-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andi Kleen wrote: > Jeff Mahoney <jeffm@xxxxxxxx> writes: > >> The formatting of the error buffer is race prone. It uses static buffers >> for both formatting and output. While overwriting the error buffer >> can product garbled output, overwriting the format buffer with incompatible >> % directives can cause crashes. > > Really? Just curious but could you describe the steps how a garbled printk can > leads to a crash? Yeah, I was surprised by this one as well, but I was convinced by seeing too many crashes that ended in prepare_error_buf with no other explanation. Reiserfs has this really hacky way of formatting extended pointer types where it copies the format buffer into a static buffer. If another thread copies its format string into the format buffer while the first thread is formatting its output, it can hit a pointer format that will consume whatever happens to be on the stack whether it's valid or not. I posted patches implementing extensible pointer types for printk to avoid problems like this, but nobody commented on them. prepare_error_buf() depends on undefined varargs behavior that just happens to work. Something changed recently where I had to change it stop consuming args manually, which is in another patch. - -Jeff - -- Jeff Mahoney SUSE Labs -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAknRHlcACgkQLPWxlyuTD7JgtACgiLRbO1IGhvKjmg6wCcZDhR9i jkwAn0e81mXl6JvgZqmKqK8f09fApaoq =fB0H -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe reiserfs-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
