From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 04F6EC83F1A
	for <linux-mm@archiver.kernel.org>; Thu, 10 Jul 2025 21:30:56 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 8227A6B009E; Thu, 10 Jul 2025 17:30:56 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 7F3556B009F; Thu, 10 Jul 2025 17:30:56 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 730946B00A0; Thu, 10 Jul 2025 17:30:56 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 62E236B009E
	for <linux-mm@kvack.org>; Thu, 10 Jul 2025 17:30:56 -0400 (EDT)
Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 37C8312943F
	for <linux-mm@kvack.org>; Thu, 10 Jul 2025 21:30:54 +0000 (UTC)
X-FDA: 83649650028.28.0F3389B
Received: from sea.source.kernel.org (sea.source.kernel.org [172.234.252.31])
	by imf25.hostedemail.com (Postfix) with ESMTP id 4F5B2A000B
	for <linux-mm@kvack.org>; Thu, 10 Jul 2025 21:30:52 +0000 (UTC)
Authentication-Results: imf25.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b="dPANN/xW";
	dmarc=pass (policy=quarantine) header.from=kernel.org;
	spf=pass (imf25.hostedemail.com: domain of alx@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=alx@kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1752183052;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=0sUPaBsrRtVECUWOJKm+GE3R6Wlp2E4kocwkF3cjpXM=;
	b=VWIJU3umVZLmCtjhLyp4bNJEbVHy/Qr1uTPEAyw0/hxNT97cIaNU5NKfOItK5RIS3TgkPA
	AEKKjZsm3bDRefPh/wGePbTw6cEEjhLGvScOTU6+KeMMLWXDJ0Jx1s7W13FhUeztm2bg5M
	EYY8l1vyKJwFi2VSI+VByGvC5mqqaPU=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752183052; a=rsa-sha256;
	cv=none;
	b=YZghPh70Lkin6bEK3WrcHHvEXpnxJvQ8aoeTrANZiajlQ+47SJnKMWyJ+D0SKWCqanSQxf
	sWYBW6f35Jr3R22KwpgBvXOGTl4uxkuvJa7P9vtnUoRL/jqn9ZMS/NohZswwetjyaI0zeS
	EvodvDwUKWvd0aDh0/nKsi6ErfO/jho=
ARC-Authentication-Results: i=1;
	imf25.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b="dPANN/xW";
	dmarc=pass (policy=quarantine) header.from=kernel.org;
	spf=pass (imf25.hostedemail.com: domain of alx@kernel.org designates 172.234.252.31 as permitted sender) smtp.mailfrom=alx@kernel.org
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by sea.source.kernel.org (Postfix) with ESMTP id C97C845C98;
	Thu, 10 Jul 2025 21:30:50 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 15833C4CEF6;
	Thu, 10 Jul 2025 21:30:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1752183050;
	bh=uP1Rd77wxX/Fb6ettFx80wxbqPad+vTShdCzOI/MZqw=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=dPANN/xWTuc7WxMQpqAFV5aOwLOMsb9ly9HOJg/d++a2uWkTjZd8DFsnoNHyR7jaV
	 xc1CTlLvbE39tKkSHt4VCDF/zIoB9Lw06DiuwmvUccwxHy9Tz1cLQjWs2+V7vkk0f3
	 bq9oHpeCxXe4rvE0OLmXv9tKj0GP4FsyzX/x5Mo4N3Q+BAYBE2/4VuqWy8Zf4wVa07
	 P9+4ARBo7oLlkg+gQvgTmbv647YpBI27qIZK0pGWG5vi3LoTXAALvdHKvqGM+KVLPP
	 FStK2OkSj0oze/P+HEIoMR8fJJWXge9EMVNNrIdF4q6bKcGXyckJX/0oX3LJuu7vLE
	 /pi8htZLnV3jQ==
Date: Thu, 10 Jul 2025 23:30:44 +0200
From: Alejandro Colomar <alx@kernel.org>
To: linux-mm@kvack.org, linux-hardening@vger.kernel.org
Cc: Alejandro Colomar <alx@kernel.org>, Kees Cook <kees@kernel.org>, 
