From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id F3D28C83F0A
	for <linux-mm@archiver.kernel.org>; Tue,  8 Jul 2025 11:37:07 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 654C16B031E; Tue,  8 Jul 2025 07:37:07 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 62C156B031F; Tue,  8 Jul 2025 07:37:07 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 568EE6B0320; Tue,  8 Jul 2025 07:37:07 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 418DF6B031E
	for <linux-mm@kvack.org>; Tue,  8 Jul 2025 07:37:07 -0400 (EDT)
Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id A6222128E92
	for <linux-mm@kvack.org>; Tue,  8 Jul 2025 11:37:06 +0000 (UTC)
X-FDA: 83640896052.08.4F008C3
Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91])
	by imf14.hostedemail.com (Postfix) with ESMTP id F408E100008
	for <linux-mm@kvack.org>; Tue,  8 Jul 2025 11:37:04 +0000 (UTC)
Authentication-Results: imf14.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=Kqh+LDrT;
	spf=pass (imf14.hostedemail.com: domain of alx@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=alx@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1751974625;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=knexG6brHCg3eooqX8hX2Ylbvf2JPs1FcC/C1VzNkJQ=;
	b=UoVMSvCF/ktnTl0iJt2TIUErXhSwg+gqPpPUfIjkpD28rUhkf0dLLbYiFsX5FEhL9XuQqX
	SqGKjygPJr8w/EVGyOpLw/anjgaqnfce3QDA2sV0/oTYdXSxqnqwGXXbDj+zIi9vQRVF+j
	auiKlowqfxat7BNnAmCl4q6MWTVdmbM=
ARC-Authentication-Results: i=1;
	imf14.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=Kqh+LDrT;
	spf=pass (imf14.hostedemail.com: domain of alx@kernel.org designates 147.75.193.91 as permitted sender) smtp.mailfrom=alx@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751974625; a=rsa-sha256;
	cv=none;
	b=Rl61jlZ3ld4dcHGWVj6I0/eKCGxsQJi1Jhvm04wzpCvp+ZP4FarPIX09WkGyr9ey4E9p7a
	juEzfmdVjl7vFpfltTogn4hA3Vf9puqfghpGkmAdGO1Kn/JSzeaFxvBOtsRuv1fhmRemvv
	AxPfB+dJ5PdtBO6U5fb46RYS9j+q2/k=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by nyc.source.kernel.org (Postfix) with ESMTP id 30A4AA532E5;
	Tue,  8 Jul 2025 11:37:04 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D0B9C4CEED;
	Tue,  8 Jul 2025 11:37:00 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1751974623;
	bh=n3haqzgSRmOkXk1/RvygLKwBN0/aRPw/ajN4WwagC/o=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=Kqh+LDrTX8vmlPiu0dSU4XVCSG1H/+BAR2RDhcuxNjula+E1Q6xw+lWctd/p6lzc1
	 wgqrDtDdTcqo/+2YJBYvkMuWTz0SCn45uDc8IoJ2k4xcURavwOll26jakawnXPzvmM
	 rL35mfNF+dXGu77oy9hM3bLm6hRfgM27df8iSvZaV5ElY9JQcig0XMtRpECPJuLStR
	 bikZJDUgfm7n1wDKa7xEYVb8rBNKDvmQhftW53Yik42QVlEpQ9dPe0sFmU4Owoptjh
	 N/Z3Yj3DHdlg/cjhx4RSodl2d8qtzMhQbh86MzCDagxAvjd8+4TlP2vlIGqdEEoL+I
	 wbzA32gJOeUNA==
Date: Tue, 8 Jul 2025 13:36:57 +0200
From: Alejandro Colomar <alx@kernel.org>
To: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: linux-mm@kvack.org, linux-hardening@vger.kernel.org, 
	Kees Cook <kees@kernel.org>, Christopher Bazley <chris.bazley.wg14@gmail.com>, 
	shadow <~hallyn/shadow@lists.sr.ht>, linux-kernel@vger.kernel.org, 
	Andrew Morton <akpm@linux-foundation.org>, kasan-dev@googlegroups.com, Dmitry Vyukov <dvyukov@google.com>, 
	Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com>, Christoph Lameter <cl@linux.com>, 
	David Rientjes <rientjes@google.com>, Vlastimil Babka <vbabka@suse.cz>, 
	Roman Gushchin <roman.gushchin@linux.dev>, Harry Yoo <harry.yoo@oracle.com>
Subject: Re: [RFC v1 0/3] Add and use seprintf() instead of less ergonomic
 APIs
Message-ID: <ez7yty6w7pe5pfzd64mhr3yfitvcurzsivjibeabnkg457xu7x@tkompzcytwcj>
References: <cover.1751747518.git.alx@kernel.org>
 <87a55fw5aq.fsf@prevas.dk>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="yu7ixni4xjxoijgm"
Content-Disposition: inline
In-Reply-To: <87a55fw5aq.fsf@prevas.dk>
X-Stat-Signature: rnuiexgua7ardzer5w4p5rkcsp81if8a
X-Rspam-User: 
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: F408E100008
X-HE-Tag: 1751974624-172546
X-HE-Meta: U2FsdGVkX19n8KFwhE+rfU9wkf+UJwgEwaGZFSLTYRw+/iszWifMzH3Blb9wYMaiGw/K6y8JDiUOrHqZeyQ7TrjS0layBHauX1JNccGNX6iuRuWHVfSGiAWi41DAlUUC9I6T7cEqeVuomIDYzbe7FOTrpghGyeO/bCaKkO4oDbhW7fhmEVC179ozNnlkCBYjPzF8tamg3KWNv/S7QfT1Ss0yAGA5UD9X6XPW2vzNS3pBFwil1m1lWRbW8bwRwFA94eJUWftoa5EmRm5rXOY1h97j9ixIlj+Xr1iUrTRIr/SdaOf4Z3pCZryYBiLtSYXgWvq32kYDSnPfzUCE1Dn38hqjmcO1RJRkdIj7VelTfQfGhQCEyIN1F03y/OvlWcYCm9HoBC19TBoVGlFQKYLDnl3OifxY/5yiEQQIqsQ2ZZHv2l16o3xpzRmZ+TK8dt4u9nCmThhobKaodWjffMwXtUayOmUplG36+pqQA5St2shLs9ALV+z74E9nWq7QiwbFDxVa6pGhwl+KjIweKcJOvfBN86aBl1TmOJM4CvfePDKM3kzXaynxfINVslTEItidoyJQBEAn7XCcwejnejc+trXmRrTVdNJ0qQuCcGDcNdE9dX4HG0c8ugc7ZEXNAQq0PvnYrJV78LZhY7BVVVCvjKZvrX9YisJEstBlGb258ZVMadEd8eKEQDKX/kwh5EDUffma+xSbpN1g+kPOO/oMB+WoiJBesiq5irdBI6qQviXtw9l7qmRfTcwQIXkr8XSWDxcyexK86TdBXdDL7tV0tKgWgc2yyktjdgtLJ/pIAoQW9swXnjPjVaORFzuC+doXBMnkrEUm4M+AylDnsFsB9OYmoBMcGSz3CJ8u/zhjDQ9bpFZGJo4sBVOPuX5RQ0rtbu4aZdeA892sBbGxa9+PBWopyIOHIgPPGOeAAZ2lJVB9d0dD97IB23aa7zWgTzM0PhVTqULolXo1ENNsBow
 juY8H46r
 Mk1cN8VhMlbwrJLgxSYuwIACn3eDb23qjWukXcvcI/xDFVR8puLX8/uPpErWQUdIyOHEGR8NuB6bbUtoroA1QbFeLzy4zgRjmWSTd53uv49uqUjOpFjbyF70u7HSI7JcvcV0uL4m8NV8GUKeoTHtLMQnkfyQ0+18lt38oJEESQ+3CcuFI7DhK4eFZLOroM4MoOcO0u+rku3W0yIir28p9mQV7yqVS2N15sBOGW+HF7D86fNOzrDZ0G8gqHacuCqs7n9wbyXgjunuia04E0TlDdmGgQi9qUVBzpk4lEab5q7IvWVOWG5a8urj1Znf7cECLNDasWkbGsJxT5YozBIGW7S8SqyiEclAS+woA+Xk05w/CUOoVIUJ8KHki7y0QNpXudj/KCP8ZSCLS3tuo+uRzOEvbuf7viyLz7BD44WYu3xUOrCagwMMHuK97vjizszYFL/kup3aVTzqRr1PTQmNShtNl/DScsUPJ7qMPBTw2OeV8lYlB2OgPNo/AmcWkDSt3pPjl
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>


