Re: kernel/printk/printk.c: Invalid access when buffer wraps around?
From: Sergey Senozhatsky
Date: Sun Jul 31 2016 - 04:47:30 EST
Hello,
sorry for long reply. do you see this in practice?
On (07/25/16 11:22), Vincent Brillault wrote:
[..]
> To be specific, these circonstances are:
> - The buffer is almost full and the `log_next_seq` is closed to the end,
> but there is still place for small messages
> - A reader updates its index and sequence to log_next_*
> - The next message is too large, resulting in the buffer wrapping-around and
> a zeroed header to be added at the reader index position
> - The buffer is completely filled with new messages but without wrapping:
> + The last message must not wrap around (thus log_first_seq will be equal to
> the readers's index)
> + The last message must override the zeroed header (Trigerring the bug)
> - The reader starts reading again, finding random data instead of the zero
> 'len' it was supposed to read...
the first printk()->console_unlock() to notice `seen_seq != log_next_seq`
will wakeup a task from log_wait, sleeping on
wait_event_interruptible(seq != log_next_seq)
so I believe your assumption here is that we wrap around and then fill up
the log_buf again without waking up the klogd even once, correct?
CPU0 CPU1
console_lock();
printk();
... devkmsg_read();
printk();
console_unlock();
like the above?
-ss