From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7DB9C83F1A for ; Fri, 11 Jul 2025 06:05:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5EE3C6B0096; Fri, 11 Jul 2025 02:05:48 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5C5826B0098; Fri, 11 Jul 2025 02:05:48 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 502636B0099; Fri, 11 Jul 2025 02:05:48 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 41BFF6B0096 for ; Fri, 11 Jul 2025 02:05:48 -0400 (EDT) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 1AE96C0609 for ; Fri, 11 Jul 2025 06:05:46 +0000 (UTC) X-FDA: 83650947492.12.F39F420 Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by imf17.hostedemail.com (Postfix) with ESMTP id 2F51C40003 for ; Fri, 11 Jul 2025 06:05:43 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=WYu6Fp1U; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf17.hostedemail.com: domain of ma.uecker@gmail.com designates 209.85.128.48 as permitted sender) smtp.mailfrom=ma.uecker@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1752213944; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=E7DKDfxJvck0LHqqh3ys40NEXmDsPAV+8zsSFbCeAIw=; b=ubzVNSyjgK+v/mcP5aJGKQas4t6i5Sy126kiqBcG9Krzvd/gKGVCZXfUUxGuJ0hf4q8IwZ R1TCDWKCAZKz3bGdtntEgaGEzL39/sS0Rsck1VOWzAHZeYqr3pWjtDjb9eP3SJt2nV5TRT elwLZkhzhd0nPObOkag/GcNbsGNXAvQ= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=WYu6Fp1U; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf17.hostedemail.com: domain of ma.uecker@gmail.com designates 209.85.128.48 as permitted sender) smtp.mailfrom=ma.uecker@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752213944; a=rsa-sha256; cv=none; b=BamjDzPKc6UBPzwpEt8A3C9NaYP1Xy5mFPg96aZZALzy3HguvxEOvPbBYdbuY0zDONrVUS heh2t9VY9jLRFwaTeug30l7rE33PxgpGCB7pNfPLRD+E5I7giDw0vfgraYKyE2Vfd0ms21 jB3FOcHWeyNAx9Rbo8l5z7mzc8Qm84M= Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-451d54214adso12751655e9.3 for ; Thu, 10 Jul 2025 23:05:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1752213942; x=1752818742; darn=kvack.org; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject :date:message-id:reply-to; bh=E7DKDfxJvck0LHqqh3ys40NEXmDsPAV+8zsSFbCeAIw=; b=WYu6Fp1UyCAU5B7ZL9vZ9/fha8RPlqyl2KvQEWUFLopUvH5XvrV17dTW3+Qth/QOeA N1t3K4r0sVMKB6V5uNhzS6cgTZhBX8gRJefzB3GyBgDuhfKnCEDFDTzhzKtNuzjJlQUf g1dBQK4e484B4yraaIXJBOkm5HgNLjvSf5Begd7Lb22JoR89ZvTe5P1KhYGfbg0mXUnh 5HsC32cLrICg5aNfNmQu6Tkrnlj2nyGAUbpbhqQesk4TxOZ23aJ4BIaLH90glbs2WvCK pFNsO0BHjB94SaOg630Lm6ccRbpb1vVIoUpK5pgzJ/dwhDiqk8E5Ud/qvU1UYCwlS+zJ uQsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752213942; x=1752818742; h=mime-version:user-agent:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=E7DKDfxJvck0LHqqh3ys40NEXmDsPAV+8zsSFbCeAIw=; b=h02kSM4zJ2yS9QqU5xbjVm5QGtzn5AFBd8mgV1lcXxd6GsmIP3ykVUidH8yKWh06r+ 9QnFr1E4xVdowctHgvnMLvARnu6flS4kj0DkfDdG0d8JY2E+Y6+1zVjR+DK+0HOgO1p1 wIuam89CfMA8Hypq4UJcfXIPS+0xA5mNomk7Kx/qHEP7YoDcvopsDYApB6R4TKOekilu 7Z9VZQB1ILeLg2VgBaSDEDBqR/EEpvbcfE2kJBjB1w3IeY/sYhiJO2bU7uEl+jF5RFE+ S+8iycSXP9XgMlwRtM/Ae91oqqap4t69Hcih40AYNJm893yk74X/DCWUqFn+7C199mk1 Umkw== X-Gm-Message-State: AOJu0YwG7HNTf9vU2imHWfmXW8LuRNFoLzNfyeAlILoHZTu9//IbphUp G9z0XFnsFJNkkwU9bwLjPyPtrVouyUHTEeRNC0uemDBGtdrIPcloT2em X-Gm-Gg: ASbGncv1m4VwcPwVV0Orea6q5NR15xxPgRw6RZN+M+ryxBpJoFyC7WZxhDgmQStlocB bmtnnHdpxpKJZ44GkrFx6X7GAvfSKLO6U4v4a36icCEsvUenMdNnFqTR5VqHbernFm3GYTgD+a6 fonFMv0fxvMfBrtVEGjTqkM4VVgyhKwp2MrnMczvBQ5wv+vDQSa8iBEU9W/YnZxHlm/ZFLY6m6E /2njdnTG2ypAJlcHW9gl6Zzlt/w3hSF5BC3cF/w892kkfhOgzSHRc4sagZ4rGxjkcVI4iJBUHEJ EuZJDzuEEAD4owswKtD50g8eiLfrocBW+O/+678JOexUnch8yp9VKwiZZ2gccqjdoznddFRMxHp shYnbGZ4GVpmLIov2UU8utiCObZ8sFvXuAHhfd5U5F779uPWrE0CuxUpmCOCrCx4ZqHQj4BO4hX 5dqWNj4LRfIqbEbg5R4TSSrrVYqDK8Qlu07ZUSbYcwcgYqAIQT7OmOALu3SL/0103Oayt6kvmfN M12mSlvNDzwR5BebIJnZ/9jncbA+YU= X-Google-Smtp-Source: AGHT+IEPSi1cBie5t7j4xTlaeJrycuFUQH/Q0RNOKDhAy5xhyS385IO1szs2WDv8sTlLuVuy3iohZQ== X-Received: by 2002:a05:6000:42c4:b0:3a3:7ba5:93a5 with SMTP id ffacd0b85a97d-3b5f188e76amr1361043f8f.26.1752213941380; Thu, 10 Jul 2025 23:05:41 -0700 (PDT) Received: from 2a02-8388-e6bb-e300-2ae5-f1e1-5796-cbba.cable.dynamic.v6.surfer.at (2a02-8388-e6bb-e300-2ae5-f1e1-5796-cbba.cable.dynamic.v6.surfer.at. [2a02:8388:e6bb:e300:2ae5:f1e1:5796:cbba]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3b5e8dc21e7sm3597085f8f.36.2025.07.10.23.05.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Jul 2025 23:05:40 -0700 (PDT) Message-ID: <28c8689c7976b4755c0b5c2937326b0a3627ebf6.camel@gmail.com> Subject: Re: [RFC v5 6/7] sprintf: Add [v]sprintf_array() From: Martin Uecker To: Linus Torvalds , Alejandro Colomar Cc: linux-mm@kvack.org, linux-hardening@vger.kernel.org, Kees Cook , Christopher Bazley , shadow <~hallyn/shadow@lists.sr.ht>, linux-kernel@vger.kernel.org, Andrew Morton , kasan-dev@googlegroups.com, Dmitry Vyukov , Alexander Potapenko , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo , Andrew Clayton , Rasmus Villemoes , Michal Hocko , Al Viro , Sam James , Andrew Pinski Date: Fri, 11 Jul 2025 08:05:38 +0200 In-Reply-To: References: <04c1e026a67f1609167e834471d0f2fe977d9cb0.1752182685.git.alx@kernel.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4-2 MIME-Version: 1.0 X-Rspamd-Server: rspam04 X-Rspamd-Queue-Id: 2F51C40003 X-Stat-Signature: fsbcqoth4wx6aqegadkp86h4un3ohete X-Rspam-User: X-HE-Tag: 1752213943-270597 X-HE-Meta: U2FsdGVkX19aSZKz5L6kLXv4FmO8q7/Z3s2mwVffJpuyjig3zsLRI5UHMbAT9p5hvklYsCkvq4wZcvjtXXZB734pZ8NvtiyIxXE4hto4+czHANu7D2Dw3xlVP/nHvqOeFCVx6pFbAD/dre/7hha7bZpNzZY4u2rkFrwFTWGnYPB0eW6wEcExPgLZt5FuTArtKuOF//VUSaRr9v4okAiEQdrHjL7rBDylcxtaFLBaVlRrnKcS0i2TJoXr3q75J0pezYzskrLMlPV2keJAYEjyzPEuRRwRlQybD5UqTxMwpUEXORyq6YXy3ATZfYo0rhs+3Hk2KHgFc9FRqBxXsgKKb3b77EYdgSbRDPxYvy4A/niS7DqkEdudpPAwT3fJtqJmTV6AeCtYqK+rsz/df0Vpidd0Wv/+04smT82Cu7DWnFZWBJEcuSinKa5KtWG0HR30hyvQd/9TEjiwL9mlFHlD6QjjmkIeo8I1AE7pZYWRHYnwfLCVIJ8uWIA1DziMXdAig/2nps6QuOTEz4s+W6c/AG96kVgqUlzt1FBJEyQpfKyxyFk2uEW9a9CvsnL4U+iSAdetT/PMA6wx3EtXRtz7/IjkgYsSpaNvZU90weDmq7ymOCXnApONE/TQKq+LGm8/1zkqqXwGxn/8TVsZUjM7+GrcCpCnd2eUinIlfCQuya35JiGQyE39XvgnlCXXhYPH9b/7ERywXTchrHJl4gUwhUIn0ql/4ft4N+Ej3vhpoJIGs4pIpcWouSRrXSA9aXELve7I5WkDv62dakPLlcMkCsuKK5KN7kk6KnR68nLDle/gdPFcY0Zo1zmyyIL/GQgw7byANdNcju94IvfroWh1H9FGw1OYvIMXUZ0k0arVwyl77HeQuRxMxCU0gxeYLE+/6I09orAU0PnYm6+zm8Pv9PN2UqgB7sbIQPb91Go3JYhMhfxzaCV5uzGuobIt8KBsU2+7DubOyA45kDn2Doe