	Christopher Bazley <chris.bazley.wg14@gmail.com>, shadow <~hallyn/shadow@lists.sr.ht>, 
	linux-kernel@vger.kernel.org, Andrew Morton <akpm@linux-foundation.org>, 
	kasan-dev@googlegroups.com, Dmitry Vyukov <dvyukov@google.com>, 
	Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com>, Christoph Lameter <cl@linux.com>, 
	David Rientjes <rientjes@google.com>, Vlastimil Babka <vbabka@suse.cz>, 
	Roman Gushchin <roman.gushchin@linux.dev>, Harry Yoo <harry.yoo@oracle.com>, 
	Andrew Clayton <andrew@digital-domain.net>, Rasmus Villemoes <linux@rasmusvillemoes.dk>, 
	Michal Hocko <mhocko@suse.com>, Linus Torvalds <torvalds@linux-foundation.org>, 
	Al Viro <viro@zeniv.linux.org.uk>, Martin Uecker <uecker@tugraz.at>, Sam James <sam@gentoo.org>, 
	Andrew Pinski <pinskia@gmail.com>
Subject: [RFC v5 1/7] vsprintf: Add [v]sprintf_end()
Message-ID: <2c4f793de0b849259088c1f52db44ace5a4e6f66.1752182685.git.alx@kernel.org>
X-Mailer: git-send-email 2.50.0
References: <cover.1751823326.git.alx@kernel.org>
 <cover.1752182685.git.alx@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <cover.1752182685.git.alx@kernel.org>
X-Rspam-User: 
X-Rspamd-Queue-Id: 4F5B2A000B
X-Rspamd-Server: rspam03
X-Stat-Signature: exdh8nmg3nw7y5szdsr1u393becphijg
X-HE-Tag: 1752183052-557524
X-HE-Meta: U2FsdGVkX1+ilHGWKvMFHpC1ZAWL+zCC7aboCXiclLp7jIacJxQphKYaS9cUcnrc8FNFhxElC47tWivWO6gkIqW2WRyLMxFlbsYccWKdVtP2N/JisgLTC244XyOR/pMu4pEfiecmSpXDCCqNEpxU/p2/0D5ifMRXU7fjjeEXG02TcnoF0kQPYiKukcu0n0r5th5zta5Lpw2u1hUimjf2Zf8mlrfGJinZ1StBBxO3foMabL2DHeurBXamL2QvZFHB0v539oZ5TJCwWQyUyHXd1ZxN5bffiW6A3u7aJbTXQFhFfOpZB584h2Wp1ikzIgFwuvqeHF+IL6wlU1jEil7KskEAtH8NGJJmQnye5dK9PptKy6Bk5rbs83UDCaKmTIVLXMIkRNlWeo3PpH+9WlhRwvlwGDbQzQ2CNtWmCJlSQ2SAVzvzGJAqhrKesHR0TNffUtsT2gJmljN0hDek7ipJh9KZj1lye/YDUlFaJdBhuYf8mofo/i13dVrTpdIwSyL58JbkqGlOGMOVlrnki0Mic4MGwHtfwzuXTid/5fWOB6J/7qm5rZtw+7YFEINCwMcOEqPPwHHFE+fEEwkhTXfbHZEoWuL+21H0f+W0oM+t6ihfAm5Y6v/XfQL3bMNnqY0UuUE/RjauhbicObqO0NhjMMeGtDJadZX+D83wPVUmXI4TMYO8Mn047iRNKqN3XNQOy4Rqbqirts5708EtV/65kulfVuAxhwuCKwUnqkp2sFh1EDgdeJxbhYe1+W9ANqzoRFdQ31cKSF31zMDMCCmUCzqjVIwGbyrq66F/i1XdCoqxedPGI3DQhZtB+M+M9/wBkJNEvwUtaH3aFzDLadCtXGl15Hpxx3FUS7qC9RMqzsEuki2woY3KdmyOsNLPny6iw6xFooi81+UEib965Vqs16k/1Zn/kvu1mVfpsPtxg1o67J/VE3xd+6FmyISSEBDkZ74N6mP1NKcYj7DQ7Ti
 uC3U6LEE
 sE7Zp6watnQNHA102juaIAvEhgDLbl/LZkul1W3hKQMW0S7JlmGkzu1sIvbVP1MOadToWl2O+zF9g9f1Bew18OAhjAokP7kZVa5/LvNEkzeMseq57MIQS/l4fKp9vZw/3pndYd8agnQhq/2MtEPDWvcdjGKWuumRT6kEoT79q7aJCGJIkkaH2Vb2UdpSVspCWa08xYXS2VfQ4h4dB6Bpcgx8S/6Z2skUBJ6ukmjYstGGFDL9eUieyeeOxEv3MVS1g1IeoralCmqrOuTKu/SM3dvLT0NvYCrDJw7CGKcn1ehLUtqs6aptnFgG3LsciWrOVoVIAV2xJuRd5pEm4mIkUolvb2JZ8O/ODtJ9zXLkP0bd/cYUN9IcJVigCviesa/N6dcb27nmiopqX2T4qRiuiW4EFqpWVLh8QdKTtz/4ppx3OJCzE3faYX9z4ggmi+0O+I18upq8iBhk31Xx6za2EUQecFdVT5cedGhMT9iPkFxMJKmfvVv2WCbZdoQtDjgTIcfQ99A1ljduiNBX7GoU921/IjMBE+XkKoADy5bkw3ymRkH3sgPDM1nZUoDBMtsEs/0JlV3pf8IBAyyFksh552czzm1G9LOPPkXR/RktDg7uyHwvPXIje9DDYwLKWOrzb3TLgT64GBjv/vmg=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

