From: Frederic Weisbecker <fweisbec@gmail.com>
To: Roel Kluin <roel.kluin@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>,
lkml <linux-kernel@vger.kernel.org>, Ingo Molnar <mingo@elte.hu>
Subject: Re: [PATCH] ftrace: unsigned idx cannot be less than 0
Date: Fri, 2 Jan 2009 22:11:41 +0100 [thread overview]
Message-ID: <20090102211140.GA5770@nowhere> (raw)
In-Reply-To: <495E68F5.5010309@gmail.com>
On Fri, Jan 02, 2009 at 08:20:21PM +0100, Roel Kluin wrote:
> Frederic Weisbecker wrote:
> > On Fri, Jan 02, 2009 at 03:49:43PM +0100, Roel Kluin wrote:
> >> // vi kernel/trace/ftrace.c +787
> >> struct ftrace_iterator {
> >> ...
> >> unsigned idx;
> >> ...
> >> };
> >>
> >> idx is unsigned and cannot be less than 0.
> >>
> >> Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
> >> ---
> >> diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
> >> index 2f32969..a344add 100644
> >> --- a/kernel/trace/ftrace.c
> >> +++ b/kernel/trace/ftrace.c
> >> @@ -842,7 +842,7 @@ static void *t_start(struct seq_file *m, loff_t *pos)
> >> void *p = NULL;
> >>
> >> if (*pos > 0) {
> >> - if (iter->idx < 0)
> >> + if (iter->idx == 0)
> >> return p;
> >> (*pos)--;
> >> iter->idx--;
> >
> >
> > Hi Roel,
> >
> > I'm not sure this is the right fix.
> > If you look at t_next, if there is no more page to look at,
> > iter_idx takes -1.
> >
> > A 0 value would mean: we are in the first index on the page, which means
> > there is something to read and we don't want to return NULL.
> >
> > I guess that would be better to turn idx into a signed int.
>
> If we turn idx in a signed int, isn't it true that
> in kernel/trace/ftrace.c, line 806:
>
> retry:
> if (iter->idx >= iter->pg->index) {
> ...
> } else {
> iter->idx++;
> if ( a certain rec-> and iter->flags )
> goto retry;
> }
>
> since iter->pg->index is an unsigned long, when larger than INT_MAX this
> could result in an endless loop?
>
> Roel
Actually, this is not supposed to reach such a threshold.
Looks like it wouldn't increase over ENTRIES_PER_PAGE (defined
in ftrace.c) which is smaller than PAGE_SIZE.
So it will stay far from an overflow.
I don't think this type conversion would be an issue. But perhaps
there are other things that I don't see.
next prev parent reply other threads:[~2009-01-02 21:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-02 14:49 [PATCH] ftrace: unsigned idx cannot be less than 0 Roel Kluin
2009-01-02 15:48 ` Frederic Weisbecker
2009-01-02 19:20 ` Roel Kluin
2009-01-02 21:11 ` Frederic Weisbecker [this message]
2009-01-03 15:55 ` [PATCH v2] " Roel Kluin
2009-01-06 15:49 ` [PATCH] " Steven Rostedt
2009-01-06 15:58 ` Frédéric Weisbecker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090102211140.GA5770@nowhere \
--to=fweisbec@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=roel.kluin@gmail.com \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.