On Wed 2019-05-15 09:23:05, Geert Uytterhoeven wrote: > Hi Steve, > > On Tue, May 14, 2019 at 9:35 PM Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > > On Tue, 14 May 2019 21:13:06 +0200 > > Geert Uytterhoeven <geert@xxxxxxxxxxxxxx> wrote: > > > > > Do we care about the value? "(-E%u)"? > > > > > > > > That too could be confusing. What would (-E22) be considered by a user > > > > doing an sprintf() on some string. I know that would confuse me, or I > > > > would think that it was what the %pX displayed, and wonder why it > > > > displayed it that way. Whereas "(fault)" is quite obvious for any %p > > > > use case. > > > > > > I would immediately understand there's a missing IS_ERR() check in a > > > function that can return -EINVAL, without having to add a new printk() > > > to find out what kind of bogus value has been received, and without > > > having to reboot, and trying to reproduce... > > > > I have to ask. Has there actually been a case that you used a %pX and > > it faulted, and you had to go back to find what the value of the > > failure was? > > If it faulted, the bad pointer value is obvious from the backtrace. > If the code avoids the fault by verifying the pointer and returning > "(efault)" instead, the bad pointer value is lost. > > Or am I missing something? Should buggy printk() crash the system? Another problem is that vsprintf() is called in printk() under lockbuf_lock. The messages are stored into printk_safe per CPU buffers. It allows to see the nested messages. But there is still a bigger risk of missing them than with a "normal" fault. Finally, various variants of these checks were already used in "random" printf formats. The only change is that we are using them consistently everywhere[*] a pointer is accessed. [*] Just the top level pointer is checked. Some pointer modifiers are accessing ptr->ptr->val. The lower level pointers are not checked to avoid too much complexity. Best Regards, Petr
