -0700
Received: by black.fi.intel.com (Postfix, from userid 1003)
id 5DC42248; Tue, 12 Sep 2023 18:05:54 +0300 (EEST)
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
linux-kernel@vger.kernel.org
Cc: Luis Chamberlain <mcgrof@kernel.org>
Subject: [PATCH v1 1/6] params: Use sysfs_emit() to instead of scnprintf()
Date: Tue, 12 Sep 2023 18:05:46 +0300
Message-Id: <20230912150551.401537-1-andriy.shevchenko@linux.intel.com>
X-Mailer: git-send-email 2.40.0.1.gaa8946217a0b
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]);
Tue, 12 Sep 2023 08:07:33 -0700 (PDT)
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1776847607976090948
X-GMAIL-MSGID: 1776847607976090948
|
| Series |
[v1,1/6] params: Use sysfs_emit() to instead of scnprintf()
|
|
Commit Message
Andy Shevchenko
Sept. 12, 2023, 3:05 p.m. UTC
Follow the advice of the Documentation/filesystems/sysfs.rst and show()
should only use sysfs_emit() or sysfs_emit_at() when formatting the
value to be returned to user space.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
---
kernel/params.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
Comments
On Tue, Sep 12, 2023 at 06:05:48PM +0300, Andy Shevchenko wrote: > We can use strnlen() even on early stages and it prevents from > going over the string boundaries in case it's already too long. Should have Cc'ed this and next patch to Kees...
On Tue, Sep 12, 2023 at 06:05:46PM +0300, Andy Shevchenko wrote: > Follow the advice of the Documentation/filesystems/sysfs.rst and show() > should only use sysfs_emit() or sysfs_emit_at() when formatting the > value to be returned to user space. Any comments?
On Mon, Sep 18, 2023 at 07:57:41PM +0300, Andy Shevchenko wrote: > On Tue, Sep 12, 2023 at 06:05:46PM +0300, Andy Shevchenko wrote: > > Follow the advice of the Documentation/filesystems/sysfs.rst and show() > > should only use sysfs_emit() or sysfs_emit_at() when formatting the > > value to be returned to user space. > > Any comments? What tree were you taretting, looks sane to me. Luis
On Wed, Sep 20, 2023 at 05:32:55PM -0700, Luis Chamberlain wrote: > On Mon, Sep 18, 2023 at 07:57:41PM +0300, Andy Shevchenko wrote: > > On Tue, Sep 12, 2023 at 06:05:46PM +0300, Andy Shevchenko wrote: > > > Follow the advice of the Documentation/filesystems/sysfs.rst and show() > > > should only use sysfs_emit() or sysfs_emit_at() when formatting the > > > value to be returned to user space. > > > > Any comments? > > What tree were you taretting, looks sane to me. I see that you was a person with last SoB in late patches in that area. Whatever it went through in your case. P.S. TBH I thought you have your own tree for things like this...
Hello,
kernel test robot noticed "WARNING:at_fs/sysfs/file.c:#sysfs_emit" on:
commit: d4004295e5502a1eb3e361e97ea4dd1686046af6 ("[PATCH v1 1/6] params: Use sysfs_emit() to instead of scnprintf()")
url: https://github.com/intel-lab-lkp/linux/commits/Andy-Shevchenko/params-Introduce-the-param_unknown_fn-type/20230912-231033
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 0bb80ecc33a8fb5a682236443c1e740d5c917d1d
patch link: https://lore.kernel.org/all/20230912150551.401537-1-andriy.shevchenko@linux.intel.com/
patch subject: [PATCH v1 1/6] params: Use sysfs_emit() to instead of scnprintf()
in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:
runtime: 300s
group: group-04
nr_groups: 5
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
what we observed is this issue doesn't always happen. we run the test upon
this commit almost 500 times, it happened 42 times.
however, the parent keeps clean.
