From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2E213AC0FA for ; Thu, 26 Mar 2026 09:12:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774516337; cv=none; b=ZkaZT+UqcMq+qCwIo6iv5yRIGaTSahUPir9HqlKbnx43EoxEarv7esUVHK8jU/PrZlUrpkEMLeyw13LNe37ad8SjfoEJgMLgg1TrdHzYFVyeMEjLx61Qi/i4lYwYFfryeuoq/UqJCGr4R+LmOVllf3WHFJZ74GRXI+3ssaBLeZU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1774516337; c=relaxed/simple; bh=8/pMa5AJ9mBOr7eRT2NbfR0jAYZnz4s/aYTGieoHCTA=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SOJSQTp63E/SodSVcfW/6GBUlrgtuKBZdvuwB+/aXoWvwGBc8Odv1bCKgOH8Xpn31gRPZvJ1WGVv/U5rWG0W8IMYRfSw3HnNC8sqmtXbZ9aGjTX/+qbB8LtpZpIBWGi4vLguGA0GD2qJz8XlRfUkQddgswh76tKclivVkoJaedI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZnNJbUjK; arc=none smtp.client-ip=209.85.221.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZnNJbUjK" Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-43b88b7ca76so530964f8f.3 for ; Thu, 26 Mar 2026 02:12:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1774516334; x=1775121134; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=PGDH2TofSrbvdkwCghSRFxm4gz6YHk6e1rABleSES9E=; b=ZnNJbUjKBZ589zTW5N5oQHy/D1bUSfyrmE6gww6sI5HEY0IifwUeax6oZ3xHrCJo53 zZkczWjBkfJXSP2vIJrvrnjVI8ocpEcWDV/GHlPbFbMgBPZ2GfXf+n0y8y/aZVnd6gF6 RtYoEEtQ1YsS5SAVX0IZtZJgHhcVhddaV23F5PP6q2m435JwAkoBvWfAjcf3BqNkDQYc lKa3yVKDtkcWV7ziZ/4Hfe7NATpDkMqAmrWUPnICK5CcgEjaS14cFiDcZQbcxAroSxqQ KsRmNoNo3f0LwD2mYLsp+AWkEeo7vVjo4t6DlTl3ySKDZ9qOkkAKZpG1A4LEfYr+51ao YE0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774516334; x=1775121134; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=PGDH2TofSrbvdkwCghSRFxm4gz6YHk6e1rABleSES9E=; b=kh6isntnQ7dkASTr7p8YuWKCVaWKuX0LWCqUS3EVLFPogwzMN7UhyHhQe9umnr51kt nlVlkY+FRZYvDy3YdyjNJtoElIYTxdyw/ofyG9OotWtNw2W5VGj27xHqxC3hdgSuksYB x5A7SSzivw6dmz3cLt+1gyKpoZ3lC4T2eYTtGqxdDa+Ma4e+wODT7gx1pnoTjBDlxpZT qYW6UqqfjgCLiQdQckEv7tUtB4AP/2GHgTPJIJUWSLFRyY8atlzzOXRur6OxkcaAC+QK JecdP1XI+onoAt0xkVF8CgtIbAjTCzE9Ni6HnPDERHd2pNQzN2mEc75OHkdtB6J3Dvko DTJw== X-Forwarded-Encrypted: i=1; AJvYcCUWAkye8Z0RGDk38iiPAHL34kfc2QCKlq3wsUxZ28q97AUnxcipwI09vpdv8OEdtGSMSaWDnMhc0BGPfd4=@vger.kernel.org X-Gm-Message-State: AOJu0Yz+wS/6aB8FwlykBLtBe5G6HXW6PI5D9ijgk+U3hW7L2G73/LF2 SsH1SFmmyr8Www7hCZPO80ywPLoz1GNJU4YgbRwN1wQWvUEowevaNqyi X-Gm-Gg: ATEYQzwCrLbHtzuTITgPCVAskGAQuttUF8bt6EJvzHGC+lWMvU+6Ox+0Lg6v5RlQbzc 3ynbbJGrKILWoUuUT6bCsEzH3gnjLdekJGd6HbFC0ioPuqOmYkMZWCJ+06cH9mfpDPxPYRgTIg4 JBhDxezcn+YgZMwQOZzuYBrhIH28F8B+yKGl/aunw0671Fby5oKkxj7Ey6Apwet0l5KzWG2cmgu 38MeMNalVHjy/5JqPGx6X0c/joX0wAz98JcD5aBO/ur7JBorYgdqN7kqjGPDAq7rEAmJiS9e5py BmPQ37KtkKLmzr9PbDRuLlmX9mx7WLdR7gB6Ys/HR97HPcZQrvcbcUt8v65L0ilq3MU3gbqmBdR mDsd+I9oTQVF1orb/zrD87IM/BcoT8aQSUO2FYiYZlpSeHzPdXR/maZ4iEesInvsrtHxdc8YnX3 5qSgf8/vEuVwzlFJlfBSjjW4jSn7XMFRJERW+xDybUm74QRWjPWCic3xp+btrEbSzl X-Received: by 2002:a05:6000:400b:b0:43b:498f:dceb with SMTP id ffacd0b85a97d-43b8896ce60mr10188021f8f.9.1774516333836; Thu, 26 Mar 2026 02:12:13 -0700 (PDT) Received: from pumpkin (82-69-66-36.dsl.in-addr.zen.co.uk. [82.69.66.36]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43b9192e305sm7117012f8f.8.2026.03.26.02.12.