Both "model" and "strflags" are passed to "%s" even when one or both
are NULL.
It is safe because vsprintf() would detect the NULL pointer and print
"(null)". But it is a kernel-specific feature and compiler warns
about it:
<warning>
In file included from include/linux/kernel.h:19,
from arch/x86/include/asm/percpu.h:27,
from arch/x86/include/asm/current.h:6,
from include/linux/sched.h:12,
from include/linux/blkdev.h:5,
from drivers/scsi/scsi_devinfo.c:3:
drivers/scsi/scsi_devinfo.c: In function 'scsi_dev_info_list_add_str':
>> include/linux/printk.h:434:44: warning: '%s' directive argument is null [-Wformat-overflow=]
434 | #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
| ^
include/linux/printk.h:430:3: note: in definition of macro 'printk_index_wrap'
430 | _p_func(_fmt, ##__VA_ARGS__); \
| ^~~~~~~
drivers/scsi/scsi_devinfo.c:551:4: note: in expansion of macro 'printk'
551 | printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
| ^~~~~~
drivers/scsi/scsi_devinfo.c:552:14: note: format string is defined here
552 | " '%s'\n", __func__, vendor, model,
| ^~
</warning>
Do not rely on the kernel specific behavior and print the message a safe way.
Reported-by: kernel test robot <[email protected]>
Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
Signed-off-by: Petr Mladek <[email protected]>
---
Note: The patch is only compile tested.
drivers/scsi/scsi_devinfo.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
index 3fcaf10a9dfe..ba7237e83863 100644
--- a/drivers/scsi/scsi_devinfo.c
+++ b/drivers/scsi/scsi_devinfo.c
@@ -551,9 +551,9 @@ static int scsi_dev_info_list_add_str(char *dev_list)
if (model)
strflags = strsep(&next, next_check);
if (!model || !strflags) {
- printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
- " '%s'\n", __func__, vendor, model,
- strflags);
+ pr_err("%s: bad dev info string '%s' '%s' '%s'\n",
+ __func__, vendor, model ? model : "",
+ strflags ? strflags : "");
res = -EINVAL;
} else
res = scsi_dev_info_list_add(0 /* compatible */, vendor,
--
2.43.0
On 1/11/24 08:24, Petr Mladek wrote:
> Both "model" and "strflags" are passed to "%s" even when one or both
> are NULL.
>
> It is safe because vsprintf() would detect the NULL pointer and print
> "(null)". But it is a kernel-specific feature and compiler warns
> about it:
>
> <warning>
> In file included from include/linux/kernel.h:19,
> from arch/x86/include/asm/percpu.h:27,
> from arch/x86/include/asm/current.h:6,
> from include/linux/sched.h:12,
> from include/linux/blkdev.h:5,
> from drivers/scsi/scsi_devinfo.c:3:
> drivers/scsi/scsi_devinfo.c: In function 'scsi_dev_info_list_add_str':
>>> include/linux/printk.h:434:44: warning: '%s' directive argument is null [-Wformat-overflow=]
> 434 | #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
> | ^
> include/linux/printk.h:430:3: note: in definition of macro 'printk_index_wrap'
> 430 | _p_func(_fmt, ##__VA_ARGS__); \
> | ^~~~~~~
> drivers/scsi/scsi_devinfo.c:551:4: note: in expansion of macro 'printk'
> 551 | printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
> | ^~~~~~
> drivers/scsi/scsi_devinfo.c:552:14: note: format string is defined here
> 552 | " '%s'\n", __func__, vendor, model,
> | ^~
> </warning>
>
> Do not rely on the kernel specific behavior and print the message a safe way.
>
> Reported-by: kernel test robot <[email protected]>
> Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
> Signed-off-by: Petr Mladek <[email protected]>
> ---
> Note: The patch is only compile tested.
>
> drivers/scsi/scsi_devinfo.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
> index 3fcaf10a9dfe..ba7237e83863 100644
> --- a/drivers/scsi/scsi_devinfo.c
> +++ b/drivers/scsi/scsi_devinfo.c
> @@ -551,9 +551,9 @@ static int scsi_dev_info_list_add_str(char *dev_list)
> if (model)
> strflags = strsep(&next, next_check);
> if (!model || !strflags) {
> - printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
> - " '%s'\n", __func__, vendor, model,
> - strflags);
> + pr_err("%s: bad dev info string '%s' '%s' '%s'\n",
> + __func__, vendor, model ? model : "",
> + strflags ? strflags : "");
> res = -EINVAL;
> } else
> res = scsi_dev_info_list_add(0 /* compatible */, vendor,
Expressions like "model ? model : """ can be shortened into "model ? : """.