v6.6-rc1 d4004295e5502a1eb3e361e97ea
---------------- ---------------------------
fail:runs %reproduction fail:runs
| | |
:497 8% 42:496 dmesg.EIP:sysfs_emit
:497 8% 42:496 dmesg.WARNING:at_fs/sysfs/file.c:#sysfs_emit
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202309211632.67e4c1e0-oliver.sang@intel.com
[ 243.129633][ T4012] ------------[ cut here ]------------
[ 243.130401][ T4012] invalid sysfs_emit: buf:94f9d7f6
[ 243.130980][ T4012] WARNING: CPU: 1 PID: 4012 at fs/sysfs/file.c:734 sysfs_emit (fs/sysfs/file.c:734)
[ 243.131846][ T4012] Modules linked in: rtc_cmos aesni_intel evbug parport_pc qemu_fw_cfg
[ 243.132786][ T4012] CPU: 1 PID: 4012 Comm: trinity-c5 Not tainted 6.6.0-rc1-00001-gd4004295e550 #1
[ 243.133731][ T4012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 243.134826][ T4012] EIP: sysfs_emit (fs/sysfs/file.c:734)
[ 243.135330][ T4012] Code: 5b 5e 5f 5d 31 d2 31 c9 c3 3e 8d 74 26 00 55 89 e5 8b 45 08 85 c0 74 07 a9 ff 0f 00 00 74 13 50 68 f9 89 e2 c1 e8 6e ce e0 ff <0f> 0b 59 58 31 c0 eb 12 8d 55 10 52 8b 4d 0c ba 00 10 00 00 e8 01
All code
========
0: 5b pop %rbx
1: 5e pop %rsi
2: 5f pop %rdi
3: 5d pop %rbp
4: 31 d2 xor %edx,%edx
6: 31 c9 xor %ecx,%ecx
8: c3 ret
9: 3e 8d 74 26 00 ds lea 0x0(%rsi,%riz,1),%esi
e: 55 push %rbp
f: 89 e5 mov %esp,%ebp
11: 8b 45 08 mov 0x8(%rbp),%eax
14: 85 c0 test %eax,%eax
16: 74 07 je 0x1f
18: a9 ff 0f 00 00 test $0xfff,%eax
1d: 74 13 je 0x32
1f: 50 push %rax
20: 68 f9 89 e2 c1 push $0xffffffffc1e289f9
25: e8 6e ce e0 ff call 0xffffffffffe0ce98
2a:* 0f 0b ud2 <-- trapping instruction
2c: 59 pop %rcx
2d: 58 pop %rax
2e: 31 c0 xor %eax,%eax
30: eb 12 jmp 0x44
32: 8d 55 10 lea 0x10(%rbp),%edx
35: 52 push %rdx
36: 8b 4d 0c mov 0xc(%rbp),%ecx
39: ba 00 10 00 00 mov $0x1000,%edx
3e: e8 .byte 0xe8
3f: 01 .byte 0x1
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 59 pop %rcx
3: 58 pop %rax
4: 31 c0 xor %eax,%eax
6: eb 12 jmp 0x1a
8: 8d 55 10 lea 0x10(%rbp),%edx
b: 52 push %rdx
c: 8b 4d 0c mov 0xc(%rbp),%ecx
f: ba 00 10 00 00 mov $0x1000,%edx
14: e8 .byte 0xe8
15: 01 .byte 0x1
[ 243.137360][ T4012] EAX: 00000000 EBX: c1aa8260 ECX: 00000000 EDX: 00000000
[ 243.138145][ T4012] ESI: 00000002 EDI: 00000001 EBP: eb36be20 ESP: eb36be18
[ 243.138905][ T4012] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010246
[ 243.139712][ T4012] CR0: 80050033 CR2: 00000004 CR3: 2b263000 CR4: 00040690
[ 243.142408][ T4012] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 243.143135][ T4012] DR6: fffe0ff0 DR7: 00000400
[ 243.143614][ T4012] Call Trace:
[ 243.143991][ T4012] ? show_regs (arch/x86/kernel/dumpstack.c:479 arch/x86/kernel/dumpstack.c:465)
[ 243.144451][ T4012] ? sysfs_emit (fs/sysfs/file.c:734)
[ 243.144908][ T4012] ? __warn (kernel/panic.c:673)
[ 243.145339][ T4012] ? report_bug (lib/bug.c:201 lib/bug.c:219)
[ 243.145854][ T4012] ? sysfs_emit (fs/sysfs/file.c:734)
[ 243.146345][ T4012] ? exc_overflow (arch/x86/kernel/traps.c:250)
[ 243.146841][ T4012] ? handle_bug (arch/x86/kernel/traps.c:237)
[ 243.147327][ T4012] ? exc_invalid_op (arch/x86/kernel/traps.c:258 (discriminator 1))
[ 243.147820][ T4012] ? handle_exception (arch/x86/entry/entry_32.S:1049)
[ 243.148398][ T4012] ? rwlock_bug (kernel/locking/spinlock_debug.c:147)
[ 243.148866][ T4012] ? exc_overflow (arch/x86/kernel/traps.c:250)
[ 243.149344][ T4012] ? sysfs_emit (fs/sysfs/file.c:734)
[ 243.149806][ T4012] ? exc_overflow (arch/x86/kernel/traps.c:250)
[ 243.150299][ T4012] ? sysfs_emit (fs/sysfs/file.c:734)
