[PATCH RFC 0/3] powerpc/ps3: refactor strncpy usage

[PATCH RFC 0/3] powerpc/ps3: refactor strncpy usage

[Justin Stitt]

Within this RFC-series I want to get some comments on two ideas that I
have for refactoring the current `strncpy` usage in repository.c.

When looking at `make_first_field` we see a u64 is being used to store
up to 8 bytes from a literal string. This is slightly suspect to me but
it works? In regards to `strncpy` here, it makes the code needlessly
complex imo.

Please see my two ideas to change this and let me know if any other
approaches are more reasonable.

Link: https://github.com/KSPP/linux/issues/90
Signed-off-by: Justin Stitt <justinstitt@google.com>
---
Justin Stitt (3):
      [RFC] powerpc/ps3: refactor strncpy usage attempt 1
      [RFC] powerpc/ps3: refactor strncpy usage attempt 2
      [RFC] powerpc/ps3: refactor strncpy usage attempt 2.5

 arch/powerpc/platforms/ps3/repository.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
---
base-commit: 52a93d39b17dc7eb98b6aa3edb93943248e03b2f
change-id: 20230811-strncpy-arch-powerpc-platforms-ps3-57a1cdb2ad9b

Best regards,
--
Justin Stitt <justinstitt@google.com>

[PATCH RFC 1/3] powerpc/ps3: refactor strncpy usage attempt 1

[Justin Stitt]

This approach simply replicates the implementation of `make_field` which
means we drop `strncpy` for `memcpy`.

Signed-off-by: Justin Stitt <justinstitt@google.com>
---
 arch/powerpc/platforms/ps3/repository.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/platforms/ps3/repository.c b/arch/powerpc/platforms/ps3/repository.c
index 205763061a2d..1abe33fbe529 100644
--- a/arch/powerpc/platforms/ps3/repository.c
+++ b/arch/powerpc/platforms/ps3/repository.c
@@ -73,9 +73,9 @@ static void _dump_node(unsigned int lpar_id, u64 n1, u64 n2, u64 n3, u64 n4,
 
 static u64 make_first_field(const char *text, u64 index)
 {
-	u64 n;
+	u64 n = 0;
 
-	strncpy((char *)&n, text, 8);
+	memcpy((char *)&n, text, strnlen(text, sizeof(n)));
 	return PS3_VENDOR_ID_NONE + (n >> 32) + index;
 }
 

-- 
2.41.0.640.ga95def55d0-goog

[PATCH RFC 2/3] powerpc/ps3: refactor strncpy usage attempt 2

[Justin Stitt]

This approach tries to use `make_field` inside of `make_first_field`.
This comes with some weird implementation as to get the same result we
need to first subtract `index` from the `make_field` result whilst being
careful with order of operations. We then have to add index back.

The behavior should be the same but would love some comments on this.

Signed-off-by: Justin Stitt <justinstitt@google.com>

---
Note: I swapped the position of the two methods so as to not have to
forward declare `make_field`. This results in a weird diff here.
---
 arch/powerpc/platforms/ps3/repository.c | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/arch/powerpc/platforms/ps3/repository.c b/arch/powerpc/platforms/ps3/repository.c
index 1abe33fbe529..6b731a5d4adc 100644
--- a/arch/powerpc/platforms/ps3/repository.c
+++ b/arch/powerpc/platforms/ps3/repository.c
@@ -63,36 +63,33 @@ static void _dump_node(unsigned int lpar_id, u64 n1, u64 n2, u64 n3, u64 n4,
 }
 
 /**
- * make_first_field - Make the first field of a repository node name.
- * @text: Text portion of the field.
+ * make_field - Make subsequent fields of a repository node name.
+ * @text: Text portion of the field.  Use "" for 'don't care'.
  * @index: Numeric index portion of the field.  Use zero for 'don't care'.
  *
- * This routine sets the vendor id to zero (non-vendor specific).
  * Returns field value.
  */
 
-static u64 make_first_field(const char *text, u64 index)
+static u64 make_field(const char *text, u64 index)
 {
 	u64 n = 0;
 
 	memcpy((char *)&n, text, strnlen(text, sizeof(n)));
-	return PS3_VENDOR_ID_NONE + (n >> 32) + index;
+	return n + index;
 }
 
