From: Al Viro <viro@ZenIV.linux.org.uk>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: keescook@chromium.org, joe@perches.com, linux@horizon.com,
akpm@linux-foundation.org, dan.carpenter@oracle.com,
davem@davemloft.net, eldad@fogrefinery.com, jbeulich@suse.com,
jkosina@suse.cz, linux-kernel@vger.kernel.org,
rdunlap@infradead.org
Subject: Re: [PATCH] vsprintf: drop comment claiming %n is ignored
Date: Sat, 14 Sep 2013 04:48:02 +0100 [thread overview]
Message-ID: <20130914034801.GA13318@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20130914030521.GZ13318@ZenIV.linux.org.uk>
On Sat, Sep 14, 2013 at 04:05:21AM +0100, Al Viro wrote:
> Again, the normal return value of ->show() is 0 and that includes the case of
> overflow. THE ONLY reason to check for overflow early is when subsequent
> output of ->show() takes long to generate and we want to skip that and
> have seq_read() do realloc-and-call-show-again immediately. And in that
> case the right fix is often to get saner iterator and stop shoving everything
> into a single ->show() call...
Actually, let's take a look at the suckers.
* a bunch in arch/arm/plat-pxa/dma.c:dbg_show_requester_chan(): all buggy;
shouldn't care about pos at all and return 0. Additionally,
dbg_show_descriptors() is buggy _and_ dumb - max_show shouldn't exist at all
and it shouldn't be using single_open(); it's iterating over a linked list,
for fsck sake...
* cris fasttimer: apparently valid "skip pointless work if we'd overflown"
uses; not sure if it's really needed here.
* cris show_cpuinfo(): buggy, should return 0 regardless.
* microblaze show_cpuinfo(): pointless sum is calculated and never used.
* openrisc show_cpuinfo(): buggy, should return 0 regardless.
* s390 pci_perf_show(): ditto.
* mtrr_seq_show(): pointless sum is calculated and never used.
* print_wakeup_source_stats(): buggy, should return 0 regardless.
* i8k_proc_show(): ditto.
* 3 ->show() instances in impi: ditto.
* i2o_report_query_status(): ditto.
* drivers/mfd/ab8500-debugfs.c:ab8500_registers_print(): legimitate use,
a side effect of lousy iterator, unfortunately complicated by the same
thing used for printk as well.
* same file, in ab8500_print_modem_registers() - return value of seq_printf()
is stored in local variable and immediately overwritten.
* same file, a metric arseload of return seq_printf(....): buggy, should
return 0.
* doc3g: ditto.
* drivers/parisc callers: pointless sums calculated and never used.
* drivers/regulator/dbx500-prcmu.c: somebody got religious about reporting
!!!scary!!! overflows. Even though debugging printks are completely pointless
there.
* drivers/rtc: return value passed to caller and discarded there. If it ever
stops being discarded, we'll get a bug.
drivers/s390/cio/blacklist.c: buggy, should return 0.
lustre: a bunch "should return 0" cases, AFAICS all of them are of that kind.
rtl8192*: a couple of such cases.
* drivers/usb/gadget/goku_udc.c: apparently valid uses, this time with what
looks like a damn good reason to skip extra work - it's reading from IO
ports and that can be slow.
* drivers/usb/gadget/pxa27x_udc.c: pointless sums discarded.
* debugfs_print_regs32(): should return 0. The only caller ignores its
return value, fortunately, otherwise we'd have bugs.
* fs/dlm: valid, but very likely to be begging for better iterators.
* fs/proc children_seq_show(): buggy, should return 0.
* sysvipc_proc_show() and stuff it's calling (i.e. all show_... in
ipc/*): buggy, should return 0.
Enough for now...
Overall: I suspect that Joe might be right. The very few callers that
use the return value and use it correctly can bloody well call
seq_overflow(), preferably with a detailed comment about the reasons
for doing so. Anything that really wants the length of output (if we
have such places at all) can use %n or see Figure 1. I haven't
crawled through lib/*, net/* and sound/* yet, but that's how the things
look so far.
next prev parent reply other threads:[~2013-09-14 3:48 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-11 19:30 [PATCH] vsprintf: drop comment claiming %n is ignored Kees Cook
2013-09-11 20:06 ` Joe Perches
2013-09-11 20:18 ` Kees Cook
2013-09-11 20:20 ` Joe Perches
2013-09-11 20:30 ` KOSAKI Motohiro
2013-09-11 20:28 ` Joe Perches
2013-09-13 19:53 ` George Spelvin
2013-09-13 22:27 ` Joe Perches
2013-09-13 23:03 ` Kees Cook
2013-09-13 23:23 ` Joe Perches
2013-09-16 2:53 ` George Spelvin
2013-09-14 2:17 ` Al Viro
2013-09-14 2:49 ` Tetsuo Handa
2013-09-14 3:05 ` Al Viro
2013-09-14 3:48 ` Al Viro [this message]
2013-09-14 4:53 ` Al Viro
2013-09-14 5:26 ` Joe Perches
2013-09-12 7:03 ` Jan Beulich
2013-09-12 7:31 ` Kees Cook
2013-09-12 7:51 ` Jan Beulich
2013-09-12 7:57 ` Dan Carpenter
2013-09-13 19:49 ` George Spelvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130914034801.GA13318@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=dan.carpenter@oracle.com \
--cc=davem@davemloft.net \
--cc=eldad@fogrefinery.com \
--cc=jbeulich@suse.com \
--cc=jkosina@suse.cz \
--cc=joe@perches.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@horizon.com \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
--cc=rdunlap@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox