From: Neil Brown <neilb@suse.de>
To: Artur Wojcik <artur.wojcik@intel.com>
Cc: Andre Noll <maan@systemlinux.org>,
"linux-raid@vger.kernel.org" <linux-raid@vger.kernel.org>,
"Williams, Dan J" <dan.j.williams@intel.com>,
"Ciechanowski, Ed" <ed.ciechanowski@intel.com>
Subject: Re: [patch 0/1][mdadm] Fix needed to enable RAID volumes on SAS devices (version 2).
Date: Tue, 8 Dec 2009 16:37:44 +1100 [thread overview]
Message-ID: <20091208163744.7ea0eef9@notabene.brown> (raw)
In-Reply-To: <1259593933.3178.122.camel@awojcik-linux>
On Mon, 30 Nov 2009 16:12:13 +0100
Artur Wojcik <artur.wojcik@intel.com> wrote:
> Neil/Andre,
> I incorporated the suggestions Andre gave me and this resulted in the
> second version of patch. However I decided to not use pathconf()
> function but to define PATH_MAX instead. It is just the size of a buffer
> and I would like this to be resolved during compilation time rather then
> dynamically during execution time. Please review it and let me know if
> something needs to be changed.
>
> As for the being paranoid... so I really am, if we talk about software
> security and vulnerability. I decided to introduce a new __str_fmt()
> function and str_fmt() helper macro. Both are documented in source code
> (let me know if you need separate patch for this).
>
I'm afraid that I really don't like this.
Creating little functions that do almost-but-not-quite-exactly what some
standard library function does always bothers me. It makes the code harder
to read.
If you just used it in 2 or 3 places where you actually needed it then it
might be OK, but you have used it everywhere, including several places where
it isn't needed at all as the buffer is known to be big enough.
And I don't like the introduction of a new header file just to store one or 2
definitions. Just put new definitions in mdadm.h Keep It Simple.
I am perfectly happy with making 'buf' larger as appropriate, even making it
PATH_MAX in some cases.
I would be happy with more use of asprinf.
I would be happy adding checks before certain critical sprintf calls that
the result will not exceed the buffer.
But I'm afraid that I don't like str_fmt at all.
Can we just fix the bits that are actually broken please?
NeilBrown
next prev parent reply other threads:[~2009-12-08 5:37 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-13 10:43 [patch 1/1][mdadm] Fix needed to enable RAID device creation on SAS devices Wojcik, Artur
2009-11-13 19:35 ` Andre Noll
2009-11-30 15:12 ` [patch 0/1][mdadm] Fix needed to enable RAID volumes on SAS devices (version 2) Artur Wojcik
2009-12-08 5:37 ` Neil Brown [this message]
2009-12-09 17:41 ` Artur Wojcik
2009-12-09 18:12 ` Dan Williams
2009-11-30 15:12 ` [patch 1/1][mdadm] " Artur Wojcik
2009-11-30 19:56 ` Dan Williams
2009-12-01 11:52 ` Artur Wojcik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091208163744.7ea0eef9@notabene.brown \
--to=neilb@suse.de \
--cc=artur.wojcik@intel.com \
--cc=dan.j.williams@intel.com \
--cc=ed.ciechanowski@intel.com \
--cc=linux-raid@vger.kernel.org \
--cc=maan@systemlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).