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Mar 2026 02:12:13 -0700 (PDT) Date: Thu, 26 Mar 2026 09:12:12 +0000 From: David Laight To: "Masami Hiramatsu (Google)" Cc: Andrew Morton , Petr Mladek , Steven Rostedt , Andy Shevchenko , Rasmus Villemoes , Sergey Senozhatsky , linux-kernel@vger.kernel.org Subject: Re: [PATCH v4 0/2] lib/vsprintf: Fixes size check Message-ID: <20260326091212.5b370ff8@pumpkin> In-Reply-To: <20260326163944.1a7e83e7c1a70202c1a05deb@kernel.org> References: <177440550682.147866.1854734911195480940.stgit@devnote2> <20260324220458.3ca2bfeb393eedb5cc7ff52d@linux-foundation.org> <20260325102039.79afa79a@pumpkin> <20260326163944.1a7e83e7c1a70202c1a05deb@kernel.org> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; arm-unknown-linux-gnueabihf) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 26 Mar 2026 16:39:44 +0900 Masami Hiramatsu (Google) wrote: > On Wed, 25 Mar 2026 10:20:39 +0000 > David Laight wrote: > > > On Tue, 24 Mar 2026 22:04:58 -0700 > > Andrew Morton wrote: > > > > > On Wed, 25 Mar 2026 11:25:06 +0900 "Masami Hiramatsu (Google)" wrote: > > > > > > > Here is the 4th version of patches to fix vsnprintf(). > > > > > > > > - Fix to limit the size of width and precision. > > > > - Warn if the return size is over INT_MAX. > > > > > > > > Previous version is here; > > > > > > > > https://lore.kernel.org/all/177410406326.38798.16853803119128725972.stgit@devnote2/ > > > > > > > > In this version, do clamp() the width and precision before checking it and > > > > accept negative precision[1/3] and add Petr's Reviewed-by[2/2]. > > > > > > AI review has flagged a couple of possible issues: > > > https://sashiko.dev/#/patchset/177440550682.147866.1854734911195480940.stgit@devnote2 > > > > I'd guess there are exactly 0 places where a negative precision is passed > > to "%.*s" - if there were any someone would have complained about the > > output being missing. > > Checking all 759 cases grep -r '".*%.*\.%*s.*"' found will be tedious. > > But pretty much all are 'namelen'. > > I also verified and found only one suspicious usage which can pass > a negative precision. It is always called with a constant, in any case the string being output is constant so nothing nasty can happen. I didn't even see any recursive/loop calls that indent by significant amounts. The code could use the more usual ("%*s", indent, ""), but it doesn't matter much - mostly just a shorter line. David > > diff --git a/drivers/gpu/drm/i915/i915_request.c b/drivers/gpu/drm/i915/i915_request.c > index d2c7b1090df0..1f90775ea8a8 100644 > --- a/drivers/gpu/drm/i915/i915_request.c > +++ b/drivers/gpu/drm/i915/i915_request.c > @@ -2224,7 +2224,7 @@ void i915_request_show(struct drm_printer *m, > rcu_read_lock(); > timeline = dma_fence_timeline_name((struct dma_fence *)&rq->fence); > drm_printf(m, "%s%.*s%c %llx:%lld%s%s %s @ %dms: %s\n", > - prefix, indent, " ", > + prefix, max(0, indent), " ", > queue_status(rq), > rq->fence.context, rq->fence.seqno, > run_status(rq), > > Thanks, > > > > In any case worst thing should be a panic if the code hits an invalid > > address before finding a '\0' byte - probably unlikely anyway. > > > > I'd fix it, but try to stop it being backported. > > > > David > >