Anyway:
Reviewed-by: Bart Van Assche <[email protected]>
Hi Petr,
On Thu, Jan 11, 2024 at 5:26 PM Petr Mladek <[email protected]> wrote:
> Both "model" and "strflags" are passed to "%s" even when one or both
> are NULL.
>
> It is safe because vsprintf() would detect the NULL pointer and print
> "(null)". But it is a kernel-specific feature and compiler warns
> about it:
>
> <warning>
> In file included from include/linux/kernel.h:19,
> from arch/x86/include/asm/percpu.h:27,
> from arch/x86/include/asm/current.h:6,
> from include/linux/sched.h:12,
> from include/linux/blkdev.h:5,
> from drivers/scsi/scsi_devinfo.c:3:
> drivers/scsi/scsi_devinfo.c: In function 'scsi_dev_info_list_add_str':
> >> include/linux/printk.h:434:44: warning: '%s' directive argument is null [-Wformat-overflow=]
> 434 | #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
> | ^
> include/linux/printk.h:430:3: note: in definition of macro 'printk_index_wrap'
> 430 | _p_func(_fmt, ##__VA_ARGS__); \
> | ^~~~~~~
> drivers/scsi/scsi_devinfo.c:551:4: note: in expansion of macro 'printk'
> 551 | printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
> | ^~~~~~
> drivers/scsi/scsi_devinfo.c:552:14: note: format string is defined here
> 552 | " '%s'\n", __func__, vendor, model,
> | ^~
> </warning>
>
> Do not rely on the kernel specific behavior and print the message a safe way.
>
> Reported-by: kernel test robot <[email protected]>
> Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
> Signed-off-by: Petr Mladek <[email protected]>
> ---
> Note: The patch is only compile tested.
>
> drivers/scsi/scsi_devinfo.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
> index 3fcaf10a9dfe..ba7237e83863 100644
> --- a/drivers/scsi/scsi_devinfo.c
> +++ b/drivers/scsi/scsi_devinfo.c
> @@ -551,9 +551,9 @@ static int scsi_dev_info_list_add_str(char *dev_list)
> if (model)
> strflags = strsep(&next, next_check);
> if (!model || !strflags) {
> - printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
> - " '%s'\n", __func__, vendor, model,
> - strflags);
> + pr_err("%s: bad dev info string '%s' '%s' '%s'\n",
> + __func__, vendor, model ? model : "",
> + strflags ? strflags : "");
Do we really want to make this change?
The kernel's vsprintf() implementation has supported NULL pointers
since forever, and lots of code relies on that behavior.
Perhaps this warning can be disabled instead?
> res = -EINVAL;
> } else
> res = scsi_dev_info_list_add(0 /* compatible */, vendor,
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68korg
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
On Fri 2024-01-12 10:22:44, Geert Uytterhoeven wrote:
> Hi Petr,
>
> On Thu, Jan 11, 2024 at 5:26 PM Petr Mladek <[email protected]> wrote:
> > Both "model" and "strflags" are passed to "%s" even when one or both
> > are NULL.
> >
> > It is safe because vsprintf() would detect the NULL pointer and print
> > "(null)". But it is a kernel-specific feature and compiler warns
> > about it:
> >
> > <warning>
> > In file included from include/linux/kernel.h:19,
> > from arch/x86/include/asm/percpu.h:27,
> > from arch/x86/include/asm/current.h:6,
> > from include/linux/sched.h:12,
> > from include/linux/blkdev.h:5,
> > from drivers/scsi/scsi_devinfo.c:3:
> > drivers/scsi/scsi_devinfo.c: In function 'scsi_dev_info_list_add_str':
> > >> include/linux/printk.h:434:44: warning: '%s' directive argument is null [-Wformat-overflow=]
> > 434 | #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
> > | ^
> > include/linux/printk.h:430:3: note: in definition of macro 'printk_index_wrap'
> > 430 | _p_func(_fmt, ##__VA_ARGS__); \
> > | ^~~~~~~
> > drivers/scsi/scsi_devinfo.c:551:4: note: in expansion of macro 'printk'
> > 551 | printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
> > | ^~~~~~
> > drivers/scsi/scsi_devinfo.c:552:14: note: format string is defined here
> > 552 | " '%s'\n", __func__, vendor, model,
> > | ^~
> > </warning>
> >
> > Do not rely on the kernel specific behavior and print the message
> > a safe way.