[ 243.150759][ T4012] param_get_int (kernel/params.c:239)
[ 243.151232][ T4012] param_array_get (kernel/params.c:485)
[ 243.151757][ T4012] param_attr_show (kernel/params.c:568)
[ 243.152295][ T4012] ? param_attr_store (kernel/params.c:560)
[ 243.152814][ T4012] ? func_ptr_is_kernel_text (kernel/params.c:890)
[ 243.153400][ T4012] module_attr_show (kernel/params.c:903)
[ 243.153930][ T4012] sysfs_kf_seq_show (fs/sysfs/file.c:60)
[ 243.154456][ T4012] kernfs_seq_show (fs/kernfs/file.c:206)
[ 243.154966][ T4012] seq_read_iter (fs/seq_file.c:230)
[ 243.155453][ T4012] ? fsnotify_perm+0x3b/0x40
[ 243.156039][ T4012] kernfs_fop_read_iter (fs/kernfs/file.c:279)
[ 243.156570][ T4012] call_read_iter+0x12/0x19
[ 243.157109][ T4012] vfs_read (fs/read_write.c:389 fs/read_write.c:470)
[ 243.157571][ T4012] ksys_read (fs/read_write.c:613)
[ 243.160726][ T4012] __ia32_sys_read (fs/read_write.c:621)
[ 243.161225][ T4012] do_int80_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:132)
[ 243.161784][ T4012] entry_INT80_32 (arch/x86/entry/entry_32.S:944)
[ 243.162309][ T4012] EIP: 0xb7f8e092
[ 243.162720][ T4012] Code: 00 00 00 e9 90 ff ff ff ff a3 24 00 00 00 68 30 00 00 00 e9 80 ff ff ff ff a3 f8 ff ff ff 66 90 00 00 00 00 00 00 00 00 cd 80 <c3> 8d b4 26 00 00 00 00 8d b6 00 00 00 00 8b 1c 24 c3 8d b4 26 00
All code
========
0: 00 00 add %al,(%rax)
2: 00 e9 add %ch,%cl
4: 90 nop
5: ff (bad)
6: ff (bad)
7: ff (bad)
8: ff a3 24 00 00 00 jmp *0x24(%rbx)
e: 68 30 00 00 00 push $0x30
13: e9 80 ff ff ff jmp 0xffffffffffffff98
18: ff a3 f8 ff ff ff jmp *-0x8(%rbx)
1e: 66 90 xchg %ax,%ax
...
28: cd 80 int $0x80
2a:* c3 ret <-- trapping instruction
2b: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
32: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
38: 8b 1c 24 mov (%rsp),%ebx
3b: c3 ret
3c: 8d .byte 0x8d
3d: b4 26 mov $0x26,%ah
...
Code starting with the faulting instruction
===========================================
0: c3 ret
1: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
8: 8d b6 00 00 00 00 lea 0x0(%rsi),%esi
e: 8b 1c 24 mov (%rsp),%ebx
11: c3 ret
12: 8d .byte 0x8d
13: b4 26 mov $0x26,%ah
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20230921/202309211632.67e4c1e0-oliver.sang@intel.com
On Thu, Sep 21, 2023 at 09:34:13PM +0800, kernel test robot wrote: > > Hello, > > kernel test robot noticed "WARNING:at_fs/sysfs/file.c:#sysfs_emit" on: > > commit: d4004295e5502a1eb3e361e97ea4dd1686046af6 ("[PATCH v1 1/6] params: Use sysfs_emit() to instead of scnprintf()") > url: https://github.com/intel-lab-lkp/linux/commits/Andy-Shevchenko/params-Introduce-the-param_unknown_fn-type/20230912-231033 > base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 0bb80ecc33a8fb5a682236443c1e740d5c917d1d > patch link: https://lore.kernel.org/all/20230912150551.401537-1-andriy.shevchenko@linux.intel.com/ > patch subject: [PATCH v1 1/6] params: Use sysfs_emit() to instead of scnprintf() > > in testcase: trinity > version: trinity-i386-abe9de86-1_20230429 > with following parameters: > > runtime: 300s > group: group-04 > nr_groups: 5 > what we observed is this issue doesn't always happen. we run the test upon > this commit almost 500 times, it happened 42 times. > however, the parent keeps clean. > > v6.6-rc1 d4004295e5502a1eb3e361e97ea > ---------------- --------------------------- > fail:runs %reproduction fail:runs > | | | > :497 8% 42:496 dmesg.EIP:sysfs_emit > :497 8% 42:496 dmesg.WARNING:at_fs/sysfs/file.c:#sysfs_emit Cool! I will check this, thank you for the report.
