From: KOSAKI Motohiro <kosaki.motohiro@gmail.com>
To: David Rientjes <rientjes@google.com>
Cc: Chen Gang <gang.chen@asianux.com>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
riel@redhat.com, hughd@google.com, xemul@parallels.com,
Wanpeng Li <liwanp@linux.vnet.ibm.com>,
Cyrill Gorcunov <gorcunov@gmail.com>,
linux-mm@kvack.org, Andrew Morton <akpm@linux-foundation.org>,
kosaki.motohiro@gmail.com
Subject: Re: [PATCH v2] mm/shmem.c: check the return value of mpol_to_str()
Date: Wed, 11 Sep 2013 22:19:35 -0400 [thread overview]
Message-ID: <523124B7.8070408@gmail.com> (raw)
In-Reply-To: <alpine.DEB.2.02.1309111725290.22242@chino.kir.corp.google.com>
(9/11/13 8:33 PM), David Rientjes wrote:
> On Tue, 10 Sep 2013, Chen Gang wrote:
>
>>> Why? It can just store the string into the buffer pointed to by the
>>> char *buffer and terminate it appropriately while taking care that it
>>> doesn't exceed maxlen. Why does the caller need to know the number of
>>> bytes written? If it really does, you could just do strlen(buffer).
>>>
>>> If there's a real reason for it, then that's fine, I just think it can be
>>> made to always succeed and never return < 0. (And why is nobody checking
>>> the return value today if it's so necessary?)
>>>
>>
>> For common printing functions: sprintf(), snprintf(), scnprintf().
>>
>> For some of specific printing functions: drivers/usb/host/uhci-debug.c.
>>
>> at least they can let caller easy use.
>>
>
> Nobody needs mpol_to_str() to return the number of characters written,
> period. It's one of the most trivial functions you're going to see in the
> mempolicy code, it takes a pointer to a buffer and it stores characters to
> it for display. Nobody is going to use it for anything else. Let's not
> overcomplicate this trivial function.
>
>>> Nobody is using mpol_to_str() to determine if a mempolicy mode is valid :)
>>> If the struct mempolicy really has a bad mode, then just store "unknown"
>>> or store a 0. If maxlen is insufficient for the longest possible string
>>> stored by mpol_to_str(), then it should be a compile-time error.
>>>
>>>
>>
>> Hmm... what you said sounds reasonable if mpol_to_str() is a normal
>> static funciton (only used within a file).
>>
>> For extern function, callee (inside) can not assume anything of caller
>> (outside) beyond the interface. So if failure occurs, better to report
>> to caller only, and let caller to check what to do next.
>>
>
> Are you just preaching about the best practices of software engineering?
> mpol_to_str() should never fail at runtime, plain and simple. If somebody
> introduces a new mode and doesn't update it to print correctly, let's not
> fail the read(). Let's just print "unknown". And if someone passes too
> small of a buffer, break it at compile time so it gets noticed and fixed.
>
> I guarantee you that any kernel developer who writes code to call
> mpol_to_str() will be happy it never fails at runtime. Really.
Agreed. Even though we don't change mpol_to_str() interface, please just
add BUG_ON into shmem_show_mpol(). It is much simpler than current proposal.
At least, currently mpol_to_str() already have following assertion. I mean,
the code assume every developer know maximum length of mempolicy. I have no
seen any reason to bring addional complication to shmem area.