 /**
- * make_field - Make subsequent fields of a repository node name.
- * @text: Text portion of the field.  Use "" for 'don't care'.
+ * make_first_field - Make the first field of a repository node name.
+ * @text: Text portion of the field.
  * @index: Numeric index portion of the field.  Use zero for 'don't care'.
  *
+ * This routine sets the vendor id to zero (non-vendor specific).
  * Returns field value.
  */
 
-static u64 make_field(const char *text, u64 index)
+static u64 make_first_field(const char *text, u64 index)
 {
-	u64 n = 0;
-
-	memcpy((char *)&n, text, strnlen(text, sizeof(n)));
-	return n + index;
+	return PS3_VENDOR_ID_NONE + ((make_field(text, index) - index) >> 32) + index;
 }
 
 /**

-- 
2.41.0.640.ga95def55d0-goog

[PATCH RFC 3/3] powerpc/ps3: refactor strncpy usage attempt 2.5

[Justin Stitt]

Forward declare `make_field` for a cleaner diff

Signed-off-by: Justin Stitt <justinstitt@google.com>
---
 arch/powerpc/platforms/ps3/repository.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/arch/powerpc/platforms/ps3/repository.c b/arch/powerpc/platforms/ps3/repository.c
index 6b731a5d4adc..6a08bb7704da 100644
--- a/arch/powerpc/platforms/ps3/repository.c
+++ b/arch/powerpc/platforms/ps3/repository.c
@@ -20,6 +20,8 @@ enum ps3_lpar_id {
 	PS3_LPAR_ID_PME = 1,
 };
 
+static u64 make_field(const char *text, u64 index);
+
 #define dump_field(_a, _b) _dump_field(_a, _b, __func__, __LINE__)
 static void _dump_field(const char *hdr, u64 n, const char *func, int line)
 {
@@ -63,33 +65,33 @@ static void _dump_node(unsigned int lpar_id, u64 n1, u64 n2, u64 n3, u64 n4,
 }
 
 /**
- * make_field - Make subsequent fields of a repository node name.
- * @text: Text portion of the field.  Use "" for 'don't care'.
+ * make_first_field - Make the first field of a repository node name.
+ * @text: Text portion of the field.
  * @index: Numeric index portion of the field.  Use zero for 'don't care'.
  *
+ * This routine sets the vendor id to zero (non-vendor specific).
  * Returns field value.
  */
 
-static u64 make_field(const char *text, u64 index)
+static u64 make_first_field(const char *text, u64 index)
 {
-	u64 n = 0;
-
-	memcpy((char *)&n, text, strnlen(text, sizeof(n)));
-	return n + index;
+	return PS3_VENDOR_ID_NONE + ((make_field(text, index) - index) >> 32) + index;
 }
 
 /**
- * make_first_field - Make the first field of a repository node name.
- * @text: Text portion of the field.
+ * make_field - Make subsequent fields of a repository node name.
+ * @text: Text portion of the field.  Use "" for 'don't care'.
  * @index: Numeric index portion of the field.  Use zero for 'don't care'.
  *
- * This routine sets the vendor id to zero (non-vendor specific).
  * Returns field value.
  */
 
-static u64 make_first_field(const char *text, u64 index)
+static u64 make_field(const char *text, u64 index)
 {
-	return PS3_VENDOR_ID_NONE + ((make_field(text, index) - index) >> 32) + index;
+	u64 n = 0;
+
+	memcpy((char *)&n, text, strnlen(text, sizeof(n)));
+	return n + index;
 }
 
 /**

-- 
2.41.0.640.ga95def55d0-goog

Re: [PATCH RFC 0/3] powerpc/ps3: refactor strncpy usage

[Justin Stitt]

On Fri, Aug 11, 2023 at 2:19 PM Justin Stitt <justinstitt@google.com> wrote:
>
> Within this RFC-series I want to get some comments on two ideas that I
> have for refactoring the current `strncpy` usage in repository.c.
>
> When looking at `make_first_field` we see a u64 is being used to store
> up to 8 bytes from a literal string. This is slightly suspect to me but
> it works? In regards to `strncpy` here, it makes the code needlessly
> complex imo.
>
> Please see my two ideas to change this and let me know if any other
> approaches are more reasonable.
>
> Link: https://github.com/KSPP/linux/issues/90
> Signed-off-by: Justin Stitt <justinstitt@google.com>
> ---
> Justin Stitt (3):
>       [RFC] powerpc/ps3: refactor strncpy usage attempt 1
>       [RFC] powerpc/ps3: refactor strncpy usage attempt 2
>       [RFC] powerpc/ps3: refactor strncpy usage attempt 2.5
Errhm, It looks like the diffs after attempt 1 came out poorly and
probably won't apply cleanly because they were inter-diffed with the
first patch. Is there a way to let b4 know I wanted each patch diff'd
against the same SHA and not each other sequentially?

