[PATCH v1 0/3] lib/string_helpers et al.: Change return value of strreplace()

[PATCH v1 0/3] lib/string_helpers et al.: Change return value of strreplace()

[Andy Shevchenko]

It's more convenient to have strreplace() to return the original
pointer. This will help users to make their code better.

The patch 1 kills the only user of the returned value of strreplace(),
Patch 2 converts the return value of strreplace(). And patch 3 shows
how it may be useful.That said, the series can be routed via fs tree,
with or without the last patch.

Andy Shevchenko (3):
  jbd2: Avoid printing out the boundary
  lib/string_helpers: Change returned value of the strreplace()
  kobject: Use return value of strreplace()

 fs/jbd2/journal.c      |  5 ++---
 include/linux/string.h |  2 +-
 lib/kobject.c          |  3 +--
 lib/string_helpers.c   | 10 +++++++---
 4 files changed, 11 insertions(+), 9 deletions(-)

-- 
2.40.0.1.gaa8946217a0b

[PATCH v1 1/3] jbd2: Avoid printing out the boundary

[Andy Shevchenko]

Theoretically possible that "%pg" will take all room for the j_devname
and hence the "-%lu" will go out the boundary due to unconditional
sprintf() in use. To make this code more robust, replace two sequential
s*printf():s by a single call and then replace forbidden character.
It's possible to do this way, because '/' won't ever be in the result
of "-%lu".

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
---
 fs/jbd2/journal.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
index 8ae419152ff6..00c0aa4a3a91 100644
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -1515,9 +1515,8 @@ journal_t *jbd2_journal_init_inode(struct inode *inode)
 
 	journal->j_inode = inode;
 	snprintf(journal->j_devname, sizeof(journal->j_devname),
-		 "%pg", journal->j_dev);
-	p = strreplace(journal->j_devname, '/', '!');
-	sprintf(p, "-%lu", journal->j_inode->i_ino);
+		 "%pg-%lu", journal->j_dev, journal->j_inode->i_ino);
+	strreplace(journal->j_devname, '/', '!');
 	jbd2_stats_proc_init(journal);
 
 	return journal;
-- 
2.40.0.1.gaa8946217a0b

Re: [PATCH v1 1/3] jbd2: Avoid printing out the boundary

[kernel test robot]

Hi Andy,

I love your patch! Perhaps something to improve:

[auto build test WARNING on driver-core/driver-core-testing]
[also build test WARNING on driver-core/driver-core-next driver-core/driver-core-linus kees/for-next/pstore kees/for-next/kspp tytso-ext4/dev linus/master v6.3-rc3 next-20230322]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Andy-Shevchenko/jbd2-Avoid-printing-out-the-boundary/20230322-221425
patch link:    https://lore.kernel.org/r/20230322141206.56347-2-andriy.shevchenko%40linux.intel.com
patch subject: [PATCH v1 1/3] jbd2: Avoid printing out the boundary
config: x86_64-kexec (https://download.01.org/0day-ci/archive/20230323/202303230045.2JeedPWH-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-8) 11.3.0
reproduce (this is a W=1 build):
        # https://github.com/intel-lab-lkp/linux/commit/6154f5a987ef2ce0084db0eb245d2c3bcde2a02a
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Andy-Shevchenko/jbd2-Avoid-printing-out-the-boundary/20230322-221425
        git checkout 6154f5a987ef2ce0084db0eb245d2c3bcde2a02a
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        make W=1 O=build_dir ARCH=x86_64 olddefconfig
        make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash fs/jbd2/

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>
| Link: https://lore.kernel.org/oe-kbuild-all/202303230045.2JeedPWH-lkp@intel.com/

All warnings (new ones prefixed by >>):

   fs/jbd2/journal.c: In function 'jbd2_journal_init_inode':
>> fs/jbd2/journal.c:1491:15: warning: unused variable 'p' [-Wunused-variable]
    1491 |         char *p;
         |               ^


vim +/p +1491 fs/jbd2/journal.c

470decc613ab20 Dave Kleikamp     2006-10-11  1478  
470decc613ab20 Dave Kleikamp     2006-10-11  1479  /**
f7f4bccb729844 Mingming Cao      2006-10-11  1480   *  journal_t * jbd2_journal_init_inode () - creates a journal which maps to a inode.
470decc613ab20 Dave Kleikamp     2006-10-11  1481   *  @inode: An inode to create the journal in
470decc613ab20 Dave Kleikamp     2006-10-11  1482   *
f7f4bccb729844 Mingming Cao      2006-10-11  1483   * jbd2_journal_init_inode creates a journal which maps an on-disk inode as
470decc613ab20 Dave Kleikamp     2006-10-11  1484   * the journal.  The inode must exist already, must support bmap() and
470decc613ab20 Dave Kleikamp     2006-10-11  1485   * must have all data blocks preallocated.
470decc613ab20 Dave Kleikamp     2006-10-11  1486   */
f7f4bccb729844 Mingming Cao      2006-10-11  1487  journal_t *jbd2_journal_init_inode(struct inode *inode)
470decc613ab20 Dave Kleikamp     2006-10-11  1488  {
f0c9fd5458bacf Geliang Tang      2016-09-15  1489  	journal_t *journal;
30460e1ea3e62f Carlos Maiolino   2020-01-09  1490  	sector_t blocknr;
05496769e5da83 Theodore Ts'o     2008-09-16 @1491  	char *p;
30460e1ea3e62f Carlos Maiolino   2020-01-09  1492  	int err = 0;
30460e1ea3e62f Carlos Maiolino   2020-01-09  1493  
30460e1ea3e62f Carlos Maiolino   2020-01-09  1494  	blocknr = 0;
30460e1ea3e62f Carlos Maiolino   2020-01-09  1495  	err = bmap(inode, &blocknr);
470decc613ab20 Dave Kleikamp     2006-10-11  1496  
30460e1ea3e62f Carlos Maiolino   2020-01-09  1497  	if (err || !blocknr) {
f0c9fd5458bacf Geliang Tang      2016-09-15  1498  		pr_err("%s: Cannot locate journal superblock\n",
f0c9fd5458bacf Geliang Tang      2016-09-15  1499  			__func__);
f0c9fd5458bacf Geliang Tang      2016-09-15  1500  		return NULL;
f0c9fd5458bacf Geliang Tang      2016-09-15  1501  	}
f0c9fd5458bacf Geliang Tang      2016-09-15  1502  
cb3b3bf22cf337 Jan Kara          2022-06-08  1503  	jbd2_debug(1, "JBD2: inode %s/%ld, size %lld, bits %d, blksize %ld\n",
f0c9fd5458bacf Geliang Tang      2016-09-15  1504  		  inode->i_sb->s_id, inode->i_ino, (long long) inode->i_size,
f0c9fd5458bacf Geliang Tang      2016-09-15  1505  		  inode->i_sb->s_blocksize_bits, inode->i_sb->s_blocksize);
f0c9fd5458bacf Geliang Tang      2016-09-15  1506  
f0c9fd5458bacf Geliang Tang      2016-09-15  1507  	journal = journal_init_common(inode->i_sb->s_bdev, inode->i_sb->s_bdev,
f0c9fd5458bacf Geliang Tang      2016-09-15  1508  			blocknr, inode->i_size >> inode->i_sb->s_blocksize_bits,
f0c9fd5458bacf Geliang Tang      2016-09-15  1509  			inode->i_sb->s_blocksize);
470decc613ab20 Dave Kleikamp     2006-10-11  1510  	if (!journal)
470decc613ab20 Dave Kleikamp     2006-10-11  1511  		return NULL;
470decc613ab20 Dave Kleikamp     2006-10-11  1512  
470decc613ab20 Dave Kleikamp     2006-10-11  1513  	journal->j_inode = inode;
900d156bac2bc4 Christoph Hellwig 2022-07-13  1514  	snprintf(journal->j_devname, sizeof(journal->j_devname),
6154f5a987ef2c Andy Shevchenko   2023-03-22  1515  		 "%pg-%lu", journal->j_dev, journal->j_inode->i_ino);
6154f5a987ef2c Andy Shevchenko   2023-03-22  1516  	strreplace(journal->j_devname, '/', '!');
8e85fb3f305b24 Johann Lombardi   2008-01-28  1517  	jbd2_stats_proc_init(journal);
470decc613ab20 Dave Kleikamp     2006-10-11  1518  
470decc613ab20 Dave Kleikamp     2006-10-11  1519  	return journal;
470decc613ab20 Dave Kleikamp     2006-10-11  1520  }
470decc613ab20 Dave Kleikamp     2006-10-11  1521  