> >
> > Reported-by: kernel test robot <[email protected]>
> > Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
> > Signed-off-by: Petr Mladek <[email protected]>
> > ---
> > Note: The patch is only compile tested.
> >
> > drivers/scsi/scsi_devinfo.c | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
> > index 3fcaf10a9dfe..ba7237e83863 100644
> > --- a/drivers/scsi/scsi_devinfo.c
> > +++ b/drivers/scsi/scsi_devinfo.c
> > @@ -551,9 +551,9 @@ static int scsi_dev_info_list_add_str(char *dev_list)
> > if (model)
> > strflags = strsep(&next, next_check);
> > if (!model || !strflags) {
> > - printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
> > - " '%s'\n", __func__, vendor, model,
> > - strflags);
> > + pr_err("%s: bad dev info string '%s' '%s' '%s'\n",
> > + __func__, vendor, model ? model : "",
> > + strflags ? strflags : "");
>
> Do we really want to make this change?
> The kernel's vsprintf() implementation has supported NULL pointers
> since forever, and lots of code relies on that behavior.
Yeah, it was safe even in the first git commit. And it was probably
safe long before.
Well, I can't find easily how much code relies on this. I would
personally do not rely on it when writing new code.
> Perhaps this warning can be disabled instead?
IMHO, it is not a good idea to disable the warning. I believe that it
checks also other scenarios and can find real problems.
Also I think that compilers are getting more and more "clever".
So keeping the "suspicious" code might be fighting with windmills.
Best Regards,
Petr
Hi Petr,
On Fri, Jan 12, 2024 at 12:27 PM Petr Mladek <[email protected]> wrote:
> On Fri 2024-01-12 10:22:44, Geert Uytterhoeven wrote:
> > On Thu, Jan 11, 2024 at 5:26 PM Petr Mladek <[email protected]> wrote:
> > > Both "model" and "strflags" are passed to "%s" even when one or both
> > > are NULL.
> > >
> > > It is safe because vsprintf() would detect the NULL pointer and print
> > > "(null)". But it is a kernel-specific feature and compiler warns
> > > about it:
> > >
> > > <warning>
> > > In file included from include/linux/kernel.h:19,
> > > from arch/x86/include/asm/percpu.h:27,
> > > from arch/x86/include/asm/current.h:6,
> > > from include/linux/sched.h:12,
> > > from include/linux/blkdev.h:5,
> > > from drivers/scsi/scsi_devinfo.c:3:
> > > drivers/scsi/scsi_devinfo.c: In function 'scsi_dev_info_list_add_str':
> > > >> include/linux/printk.h:434:44: warning: '%s' directive argument is null [-Wformat-overflow=]
> > > 434 | #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
> > > | ^
> > > include/linux/printk.h:430:3: note: in definition of macro 'printk_index_wrap'
> > > 430 | _p_func(_fmt, ##__VA_ARGS__); \
> > > | ^~~~~~~
> > > drivers/scsi/scsi_devinfo.c:551:4: note: in expansion of macro 'printk'
> > > 551 | printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
> > > | ^~~~~~
> > > drivers/scsi/scsi_devinfo.c:552:14: note: format string is defined here
> > > 552 | " '%s'\n", __func__, vendor, model,
> > > | ^~
> > > </warning>
> > >
> > > Do not rely on the kernel specific behavior and print the message
> > > a safe way.
> > >
> > > Reported-by: kernel test robot <[email protected]>
> > > Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
> > > Signed-off-by: Petr Mladek <[email protected]>
> > > ---
> > > Note: The patch is only compile tested.
> > >
> > > drivers/scsi/scsi_devinfo.c | 6 +++---
> > > 1 file changed, 3 insertions(+), 3 deletions(-)
> > >
> > > diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
> > > index 3fcaf10a9dfe..ba7237e83863 100644
> > > --- a/drivers/scsi/scsi_devinfo.c
> > > +++ b/drivers/scsi/scsi_devinfo.c
> > > @@ -551,9 +551,9 @@ static int scsi_dev_info_list_add_str(char *dev_list)
> > > if (model)
> > > strflags = strsep(&next, next_check);
> > > if (!model || !strflags) {
> > > - printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
> > > - " '%s'\n", __func__, vendor, model,
> > > - strflags);
> > > + pr_err("%s: bad dev info string '%s' '%s' '%s'\n",
> > > + __func__, vendor, model ? model : "",
> > > + strflags ? strflags : "");
> >
> > Do we really want to make this change?
