From: Ingo Molnar <mingo@kernel.org>
To: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Steven Rostedt <rostedt@goodmis.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Shuah Khan <shuah@kernel.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
linux-kernel@vger.kernel.org,
Andy Lutomirski <luto@amacapital.net>,
Andrew Morton <akpm@linux-foundation.org>,
Changbin Du <changbin.du@gmail.com>, Jann Horn <jannh@google.com>,
Kees Cook <keescook@chromium.org>,
Andy Lutomirski <luto@kernel.org>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Nadav Amit <namit@vmware.com>,
Joel Fernandes <joel@joelfernandes.org>,
yhs@fb.com
Subject: Re: [PATCH -tip v8 3/6] tracing/probe: Add ustring type for user-space string
Date: Tue, 14 May 2019 09:24:26 +0200 [thread overview]
Message-ID: <20190514072426.GB18949@gmail.com> (raw)
In-Reply-To: <155741481560.28419.14407082249601887394.stgit@devnote2>
* Masami Hiramatsu <mhiramat@kernel.org> wrote:
> +/* Return the length of string -- including null terminal byte */
> +static nokprobe_inline int
> +fetch_store_strlen_user(unsigned long addr)
> +{
> + return strnlen_unsafe_user((__force const void __user *)addr,
> + MAX_STRING_SIZE);
Pointless line break that doesn't improve readability.
> +/*
> + * Fetch a null-terminated string from user. Caller MUST set *(u32 *)buf
> + * with max length and relative data location.
> + */
> +static nokprobe_inline int
> +fetch_store_string_user(unsigned long addr, void *dest, void *base)
> +{
> + const void __user *uaddr = (__force const void __user *)addr;
> + int maxlen = get_loc_len(*(u32 *)dest);
> + u8 *dst = get_loc_data(dest, base);
> + long ret;
> +
> + if (unlikely(!maxlen))
> + return -ENOMEM;
> + ret = strncpy_from_unsafe_user(dst, uaddr, maxlen);
> +
> + if (ret >= 0)
> + *(u32 *)dest = make_data_loc(ret, (void *)dst - base);
> +
> return ret;
Firstly, why is there a 'dest' and a 'dst' variable name as well - the
two are very similar and the difference not explained at all.
Secondly, a style nit: if you group statements then please group
statements based on the usual logic - which is the group them by the flow
of logic. In the above case you grouped the 'maxlen' check with the
strncpy_from_unsafe_user() call, while the grouping should be the other
way around:
if (unlikely(!maxlen))
return -ENOMEM;
ret = strncpy_from_unsafe_user(dst, uaddr, maxlen);
if (ret >= 0)
*(u32 *)dest = make_data_loc(ret, (void *)dst - base);
return ret;
Third, hiding the get_loc_data() call within variable initialization is
bad style - we usually only put 'trivial' (constant) initializations
there.
Fourth, 'dst' is independent of 'maxlen', so it should probably
calculated *after* maxlen.
I.e. the whole sequence should be:
maxlen = get_loc_len(*(u32 *)dest);
if (unlikely(!maxlen))
return -ENOMEM;
dst = get_loc_data(dest, base);
ret = strncpy_from_unsafe_user(dst, uaddr, maxlen);
if (ret >= 0)
*(u32 *)dest = make_data_loc(ret, (void *)dst - base);
return ret;
Fifth, we don't actually dereference 'dst', do we? So the whole type
casting to 'void *' could be avoided by declaring 'dst' (or whatever its
new, clearer name is) not as u8 *, but as void *.
I.e. these are five problems in a short sequence of code, which it sad to
see in a v8 submission. :-/
Please review the other patches and the whole code base for similar
mishaps and small details as well.
Thanks,
Ingo
next prev parent reply other threads:[~2019-05-14 7:24 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-09 15:12 [PATCH -tip v8 0/6] tracing/probes: uaccess: Add support user-space access Masami Hiramatsu
2019-05-09 15:13 ` [PATCH -tip v8 1/6] x86/uaccess: Allow access_ok() in irq context if pagefault_disabled Masami Hiramatsu
2019-05-09 15:13 ` [PATCH -tip v8 2/6] uaccess: Add non-pagefault user-space read functions Masami Hiramatsu
2019-05-09 15:13 ` [PATCH -tip v8 3/6] tracing/probe: Add ustring type for user-space string Masami Hiramatsu
2019-05-14 7:24 ` Ingo Molnar [this message]
2019-05-14 10:10 ` Masami Hiramatsu
2019-05-09 15:13 ` [PATCH -tip v8 4/6] tracing/probe: Support user-space dereference Masami Hiramatsu
2019-05-09 15:13 ` [PATCH -tip v8 5/6] selftests/ftrace: Add user-memory access syntax testcase Masami Hiramatsu
2019-05-09 15:14 ` [PATCH -tip v8 6/6] perf-probe: Add user memory access attribute support Masami Hiramatsu
2019-05-13 18:38 ` [PATCH -tip v8 0/6] tracing/probes: uaccess: Add support user-space access Arnaldo Carvalho de Melo
2019-05-14 5:02 ` Masami Hiramatsu
2019-05-14 14:01 ` Arnaldo Carvalho de Melo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190514072426.GB18949@gmail.com \
--to=mingo@kernel.org \
--cc=acme@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alexei.starovoitov@gmail.com \
--cc=changbin.du@gmail.com \
--cc=jannh@google.com \
--cc=joel@joelfernandes.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=namit@vmware.com \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=shuah@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox