Re: [PATCH v2] binder: use buffer offsets in debug logs

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Carlos Llamas <cmllamas@google.com>
To: "Tiffany Y. Yang" <ynaffit@google.com>
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Arve Hjønnevåg" <arve@android.com>,
	"Todd Kjos" <tkjos@android.com>,
	"Martijn Coenen" <maco@android.com>,
	"Joel Fernandes" <joel@joelfernandes.org>,
	"Christian Brauner" <brauner@kernel.org>,
	"Suren Baghdasaryan" <surenb@google.com>,
	linux-kernel@vger.kernel.org, kernel-team@android.com
Subject: Re: [PATCH v2] binder: use buffer offsets in debug logs
Date: Tue, 25 Mar 2025 20:45:48 +0000	[thread overview]
Message-ID: <Z-MV_KoW2w9F0HZw@google.com> (raw)
In-Reply-To: <dbx8v7ryym9o.fsf@ynaffit-start.c.googlers.com>

On Tue, Mar 25, 2025 at 12:41:39AM +0000, Tiffany Y. Yang wrote:
> Carlos Llamas <cmllamas@google.com> writes:
> 
> > On Mon, Mar 24, 2025 at 06:07:18PM +0000, Tiffany Y. Yang wrote:
> >> Identify buffer addresses using vma offsets instead of full user
> >> addresses in debug logs.
> >> 
> >> Signed-off-by: Tiffany Y. Yang <ynaffit@google.com>
> >> ---
> >>  drivers/android/binder.c | 31 ++++++++++++++++---------------
> >>  1 file changed, 16 insertions(+), 15 deletions(-)
> >> 
> >> diff --git a/drivers/android/binder.c b/drivers/android/binder.c
> >> index d1aa6d24450a..994ae205aa07 100644
> >> --- a/drivers/android/binder.c
> >> +++ b/drivers/android/binder.c
> >> @@ -3261,20 +3261,20 @@ static void binder_transaction(struct binder_proc *proc,
> >>  
> >>  	if (reply)
> >>  		binder_debug(BINDER_DEBUG_TRANSACTION,
> >> -			     "%d:%d BC_REPLY %d -> %d:%d, data %016llx-%016llx size %lld-%lld-%lld\n",
> >> +			     "%d:%d BC_REPLY %d -> %d:%d, buffer offset %lx-%lx size %lld-%lld-%lld\n",
> >>  			     proc->pid, thread->pid, t->debug_id,
> >>  			     target_proc->pid, target_thread->pid,
> >> -			     (u64)tr->data.ptr.buffer,
> >> -			     (u64)tr->data.ptr.offsets,
> >> +			     (unsigned long)tr->data.ptr.buffer - proc->alloc.buffer,
> >> +			     (unsigned long)tr->data.ptr.offsets - proc->alloc.buffer,
> >
> > These could be pointers to anywhere in user memory, not necessarily the
> > alloc->buffer. So there will be cases where this substraction doesn't
> > make sense. However, you are correct that we shouldn't log these addrs
> > so maybe just don't? wdyt?
> >
> 
> Ah, in that case I think it makes sense to remove them here. What
> do you think about printing the full buffer and offsets values in cases
> where we would print a binder_user_error or binder_transaction_error
> instead. Ideally, I would try to limit this to cases when the data or
> offsets ptr is invalid / copy would fail. Ostensibly this wouldn't
> reveal dangerous information about the user address space because the
> print statements would only happen when the data wasn't where it was
> supposed to be and it would help with debugging, but I'm not sure if
> this line of thought makes sense...

My 2 cents...

I'm sure there will be a _few_ exceptions in which having the pointers
from binder_transaction_data logged would aid debugging. However, this
won't be info that most users care about. In practice, logging an error
with "invalid buffer/offsets pointer" message is enough.

There are _other_ pointers that users do care about when debugging, such
as binder_ptr_cookie but not these. So I think is better if we don't log
them at all, as calculating an "offset" is not possible either.

--
Carlos Llamas

next prev parent reply	other threads:[~2025-03-25 20:45 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-24 18:07 [PATCH v2] binder: use buffer offsets in debug logs Tiffany Y. Yang
2025-03-24 18:23 ` Greg Kroah-Hartman
2025-03-24 18:48 ` Carlos Llamas
2025-03-25  0:41   ` Tiffany Y. Yang
2025-03-25 20:45     ` Carlos Llamas [this message]
2025-03-27 21:11       ` Tiffany Y. Yang

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Z-MV_KoW2w9F0HZw@google.com \
    --to=cmllamas@google.com \
    --cc=arve@android.com \
    --cc=brauner@kernel.org \
    --cc=gregkh@linuxfoundation.org \
    --cc=joel@joelfernandes.org \
    --cc=kernel-team@android.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maco@android.com \
    --cc=surenb@google.com \
    --cc=tkjos@android.com \
    --cc=ynaffit@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.