> > The kernel's vsprintf() implementation has supported NULL pointers
> > since forever, and lots of code relies on that behavior.
>
> Yeah, it was safe even in the first git commit. And it was probably
> safe long before.
>
> Well, I can't find easily how much code relies on this. I would
> personally do not rely on it when writing new code.
Lots of debug code relies on this when printing string pointers.
It doesn't warn because the compiler cannot prove (yet) that such a
pointer can be NULL...
> > Perhaps this warning can be disabled instead?
>
> IMHO, it is not a good idea to disable the warning. I believe that it
> checks also other scenarios and can find real problems.
True.
> Also I think that compilers are getting more and more "clever".
> So keeping the "suspicious" code might be fighting with windmills.
Also true, unfortunately.
So one day the whole "if (!model || !strflags) { ... }" block might
be optimized away, when the compiler decides that NULL pointers are
Undefined Behavior, and thus this cannot happen.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68korg
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
Petr Mladek writes:
>Both "model" and "strflags" are passed to "%s" even when one or both
>are NULL.
>
>It is safe because vsprintf() would detect the NULL pointer and print
>"(null)". But it is a kernel-specific feature and compiler warns
>about it:
>
><warning>
> In file included from include/linux/kernel.h:19,
> from arch/x86/include/asm/percpu.h:27,
> from arch/x86/include/asm/current.h:6,
> from include/linux/sched.h:12,
> from include/linux/blkdev.h:5,
> from drivers/scsi/scsi_devinfo.c:3:
> drivers/scsi/scsi_devinfo.c: In function 'scsi_dev_info_list_add_str':
>>> include/linux/printk.h:434:44: warning: '%s' directive argument is null [-Wformat-overflow=]
> 434 | #define printk(fmt, ...) printk_index_wrap(_printk, fmt, ##__VA_ARGS__)
> | ^
> include/linux/printk.h:430:3: note: in definition of macro 'printk_index_wrap'
> 430 | _p_func(_fmt, ##__VA_ARGS__); \
> | ^~~~~~~
> drivers/scsi/scsi_devinfo.c:551:4: note: in expansion of macro 'printk'
> 551 | printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
> | ^~~~~~
> drivers/scsi/scsi_devinfo.c:552:14: note: format string is defined here
> 552 | " '%s'\n", __func__, vendor, model,
> | ^~
></warning>
>
>Do not rely on the kernel specific behavior and print the message a safe way.
Acked-by: Chris Down <[email protected]>
While I agree with the other thread that in reality this is ok, it's worth
reducing the addition to LKP noise for now and worrying about that later.
Thanks!
>
>Reported-by: kernel test robot <[email protected]>
>Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
>Signed-off-by: Petr Mladek <[email protected]>
>---
>Note: The patch is only compile tested.
>
> drivers/scsi/scsi_devinfo.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
>diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c
>index 3fcaf10a9dfe..ba7237e83863 100644
>--- a/drivers/scsi/scsi_devinfo.c
>+++ b/drivers/scsi/scsi_devinfo.c
>@@ -551,9 +551,9 @@ static int scsi_dev_info_list_add_str(char *dev_list)
> if (model)
> strflags = strsep(&next, next_check);
> if (!model || !strflags) {
>- printk(KERN_ERR "%s: bad dev info string '%s' '%s'"
>- " '%s'\n", __func__, vendor, model,
>- strflags);
>+ pr_err("%s: bad dev info string '%s' '%s' '%s'\n",
>+ __func__, vendor, model ? model : "",
>+ strflags ? strflags : "");
> res = -EINVAL;
> } else
> res = scsi_dev_info_list_add(0 /* compatible */, vendor,
>--
>2.43.0
>
On Thu, 11 Jan 2024 17:24:19 +0100, Petr Mladek wrote:
> Both "model" and "strflags" are passed to "%s" even when one or both
> are NULL.
>
> It is safe because vsprintf() would detect the NULL pointer and print
> "(null)". But it is a kernel-specific feature and compiler warns
> about it:
>
> [...]
Applied to 6.9/scsi-queue, thanks!
[1/1] scsi: core: Safe warning about bad dev info string
https://git.kernel.org/mkp/scsi/c/796cae1a79b1
--
Martin K. Petersen Oracle Linux Engineering