vmA+MdDH 7E6/Uj9i4C12nlpdA/1u/KbukK20735kcphQS7U9sop0IMPjLh5DbrfAkRVNwykuqF+WsrKqQENH1T1Yt0vIAPEiwwWU9AuzyqTULjNK+Zjek6KRSzcVO9sqbWBoJG43a2K3gqnSsbibOF9fwppLROxjyALaU53AhMNlr0i1PEf0msiLdDOcwkPKZrzMoTt/z3jCe5G+Ephbix9Ge20cWPMn5SvLzp6HpE1f4spyRsy70kLcGN4mUSEwhca2yIIGigxPYnw5qn4Ftbru8sNo4vxhFkHp/Uoc3OtV3Kajidd292OWoG1D/IlOu2MDF1Zmg1QW/Jgi3Nl0RDBRKXTNxDDTyoZ5aXVECbRAmrIRxLqMDzNHtczy6PrgeozFL5QwS2zbH43NdRv5N65gf+gkkqwqSLmCBD2sbc+mYn2+l/gyfslJhLyqHmVsWxq5++L+TLc0i6QMs/moWRa8vvaM35rtbSzWOEbquziYOFGglDTYR9dEZjnDsA7p3rjZvVYMYp05IPz+q1hzQTm56Er1zUOjFmIr1EbBaxowsNT+mqV2Dz1rGF3Z1iZdIcZqNqtkucgVcme1W1DQLps4SgPL9zZF1Dc1anFBK722ayh626na+P1uW2EAHZC3bYchbRz7FY6SIStzdXO/tJJc2yVc7tHfYf1vw4xV1+TOS7goF+EDABm0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Am Donnerstag, dem 10.07.2025 um 14:58 -0700 schrieb Linus Torvalds: > On Thu, 10 Jul 2025 at 14:31, Alejandro Colomar wrote: > >=20 > > These macros are essentially the same as the 2-argument version of > > strscpy(), but with a formatted string, and returning a pointer to the > > terminating '\0' (or NULL, on error). >=20 > No. >=20 > Stop this garbage. >=20 > You took my suggestion, and then you messed it up. >=20 > Your version of sprintf_array() is broken. It evaluates 'a' twice. > Because unlike ARRAY_SIZE(), your broken ENDOF() macro evaluates the > argument. >=20 > And you did it for no reason I can see. You said that you wanted to > return the end of the resulting string, but the fact is, not a single > user seems to care, and honestly, I think it would be wrong to care. > The size of the result is likely the more useful thing, or you could > even make these 'void' or something. >=20 > But instead you made the macro be dangerous to use. >=20 > This kind of churn is WRONG. It _looks_ like a cleanup that doesn't > change anything, but then it has subtle bugs that will come and bite > us later because you did things wrong. >=20 > I'm NAK'ing all of this. This is BAD. Cleanup patches had better be > fundamentally correct, not introduce broken "helpers" that will make > for really subtle bugs. >=20 > Maybe nobody ever ends up having that first argument with a side > effect. MAYBE. It's still very very wrong. >=20 > Linus What I am puzzled about is that - if you revise your string APIs -, you do not directly go for a safe abstraction that combines length and pointer and instead keep using these fragile 80s-style string functions and open-coded pointer and size computations that everybody gets wrong all the time. String handling could also look like this: https://godbolt.org/z/dqGz9b4sM and be completely bounds safe. (Note that those function abort() on allocation failure, but this is an unfinished demo and also not for kernel use. Also I need to rewrite this using string views.) Martin