--yu7ixni4xjxoijgm
Content-Type: text/plain; protected-headers=v1; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
From: Alejandro Colomar <alx@kernel.org>
To: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: linux-mm@kvack.org, linux-hardening@vger.kernel.org, 
	Kees Cook <kees@kernel.org>, Christopher Bazley <chris.bazley.wg14@gmail.com>, 
	shadow <~hallyn/shadow@lists.sr.ht>, linux-kernel@vger.kernel.org, 
	Andrew Morton <akpm@linux-foundation.org>, kasan-dev@googlegroups.com, Dmitry Vyukov <dvyukov@google.com>, 
	Alexander Potapenko <glider@google.com>, Marco Elver <elver@google.com>, Christoph Lameter <cl@linux.com>, 
	David Rientjes <rientjes@google.com>, Vlastimil Babka <vbabka@suse.cz>, 
	Roman Gushchin <roman.gushchin@linux.dev>, Harry Yoo <harry.yoo@oracle.com>
Subject: Re: [RFC v1 0/3] Add and use seprintf() instead of less ergonomic
 APIs
References: <cover.1751747518.git.alx@kernel.org>
 <87a55fw5aq.fsf@prevas.dk>
MIME-Version: 1.0
In-Reply-To: <87a55fw5aq.fsf@prevas.dk>