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests

Re: [PATCH v1 1/3] jbd2: Avoid printing out the boundary

[Jan Kara]

On Wed 22-03-23 16:12:04, Andy Shevchenko wrote:
> Theoretically possible that "%pg" will take all room for the j_devname
> and hence the "-%lu" will go out the boundary due to unconditional
> sprintf() in use. To make this code more robust, replace two sequential
> s*printf():s by a single call and then replace forbidden character.
> It's possible to do this way, because '/' won't ever be in the result
> of "-%lu".
> 
> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

Looks good. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/jbd2/journal.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
> index 8ae419152ff6..00c0aa4a3a91 100644
> --- a/fs/jbd2/journal.c
> +++ b/fs/jbd2/journal.c
> @@ -1515,9 +1515,8 @@ journal_t *jbd2_journal_init_inode(struct inode *inode)
>  
>  	journal->j_inode = inode;
>  	snprintf(journal->j_devname, sizeof(journal->j_devname),
> -		 "%pg", journal->j_dev);
> -	p = strreplace(journal->j_devname, '/', '!');
> -	sprintf(p, "-%lu", journal->j_inode->i_ino);
> +		 "%pg-%lu", journal->j_dev, journal->j_inode->i_ino);
> +	strreplace(journal->j_devname, '/', '!');
>  	jbd2_stats_proc_init(journal);
>  
>  	return journal;
> -- 
> 2.40.0.1.gaa8946217a0b
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH v1 1/3] jbd2: Avoid printing out the boundary

[Andy Shevchenko]

On Thu, Mar 23, 2023 at 10:53:46AM +0100, Jan Kara wrote:
> On Wed 22-03-23 16:12:04, Andy Shevchenko wrote:
> > Theoretically possible that "%pg" will take all room for the j_devname
> > and hence the "-%lu" will go out the boundary due to unconditional
> > sprintf() in use. To make this code more robust, replace two sequential
> > s*printf():s by a single call and then replace forbidden character.
> > It's possible to do this way, because '/' won't ever be in the result
> > of "-%lu".
> > 
> > Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> 
> Looks good. Feel free to add:
> 
> Reviewed-by: Jan Kara <jack@suse.cz>

Thank you! I'll incorporate this into v2 with dropping not anymore used
variable (as found by LKP).

-- 
With Best Regards,
Andy Shevchenko

[PATCH v1 2/3] lib/string_helpers: Change returned value of the strreplace()

[Andy Shevchenko]

It's more useful to return the original string with strreplace(),
so it may be used like

	attr->name = strreplace(name, '/', '_');

While at it, amend the kernel documentation.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
---
 include/linux/string.h |  2 +-
 lib/string_helpers.c   | 10 +++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/include/linux/string.h b/include/linux/string.h
index a7bff7ed3cb0..cb0c24ce0826 100644
--- a/include/linux/string.h
+++ b/include/linux/string.h
@@ -169,7 +169,7 @@ static inline void memcpy_flushcache(void *dst, const void *src, size_t cnt)
 #endif
 
 void *memchr_inv(const void *s, int c, size_t n);
-char *strreplace(char *s, char old, char new);
+char *strreplace(char *str, char old, char new);
 
 extern void kfree_const(const void *x);
 
diff --git a/lib/string_helpers.c b/lib/string_helpers.c
index 230020a2e076..ab7b1577cbcf 100644
--- a/lib/string_helpers.c
+++ b/lib/string_helpers.c
@@ -979,14 +979,18 @@ EXPORT_SYMBOL(__sysfs_match_string);
 
