From: Al Viro <viro@ZenIV.linux.org.uk>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: keescook@chromium.org, joe@perches.com, linux@horizon.com,
akpm@linux-foundation.org, dan.carpenter@oracle.com,
davem@davemloft.net, eldad@fogrefinery.com, jbeulich@suse.com,
jkosina@suse.cz, linux-kernel@vger.kernel.org,
rdunlap@infradead.org
Subject: Re: [PATCH] vsprintf: drop comment claiming %n is ignored
Date: Sat, 14 Sep 2013 04:48:02 +0100 [thread overview]
Message-ID: <20130914034801.GA13318@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20130914030521.GZ13318@ZenIV.linux.org.uk>
On Sat, Sep 14, 2013 at 04:05:21AM +0100, Al Viro wrote:
> Again, the normal return value of ->show() is 0 and that includes the case of
> overflow. THE ONLY reason to check for overflow early is when subsequent
> output of ->show() takes long to generate and we want to skip that and
> have seq_read() do realloc-and-call-show-again immediately. And in that
> case the right fix is often to get saner iterator and stop shoving everything
> into a single ->show() call...
Actually, let's take a look at the suckers.
* a bunch in arch/arm/plat-pxa/dma.c:dbg_show_requester_chan(): all buggy;
shouldn't care about pos at all and return 0. Additionally,
dbg_show_descriptors() is buggy _and_ dumb - max_show shouldn't exist at all
and it shouldn't be using single_open(); it's iterating over a linked list,
for fsck sake...
* cris fasttimer: apparently valid "skip pointless work if we'd overflown"
uses; not sure if it's really needed here.
* cris show_cpuinfo(): buggy, should return 0 regardless.
* microblaze show_cpuinfo(): pointless sum is calculated and never used.
* openrisc show_cpuinfo(): buggy, should return 0 regardless.
* s390 pci_perf_show(): ditto.
* mtrr_seq_show(): pointless sum is calculated and never used.
* print_wakeup_source_stats(): buggy, should return 0 regardless.
* i8k_proc_show(): ditto.
* 3 ->show() instances in impi: ditto.
* i2o_report_query_status(): ditto.
* drivers/mfd/ab8500-debugfs.c:ab8500_registers_print(): legimitate use,
a side effect of lousy iterator, unfortunately complicated by the same
thing used for printk as well.
* same file, in ab8500_print_modem_registers() - return value of seq_printf()
is stored in local variable and immediately overwritten.
* same file, a metric arseload of return seq_printf(....): buggy, should
return 0.
* doc3g: ditto.
* drivers/parisc callers: pointless sums calculated and never used.
* drivers/regulator/dbx500-prcmu.c: somebody got religious about reporting
!!!scary!!! overflows. Even though debugging printks are completely pointless
there.
* drivers/rtc: return value passed to caller and discarded there. If it ever
stops being discarded, we'll get a bug.
drivers/s390/cio/blacklist.c: buggy, should return 0.
lustre: a bunch "should return 0" cases, AFAICS all of them are of that kind.
rtl8192*: a couple of such cases.
* drivers/usb/gadget/goku_udc.c: apparently valid uses, this time with what
looks like a damn good reason to skip extra work - it's reading from IO
ports and that can be slow.
* drivers/usb/gadget/pxa27x_udc.c: pointless sums discarded.
* debugfs_print_regs32(): should return 0. The only caller ignores its
return value, fortunately, otherwise we'd have bugs.
* fs/dlm: valid, but very likely to be begging for better iterators.
* fs/proc children_seq_show(): buggy, should return 0.
* sysvipc_proc_show() and stuff it's calling (i.e. all show_... in
ipc/*): buggy, should return 0.
Enough for now...
Overall: I suspect that Joe might be right. The very few callers that
use the return value and use it correctly can bloody well call
seq_overflow(), preferably with a detailed comment about the reasons
for doing so. Anything that really wants the length of output (if we
have such places at all) can use %n or see Figure 1. I haven't
crawled through lib/*, net/* and sound/* yet, but that's how the things
look so far.
next prev parent reply other threads:[~2013-09-14 3:48 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-11 19:30 [PATCH] vsprintf: drop comment claiming %n is ignored Kees Cook
2013-09-11 20:06 ` Joe Perches
2013-09-11 20:18 ` Kees Cook
2013-09-11 20:20 ` Joe Perches
2013-09-11 20:30 ` KOSAKI Motohiro
2013-09-11 20:28 ` Joe Perches
2013-09-13 19:53 ` George Spelvin
2013-09-13 22:27 ` Joe Perches
2013-09-13 23:03 ` Kees Cook
2013-09-13 23:23 ` Joe Perches
2013-09-16 2:53 ` George Spelvin
2013-09-14 2:17 ` Al Viro
2013-09-14 2:49 ` Tetsuo Handa
2013-09-14 3:05 ` Al Viro
2013-09-14 3:48 ` Al Viro [this message]
2013-09-14 4:53 ` Al Viro
2013-09-14 5:26 ` Joe Perches
2013-09-12 7:03 ` Jan Beulich
2013-09-12 7:31 ` Kees Cook
2013-09-12 7:51 ` Jan Beulich
2013-09-12 7:57 ` Dan Carpenter
2013-09-13 19:49 ` George Spelvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130914034801.GA13318@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=dan.carpenter@oracle.com \
--cc=davem@davemloft.net \
--cc=eldad@fogrefinery.com \
--cc=jbeulich@suse.com \
--cc=jkosina@suse.cz \
--cc=joe@perches.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@horizon.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=rdunlap@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.