Hi Rasmus,

On Tue, Jul 08, 2025 at 08:43:57AM +0200, Rasmus Villemoes wrote:
> On Sat, Jul 05 2025, Alejandro Colomar <alx@kernel.org> wrote:
>=20
> > On top of that, I have a question about the functions I'm adding,
> > and the existing kernel snprintf(3): The standard snprintf(3)
> > can fail (return -1), but the kernel one doesn't seem to return <0 ever.
> > Should I assume that snprintf(3) doesn't fail here?
>=20
> Yes. Just because the standard says it may return an error, as a QoI
> thing the kernel's implementation never fails. That also means that we
> do not ever do memory allocation or similar in the guts of vsnsprintf
> (that would anyway be a mine field of locking bugs).

All of that sounds reasonable.

> If we hit some invalid or unsupported format specifier (i.e. a bug in
> the caller), we return early, but still report what we wrote until
> hitting that.

However, there's the early return due to size>INT_MAX || size=3D=3D0, which
results in no string at all, and there's not an error code for this.
A user might think that the string is reliable after a vsprintf(3) call,
as it returned 0 --as if it had written ""--, but it didn't write
anything.

I would have returned -EOVERFLOW in that case.

I think something similar is true of strscpy(): it returns -E2BIG on
size=3D=3D0 || size>INT_MAX but it should be a different error code, as
there's no string at all.

I'll propose something very close to strscpy() for standardization, but
the behavior for size=3D=3D0 will either be undefined, or errno will be
EOVERFLOW.


Have a lovely day!
Alex

--=20
<https://www.alejandro-colomar.es/>

--yu7ixni4xjxoijgm
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEES7Jt9u9GbmlWADAi64mZXMKQwqkFAmhtAtIACgkQ64mZXMKQ
wqmtvxAAmdw883CZToXhH1TBnZ2W4hbKBzvMaF3mq84wKNfBB/CyJKTfWfVNRW9k
yAG58nel0gHuklLCVK2BMCuG7JfNXNIKdUG7bQTGEr8t//QYcx4haFut+xlfph/M
R+lwiw1q4yy3Q/0q97e2WJ/c4eBbWo5D0A6Ggy1bbYYsVY7AagO1ZHnglzVIHf4j
95IiyR5BFCEtVjmaU8gEACNQIVeC6OnpSw385YlumOiXFX+KFBsiipbew0kXre8M
tv+hyM2u3MR7YSWoMsyAheqSZBKz+puMVS4BGhwg8aAdsRSMoUbTRiszW5GJgSmN
iHxFecIMKkyN3pdKm1Ca4MBbBTe7iYQuALQq0I0bZiP/qhkQMFbxSn0ldBL/tsAU
qkB36CF/S784nfKJ4wDKy1UFUQZBdgMVDLuRH/VWxahijzBhsBF/qnIDdmqEEP3q
un7+CRbi8WkPanq8lVYiiixE/BmOrw95LcrYIycQfwxjShQizzDLCSVXA6NN+lVu
Qae7GlLpZ2vmw+vX50Jq76DzpwspOsIbzpypuXy/Y4f36UBeoqfzI/XtUIZ9CNmS
B0bDgV1z094QTghOi7pZSaWqK8FFpb6lUd0a9fRAKihqEoPPj+Xgg1fagOULkLiO
gor9ti3mUbSyRbeVwQAp/kVVMIrnDZSPtFp945FmBvVVjR7XerI=
=UstB
-----END PGP SIGNATURE-----

--yu7ixni4xjxoijgm--