From: Dan Carpenter <dan.carpenter@oracle.com>
To: KY Srinivasan <kys@microsoft.com>
Cc: "gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>,
"ohering@suse.com" <ohering@suse.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"virtualization@lists.osdl.org" <virtualization@lists.osdl.org>,
Alan Stern <stern@rowland.harvard.edu>,
"devel@linuxdriverproject.org" <devel@linuxdriverproject.org>
Subject: Re: [PATCH 1/3] Drivers: hv: Support the newly introduced KVP messages in the driver
Date: Fri, 16 Mar 2012 17:26:49 +0300 [thread overview]
Message-ID: <20120316142649.GJ3163@mwanda> (raw)
In-Reply-To: <6E21E5352C11B742B20C142EB499E0481B76671F@TK5EX14MBXC126.redmond.corp.microsoft.com>
[-- Attachment #1.1: Type: text/plain, Size: 1704 bytes --]
On Fri, Mar 16, 2012 at 01:14:07PM +0000, KY Srinivasan wrote:
> Dan,
> I am trying to understand your concern here:
> You will agree with me that the current code does not overflow the
> buffer since the output is limited to MAX bytes and that is how
> big the output buffer is sized. Now, as I pointed out earlier, if the
> string to be converted were to fully occupy the MAX bytes or even be
> larger than MAX bytes (no buffer overflow here since we limit the
> conversion to MAX bytes), we will get a malformed packet that will be
> sent to the host since the size field of the message would exceed
> the protocol specified size limit. I was merely pointing out that in
> this case, I would rather have the host reject the message than send
> a truncated Key/Value string (if we were to ever get invalid key or
> value strings).
>
Sending malformed packets is a bad idea.
Normally, if you handle the error as close to the cause of the error
as possible then it makes everything easier to read. In this case
especially, it's so easy to catch any errors. If you decide to go
ahead and send the malformed message, at least put a comment.
When I read code, I spend all my time looking for what it does
wrong. So when code doesn't have any error handling and sets
keylen = -EINVAL then sure, it's fewer lines of code to read, but
it doesn't make my life easier. Readable code has obvious error
handling.
Introducing off by one errors is an especially bad idea. It doesn't
matter how harmless they are, because they end up getting copy and
pasted. I don't know how to make it any clearer than that. :/
Never never never do that!
regards,
dan carpenter
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
[-- Attachment #2: Type: text/plain, Size: 159 bytes --]
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
prev parent reply other threads:[~2012-03-16 14:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-16 0:48 [PATCH 0000/0003] drivers: hv K. Y. Srinivasan
2012-03-16 0:48 ` [PATCH 1/3] Drivers: hv: Support the newly introduced KVP messages in the driver K. Y. Srinivasan
2012-03-16 0:48 ` [PATCH 2/3] Tools: hv: Fully support the new KVP verbs in the user level daemon K. Y. Srinivasan
2012-03-16 0:48 ` [PATCH 3/3] Tools: hv: Support enumeration from all the pools K. Y. Srinivasan
2012-03-16 5:45 ` [PATCH 1/3] Drivers: hv: Support the newly introduced KVP messages in the driver Dan Carpenter
2012-03-16 6:33 ` KY Srinivasan
2012-03-16 7:18 ` Dan Carpenter
2012-03-16 7:37 ` Dan Carpenter
2012-03-16 13:14 ` KY Srinivasan
2012-03-16 14:26 ` Dan Carpenter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120316142649.GJ3163@mwanda \
--to=dan.carpenter@oracle.com \
--cc=devel@linuxdriverproject.org \
--cc=gregkh@linuxfoundation.org \
--cc=kys@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ohering@suse.com \
--cc=stern@rowland.harvard.edu \
--cc=virtualization@lists.osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).