sprintf_end() is a function similar to stpcpy(3) in the sense that it
returns a pointer that is suitable for chaining to other copy
operations.

It takes a pointer to the end of the buffer as a sentinel for when to
truncate, which unlike a size, doesn't need to be updated after every
call.  This makes it much more ergonomic, avoiding manually calculating
the size after each copy, which is error prone.

It also makes error handling much easier, by reporting truncation with
a null pointer, which is accepted and transparently passed down by
subsequent sprintf_end() calls.  This results in only needing to report
errors once after a chain of sprintf_end() calls, unlike snprintf(3),
which requires checking after every call.

	p = buf;
	e = buf + countof(buf);
	p = sprintf_end(p, e, foo);
	p = sprintf_end(p, e, bar);
	if (p == NULL)
		goto trunc;

vs

	len = 0;
	size = countof(buf);
	len += snprintf(buf + len, size - len, foo);
	if (len >= size)
		goto trunc;

	len += snprintf(buf + len, size - len, bar);
	if (len >= size)
		goto trunc;

And also better than scnprintf() calls:

	len = 0;
	size = countof(buf);
	len += scnprintf(buf + len, size - len, foo);
	len += scnprintf(buf + len, size - len, bar);
	// No ability to check.

It seems aparent that it's a more elegant approach to string catenation.

These functions will soon be proposed for standardization as
[v]seprintf() into C2y, and they exist in Plan9 as seprint(2) --but the
Plan9 implementation has important bugs--.

Link: <https://www.alejandro-colomar.es/src/alx/alx/wg14/alx-0049.git/tree/alx-0049.txt>
Cc: Kees Cook <kees@kernel.org>
Cc: Christopher Bazley <chris.bazley.wg14@gmail.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Marco Elver <elver@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
 include/linux/sprintf.h |  2 ++
 lib/vsprintf.c          | 59 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+)

diff --git a/include/linux/sprintf.h b/include/linux/sprintf.h
index 51cab2def9ec..a0dc35574521 100644
--- a/include/linux/sprintf.h
+++ b/include/linux/sprintf.h
@@ -13,6 +13,8 @@ __printf(3, 4) int snprintf(char *buf, size_t size, const char *fmt, ...);
 __printf(3, 0) int vsnprintf(char *buf, size_t size, const char *fmt, va_list args);
 __printf(3, 4) int scnprintf(char *buf, size_t size, const char *fmt, ...);
 __printf(3, 0) int vscnprintf(char *buf, size_t size, const char *fmt, va_list args);
+__printf(3, 4) char *sprintf_end(char *p, const char end[0], const char *fmt, ...);
+__printf(3, 0) char *vsprintf_end(char *p, const char end[0], const char *fmt, va_list args);
 __printf(2, 3) __malloc char *kasprintf(gfp_t gfp, const char *fmt, ...);
 __printf(2, 0) __malloc char *kvasprintf(gfp_t gfp, const char *fmt, va_list args);
 __printf(2, 0) const char *kvasprintf_const(gfp_t gfp, const char *fmt, va_list args);
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index 01699852f30c..d32df53a713a 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -2923,6 +2923,40 @@ int vscnprintf(char *buf, size_t size, const char *fmt, va_list args)
 }
 EXPORT_SYMBOL(vscnprintf);
 
+/**
+ * vsprintf_end - va_list string end-delimited print formatted
+ * @p: The buffer to place the result into
+ * @end: A pointer to one past the last character in the buffer
+ * @fmt: The format string to use
+ * @args: Arguments for the format string
+ *
+ * The return value is a pointer to the trailing '\0'.
+ * If @p is NULL, the function returns NULL.
+ * If the string is truncated, the function returns NULL.
+ * If @end <= @p, the function returns NULL.
+ *
+ * See the vsnprintf() documentation for format string extensions over C99.
+ */
+char *vsprintf_end(char *p, const char end[0], const char *fmt, va_list args)
+{
+	int len;
+	size_t size;
+
+	if (unlikely(p == NULL))
+		return NULL;
+
+	size = end - p;
+	if (WARN_ON_ONCE(size == 0 || size > INT_MAX))
+		return NULL;
+
+	len = vsnprintf(p, size, fmt, args);
+	if (unlikely(len >= size))
+		return NULL;
+
+	return p + len;
+}
+EXPORT_SYMBOL(vsprintf_end);
+
 /**
  * snprintf - Format a string and place it in a buffer
  * @buf: The buffer to place the result into
@@ -2974,6 +3008,31 @@ int scnprintf(char *buf, size_t size, const char *fmt, ...)
 }
 EXPORT_SYMBOL(scnprintf);
 
+/**
+ * sprintf_end - string end-delimited print formatted
+ * @p: The buffer to place the result into
+ * @end: A pointer to one past the last character in the buffer
+ * @fmt: The format string to use
+ * @...: Arguments for the format string
+ *
+ * The return value is a pointer to the trailing '\0'.
+ * If @buf is NULL, the function returns NULL.
+ * If the string is truncated, the function returns NULL.
+ * If @end <= @p, the function returns NULL.
+ */
+
+char *sprintf_end(char *p, const char end[0], const char *fmt, ...)
+{
+	va_list args;
+
+	va_start(args, fmt);
+	p = vsprintf_end(p, end, fmt, args);
+	va_end(args);
+
+	return p;
+}
+EXPORT_SYMBOL(sprintf_end);
+
 /**
  * vsprintf - Format a string and place it in a buffer
  * @buf: The buffer to place the result into
-- 
2.50.0