As it stands only attempt 1 is readable.

>
>  arch/powerpc/platforms/ps3/repository.c | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)
> ---
> base-commit: 52a93d39b17dc7eb98b6aa3edb93943248e03b2f
> change-id: 20230811-strncpy-arch-powerpc-platforms-ps3-57a1cdb2ad9b
>
> Best regards,
> --
> Justin Stitt <justinstitt@google.com>
>

Re: [PATCH RFC 1/3] powerpc/ps3: refactor strncpy usage attempt 1

[Michael Ellerman]

Justin Stitt <justinstitt@google.com> writes:
> This approach simply replicates the implementation of `make_field` which
> means we drop `strncpy` for `memcpy`.
>
> Signed-off-by: Justin Stitt <justinstitt@google.com>
> ---
>  arch/powerpc/platforms/ps3/repository.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/platforms/ps3/repository.c b/arch/powerpc/platforms/ps3/repository.c
> index 205763061a2d..1abe33fbe529 100644
> --- a/arch/powerpc/platforms/ps3/repository.c
> +++ b/arch/powerpc/platforms/ps3/repository.c
> @@ -73,9 +73,9 @@ static void _dump_node(unsigned int lpar_id, u64 n1, u64 n2, u64 n3, u64 n4,
>  
>  static u64 make_first_field(const char *text, u64 index)
>  {
> -	u64 n;
> +	u64 n = 0;
>  
> -	strncpy((char *)&n, text, 8);
> +	memcpy((char *)&n, text, strnlen(text, sizeof(n)));
>  	return PS3_VENDOR_ID_NONE + (n >> 32) + index;
>  }

I guess it's a slight improvement, because people generally know
memcpy's behaviour better than strncpy.

The change log should be a bit more verbose and mention that the result
is the same, including the NULL padding done my strncpy().

cheers

Re: [PATCH RFC 0/3] powerpc/ps3: refactor strncpy usage

[Michael Ellerman]

Justin Stitt <justinstitt@google.com> writes:
> On Fri, Aug 11, 2023 at 2:19 PM Justin Stitt <justinstitt@google.com> wrote:
>>
>> Within this RFC-series I want to get some comments on two ideas that I
>> have for refactoring the current `strncpy` usage in repository.c.
>>
>> When looking at `make_first_field` we see a u64 is being used to store
>> up to 8 bytes from a literal string. This is slightly suspect to me but
>> it works? In regards to `strncpy` here, it makes the code needlessly
>> complex imo.
>>
>> Please see my two ideas to change this and let me know if any other
>> approaches are more reasonable.
>>
>> Link: https://github.com/KSPP/linux/issues/90
>> Signed-off-by: Justin Stitt <justinstitt@google.com>
>> ---
>> Justin Stitt (3):
>>       [RFC] powerpc/ps3: refactor strncpy usage attempt 1
>>       [RFC] powerpc/ps3: refactor strncpy usage attempt 2
>>       [RFC] powerpc/ps3: refactor strncpy usage attempt 2.5
> Errhm, It looks like the diffs after attempt 1 came out poorly and
> probably won't apply cleanly because they were inter-diffed with the
> first patch. Is there a way to let b4 know I wanted each patch diff'd
> against the same SHA and not each other sequentially?

I don't think there is. It always assumes they're a series.

cheers

Re: [PATCH RFC 2/3] powerpc/ps3: refactor strncpy usage attempt 2

[Kees Cook]

On Fri, Aug 11, 2023 at 09:19:20PM +0000, Justin Stitt wrote:
> This approach tries to use `make_field` inside of `make_first_field`.
> This comes with some weird implementation as to get the same result we
> need to first subtract `index` from the `make_field` result whilst being
> careful with order of operations. We then have to add index back.

I think for readability, it's better to avoid the function composition.
The index subtraction undoes the earlier addition -- I say just leave it
separate.

i.e. I like option 1 of 3 the best.

-Kees

-- 
Kees Cook