Re: [PATCH] vsprintf: protect kernel from panic due to non-canonical pointer dereference

From: Andy Shevchenko
Date: Thu Oct 20 2022 - 09:57:35 EST


On Thu, Oct 20, 2022 at 09:44:05AM +0200, Petr Mladek wrote:
> On Tue 2022-10-18 23:49:27, Andy Shevchenko wrote:
> > On Tue, Oct 18, 2022 at 08:30:01PM +0000, Jane Chu wrote:

...

> > Obviously, to see the crash. And let kernel _to crash_. Isn't it what we need
> > to see a bug as early as possible?
>
> I do not agree here. Kernel tries to survive many situations when
> thighs does not work as expected. It prints a warning so that
> users/developers are aware of the problem and could fix it.

How the user will know what the root cause and how to fix it? The crash
report will give all needed information, the "(eXXXXXX)" will hide it all,
which I consider inappropriate approach.

I.o.w. consider "(eXXXXXX)" vs. something like "your stuff crashed kernel
because of misaligned / etc pointer which has value of 0xXXXXXXXX and other
registers have these values" and so on, so on...

> In our case, the crash happened when reading a sysfs file.
> IMHO, it is much better to show (-EINVAL) than crash. The bug
> when accessing devX_attrY[] does not affect the stability of
> the system at all.

When I got "eXXXXX" from cat /sys/... I think "OK, something went wrong,
I shouldn't really take it seriously". And completely different feelings
when you got a crash, right?

> And the broken string might be passed in a very rare case,
> e.g. in an error path. So that it might be hard to catch
> when testing.

--
With Best Regards,
Andy Shevchenko