/*
* Sanity check: room for longest mode, flag and some nodes
*/
VM_BUG_ON(maxlen < strlen("interleave") + strlen("relative") + 16);
Thanks.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2013-09-12 2:19 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-20 3:56 [PATCH 0/3] mm: mempolicy: the failure processing about mpol_to_str() Chen Gang
2013-08-20 3:57 ` [PATCH 1/3] mm/mempolicy.c: still fill buffer as full as possible when buffer space is not enough in mpol_to_str() Chen Gang
2013-08-20 3:58 ` [PATCH 2/3] fs/proc/task_mmu.c: check the return value of mpol_to_str() Chen Gang
2013-08-20 3:59 ` [PATCH 3/3] mm/shmem.c: " Chen Gang
2013-08-20 5:30 ` [PATCH 0/3] mm: mempolicy: the failure processing about mpol_to_str() Cyrill Gorcunov
2013-08-20 5:41 ` Chen Gang
2013-08-20 6:47 ` Cyrill Gorcunov
2013-08-20 7:48 ` Chen Gang
2013-08-20 7:51 ` Chen Gang
2013-08-20 8:09 ` Chen Gang
2013-08-20 8:13 ` Chen Gang F T
2013-08-20 8:20 ` Chen Gang
2013-08-20 8:25 ` Cyrill Gorcunov
2013-08-20 8:31 ` Chen Gang
2013-08-21 2:21 ` [PATCH 0/3] mm: shmem: check the return value of mpol_to_str() Chen Gang
2013-08-21 2:22 ` [PATCH 1/3] fs/proc/task_mmu.c: " Chen Gang
2013-08-21 2:23 ` [PATCH 2/3] mm/shmem.c: let shmem_show_mpol() return value Chen Gang
2013-08-21 2:24 ` [PATCH 3/3] mm/shmem.c: check the return value of mpol_to_str() Chen Gang
2013-08-21 22:03 ` [PATCH 2/3] mm/shmem.c: let shmem_show_mpol() return value Andrew Morton
2013-08-22 0:52 ` Chen Gang
2013-08-22 1:04 ` [PATCH] mm/shmem.c: check the return value of mpol_to_str() Chen Gang
2013-09-03 5:32 ` Chen Gang
2013-09-05 0:24 ` [PATCH v2] " Chen Gang
2013-09-09 20:30 ` David Rientjes
2013-09-10 0:47 ` Chen Gang
2013-09-10 6:43 ` David Rientjes
2013-09-10 7:01 ` Chen Gang
2013-09-12 0:33 ` David Rientjes
2013-09-12 2:19 ` KOSAKI Motohiro [this message]
2013-09-12 3:13 ` Chen Gang
2013-09-13 21:12 ` David Rientjes
2013-09-14 2:51 ` KOSAKI Motohiro
2013-09-16 3:27 ` Chen Gang
2013-09-16 20:13 ` David Rientjes
2013-09-17 0:45 ` Chen Gang
2013-09-17 22:51 ` David Rientjes
2013-09-18 1:20 ` Chen Gang
2013-09-12 3:02 ` Chen Gang
2013-09-12 18:19 ` KOSAKI Motohiro
2013-09-13 2:23 ` Chen Gang
2013-09-13 16:50 ` KOSAKI Motohiro
2013-09-16 2:55 ` Chen Gang
2013-09-16 16:16 ` KOSAKI Motohiro
2013-09-17 1:10 ` Chen Gang
2013-09-17 22:53 ` David Rientjes
2013-09-18 1:37 ` Chen Gang
2013-09-18 22:17 ` David Rientjes
2013-09-13 21:14 ` David Rientjes
2013-09-16 3:17 ` Chen Gang
2013-09-25 2:58 ` [patch] mm, mempolicy: make mpol_to_str robust and always succeed David Rientjes
2013-09-25 3:11 ` Dave Jones
2013-09-25 3:18 ` David Rientjes
2013-09-25 3:25 ` Dave Jones
2013-09-25 17:58 ` David Rientjes
2013-09-25 21:30 ` Andrew Morton
2013-09-25 22:06 ` David Rientjes
2013-08-21 5:31 ` [PATCH 0/3] mm: shmem: check the return value of mpol_to_str() Cyrill Gorcunov
2013-08-21 5:48 ` Chen Gang
-- strict thread matches above, loose matches on Subject: below --
2013-09-19 0:31 [PATCH v2] mm/shmem.c: " Chen,Gang( 陈刚)
[not found] <20130919003142.B72EC1840296@intranet.asianux.com>
2013-09-23 21:46 ` David Rientjes
2013-09-24 2:28 ` Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=523124B7.8070408@gmail.com \
--to=kosaki.motohiro@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=gang.chen@asianux.com \
--cc=gorcunov@gmail.com \
--cc=hughd@google.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-mm@kvack.org \
--cc=liwanp@linux.vnet.ibm.com \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).