 /**
  * strreplace - Replace all occurrences of character in string.
- * @s: The string to operate on.
+ * @str: The string to operate on.
  * @old: The character being replaced.
  * @new: The character @old is replaced with.
  *
- * Returns pointer to the nul byte at the end of @s.
+ * Replaces the each @old character with a @new one in the given string @str.
+ *
+ * Return: pointer to the original string @str.
  */
-char *strreplace(char *s, char old, char new)
+char *strreplace(char *str, char old, char new)
 {
+	char *s = str;
+
 	for (; *s; ++s)
 		if (*s == old)
 			*s = new;
-- 
2.40.0.1.gaa8946217a0b

Re: [PATCH v1 2/3] lib/string_helpers: Change returned value of the strreplace()

[Kees Cook]

On Wed, Mar 22, 2023 at 04:12:05PM +0200, Andy Shevchenko wrote:
> It's more useful to return the original string with strreplace(),

I found the use of "original" confusing here and in the comments. This
just returns arg 1, yes? i.e. it's not the original (unreplaced) string,
but rather just the string itself.

I agree, though, that's much more useful than a pointer to the end of
the string.

-Kees

-- 
Kees Cook

Re: [PATCH v1 2/3] lib/string_helpers: Change returned value of the strreplace()

[Andy Shevchenko]

On Wed, Mar 22, 2023 at 09:51:22AM -0700, Kees Cook wrote:
> On Wed, Mar 22, 2023 at 04:12:05PM +0200, Andy Shevchenko wrote:
> > It's more useful to return the original string with strreplace(),
> 
> I found the use of "original" confusing here and in the comments. This
> just returns arg 1, yes? i.e. it's not the original (unreplaced) string,
> but rather just the string itself.

Yes.

Okay, I will try my best as non-native speaker to fix that for v2. Meanwhile
I'm open ears for the better suggestions.

> I agree, though, that's much more useful than a pointer to the end of
> the string.

Thank you!

-- 
With Best Regards,
Andy Shevchenko

RE: [PATCH v1 2/3] lib/string_helpers: Change returned value of the strreplace()

[David Laight]

From: Kees Cook
> Sent: 22 March 2023 16:51
> 
> On Wed, Mar 22, 2023 at 04:12:05PM +0200, Andy Shevchenko wrote:
> > It's more useful to return the original string with strreplace(),

Won't that break anything that is using the result?

> I found the use of "original" confusing here and in the comments. This
> just returns arg 1, yes? i.e. it's not the original (unreplaced) string,
> but rather just the string itself.
> 
> I agree, though, that's much more useful than a pointer to the end of
> the string.

If you want a pointer to the start of the string, you've
already got it.
Almost all the time you can do the assignment first.

But if you want a pointer to the end you'll need to scan it again.

I have a feeling that the reason many of the string functions
return the original pointer is a historic side effect of
the original implementation.
Going back to before C had a 'return' statement.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

[PATCH v1 3/3] kobject: Use return value of strreplace()

[Andy Shevchenko]

Since strreplace() returns the pointer to the original string,
we may use it directly in the code.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
---
 lib/kobject.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/kobject.c b/lib/kobject.c
index f79a434e1231..16d530f9c174 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
@@ -281,8 +281,7 @@ int kobject_set_name_vargs(struct kobject *kobj, const char *fmt,
 		kfree_const(s);
 		if (!t)
 			return -ENOMEM;
-		strreplace(t, '/', '!');
-		s = t;
+		s = strreplace(t, '/', '!');
 	}
 	kfree_const(kobj->name);
 	kobj->name = s;
-- 
2.40.0.1.gaa8946217a0b