On Thu, Sep 21, 2023 at 06:36:38PM +0300, Andy Shevchenko wrote: > On Thu, Sep 21, 2023 at 09:34:13PM +0800, kernel test robot wrote: > > > > Hello, > > > > kernel test robot noticed "WARNING:at_fs/sysfs/file.c:#sysfs_emit" on: > > > > commit: d4004295e5502a1eb3e361e97ea4dd1686046af6 ("[PATCH v1 1/6] params: Use sysfs_emit() to instead of scnprintf()") > > url: https://github.com/intel-lab-lkp/linux/commits/Andy-Shevchenko/params-Introduce-the-param_unknown_fn-type/20230912-231033 > > base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 0bb80ecc33a8fb5a682236443c1e740d5c917d1d > > patch link: https://lore.kernel.org/all/20230912150551.401537-1-andriy.shevchenko@linux.intel.com/ > > patch subject: [PATCH v1 1/6] params: Use sysfs_emit() to instead of scnprintf() > > > > in testcase: trinity > > version: trinity-i386-abe9de86-1_20230429 > > with following parameters: > > > > runtime: 300s > > group: group-04 > > nr_groups: 5 > > > > what we observed is this issue doesn't always happen. we run the test upon > > this commit almost 500 times, it happened 42 times. > > however, the parent keeps clean. > > > > v6.6-rc1 d4004295e5502a1eb3e361e97ea > > ---------------- --------------------------- > > fail:runs %reproduction fail:runs > > | | | > > :497 8% 42:496 dmesg.EIP:sysfs_emit > > :497 8% 42:496 dmesg.WARNING:at_fs/sysfs/file.c:#sysfs_emit > > Cool! I will check this, thank you for the report. Oh, my gosh... This reveals a nice overflow bug for some getters that expect buffer to be PAGE_SIZE, but an array can be bigger than that. So, basically this is a flaw in param_array_get() which is a wrapper on top of getter and calls ->get() without any proper alignment or buffer size guarantee! While ->get() is by nature suppose to get an aligned buffer of PAGE_SIZE. Ideally we need to have an additional ->get_array_element() callback which will take an offset. Less intrusive one is to have an allocated buffer of PAGE_SIZE in the param_array_get() and ->get() to it, then copy to the real one with the offset. Any other proposals? Luis, which solution would you prefer?
diff --git a/kernel/params.c b/kernel/params.c index 2d4a0564697e..3efe6b98a600 100644 --- a/kernel/params.c +++ b/kernel/params.c @@ -222,8 +222,7 @@ char *parse_args(const char *doing, } \ int param_get_##name(char *buffer, const struct kernel_param *kp) \ { \ - return scnprintf(buffer, PAGE_SIZE, format "\n", \ - *((type *)kp->arg)); \ + return sysfs_emit(buffer, format "\n", *((type *)kp->arg)); \ } \ const struct kernel_param_ops param_ops_##name = { \ .set = param_set_##name, \ @@ -287,7 +286,7 @@ EXPORT_SYMBOL(param_set_charp); int param_get_charp(char *buffer, const struct kernel_param *kp) { - return scnprintf(buffer, PAGE_SIZE, "%s\n", *((char **)kp->arg)); + return sysfs_emit(buffer, "%s\n", *((char **)kp->arg)); } EXPORT_SYMBOL(param_get_charp); @@ -318,7 +317,7 @@ EXPORT_SYMBOL(param_set_bool); int param_get_bool(char *buffer, const struct kernel_param *kp) { /* Y and N chosen as being relatively non-coder friendly */ - return sprintf(buffer, "%c\n", *(bool *)kp->arg ? 'Y' : 'N'); + return sysfs_emit(buffer, "%c\n", *(bool *)kp->arg ? 'Y' : 'N'); } EXPORT_SYMBOL(param_get_bool); @@ -377,7 +376,7 @@ EXPORT_SYMBOL(param_set_invbool); int param_get_invbool(char *buffer, const struct kernel_param *kp) { - return sprintf(buffer, "%c\n", (*(bool *)kp->arg) ? 'N' : 'Y'); + return sysfs_emit(buffer, "%c\n", (*(bool *)kp->arg) ? 'N' : 'Y'); } EXPORT_SYMBOL(param_get_invbool); @@ -525,7 +524,8 @@ EXPORT_SYMBOL(param_set_copystring); int param_get_string(char *buffer, const struct kernel_param *kp) { const struct kparam_string *kps = kp->str; - return scnprintf(buffer, PAGE_SIZE, "%s\n", kps->string); + + return sysfs_emit(buffer, "%s\n", kps->string); } EXPORT_SYMBOL(param_get_string); @@ -859,7 +859,7 @@ ssize_t __modver_version_show(struct module_attribute *mattr, struct module_version_attribute *vattr = container_of(mattr, struct module_version_attribute, mattr); - return scnprintf(buf, PAGE_SIZE, "%s\n", vattr->version); + return sysfs_emit(buf, "%s\n", vattr->version); } extern const struct module_version_attribute __start___modver[];