Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp421126ybi; Sat, 15 Jun 2019 04:00:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqwlIyz+dSf/cXVGICu5oikE/pxjf1b7vETPfbaD/ZZtOVTtTfzCNCVsmYRoTRdW3OvkQAPN X-Received: by 2002:a17:90a:be0a:: with SMTP id a10mr14905354pjs.112.1560596411377; Sat, 15 Jun 2019 04:00:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560596411; cv=none; d=google.com; s=arc-20160816; b=P3L67AevDtwNHWkICnpmvPwLb7T30mWiursGWjEc1xnHS1RpRxugOuKK79vqE+Z0rJ p5n/bzV3qcrbFqkOsyqsaNK9L/jfXgFu7qcZPJryyvHQ63k8t18rLc2TtK9ibWJY+8bs cvpgc8TuXQ4EtTkie2alHEUsJajGMKAbBI9KabnP+wnBjADLUnoUqLzA7w0D/dl/C/8D RhDUgQHorYz9UrKOjlLbeMH6dZpqEoNHLnqiVxNUvp1BKqXMAfIAfFqrFHnAzvZJOoAL +tzPHFBCaifXlgmexGvm8XaFGR9fGtybhRbMkN5SVpKRpNqWPs9FvLyA1soEnvOLu5sI 2fGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=CavVfeglnep2Akp3AOI6hI3lEk0KjgD4115QjbZeFeg=; b=VctUzvP950FJelGFiG9AYmWDFNa4p5JN004/9R/UHlUWZNIwphD94OO9pRQSE34550 0nlm8CdOoFTIJF07J+n9pCV/fWTEFcKGh3PP6hxtbi/jUtOlkqny5IQzMjPc6zKDpRqL 7gu9JkL0ximi+Sl601IEfTmQ2TsM1lCkbBhT2/i44p9b+fqUcnfySQB07VuRHvTWLK5c hlvMDgaUw/Hl57XdKkboDuljc0HA6BTJdpCT+3x+Dule9IgkGCBqGlUsu+zInyEh9TFV j3PaQ17AUyZvZ8eMHFAk0oEwCrgK/HwdJv7SdMwwYdSMmq9JalwZGMCbt5Quvm8ZxGZL 9Q5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="kcPx/2Ip"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c21si4487123plo.308.2019.06.15.03.59.56; Sat, 15 Jun 2019 04:00:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="kcPx/2Ip"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726770AbfFOK6k (ORCPT + 99 others); Sat, 15 Jun 2019 06:58:40 -0400 Received: from mail.kernel.org ([198.145.29.99]:38710 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726490AbfFOK6j (ORCPT ); Sat, 15 Jun 2019 06:58:39 -0400 Received: from tleilax.poochiereds.net (cpe-71-70-156-158.nc.res.rr.com [71.70.156.158]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F07902080C; Sat, 15 Jun 2019 10:58:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1560596318; bh=jjNGpVJK6T1V4tUmRnqiTn9190qxVQSmFKFUBsW8I+A=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=kcPx/2IppLsWyqCQBvIiX2fpQlPaPfLU/hZ2HJsBQDIAUw0o9eJvNOnCq9qcC8kam C6mS1+szYmx2Of+cuiaFYyjwQg8/ENQU+uRhsOD4YzSrOJhhK3IBwt0vlSXiXBAc5j hG0dhAIwN6ZLdwvu6AXT3GcbquzwxVMwkEeUy0oY= Message-ID: Subject: Re: [PATCH 1/3] lib/vsprintf: add snprintf_noterm From: Jeff Layton To: "Yan, Zheng" Cc: Linux Kernel Mailing List , ceph-devel , Andrew Morton , Ilya Dryomov , Zheng Yan , Sage Weil , agruenba@redhat.com Date: Sat, 15 Jun 2019 06:58:36 -0400 In-Reply-To: References: <20190614134625.6870-1-jlayton@kernel.org> <20190614134625.6870-2-jlayton@kernel.org> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.32.2 (3.32.2-1.fc30) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 2019-06-15 at 10:41 +0800, Yan, Zheng wrote: > On Fri, Jun 14, 2019 at 9:48 PM Jeff Layton wrote: > > The getxattr interface returns a length after filling out the value > > buffer, and the convention with xattrs is to not NULL terminate string > > data. > > > > CephFS implements some virtual xattrs by using snprintf to fill the > > buffer, but that always NULL terminates the string. If userland sends > > down a buffer that is just the right length to hold the text without > > termination then we end up truncating the value. > > > > Factor the formatting piece of vsnprintf into a separate helper > > function, and have vsnprintf call that and then do the NULL termination > > afterward. Then add a snprintf_noterm function that calls the new helper > > to populate the string but skips the termination. > > > > Signed-off-by: Jeff Layton > > --- > > include/linux/kernel.h | 2 + > > lib/vsprintf.c | 145 ++++++++++++++++++++++++++++------------- > > 2 files changed, 103 insertions(+), 44 deletions(-) > > > > diff --git a/include/linux/kernel.h b/include/linux/kernel.h > > index 2d14e21c16c0..2f305a347482 100644 > > --- a/include/linux/kernel.h > > +++ b/include/linux/kernel.h > > @@ -462,6 +462,8 @@ extern int num_to_str(char *buf, int size, > > extern __printf(2, 3) int sprintf(char *buf, const char * fmt, ...); > > extern __printf(2, 0) int vsprintf(char *buf, const char *, va_list); > > extern __printf(3, 4) > > +int snprintf_noterm(char *buf, size_t size, const char *fmt, ...); > > +extern __printf(3, 4) > > int snprintf(char *buf, size_t size, const char *fmt, ...); > > extern __printf(3, 0) > > int vsnprintf(char *buf, size_t size, const char *fmt, va_list args); > > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > > index 791b6fa36905..ad5f4990eda3 100644 > > --- a/lib/vsprintf.c > > +++ b/lib/vsprintf.c > > @@ -2296,53 +2296,24 @@ set_precision(struct printf_spec *spec, int prec) > > } > > > > /** > > - * vsnprintf - Format a string and place it in a buffer > > + * vsnprintf_noterm - Format a string and place it in a buffer without NULL > > + * terminating it > > * @buf: The buffer to place the result into > > - * @size: The size of the buffer, including the trailing null space > > + * @end: The end of the buffer > > * @fmt: The format string to use > > * @args: Arguments for the format string > > * > > - * This function generally follows C99 vsnprintf, but has some > > - * extensions and a few limitations: > > - * > > - * - ``%n`` is unsupported > > - * - ``%p*`` is handled by pointer() > > - * > > - * See pointer() or Documentation/core-api/printk-formats.rst for more > > - * extensive description. > > - * > > - * **Please update the documentation in both places when making changes** > > - * > > - * The return value is the number of characters which would > > - * be generated for the given input, excluding the trailing > > - * '\0', as per ISO C99. If you want to have the exact > > - * number of characters written into @buf as return value > > - * (not including the trailing '\0'), use vscnprintf(). If the > > - * return is greater than or equal to @size, the resulting > > - * string is truncated. > > - * > > - * If you're not already dealing with a va_list consider using snprintf(). > > + * See the documentation over vsnprintf. This function does NOT add any NULL > > + * termination to the buffer. The caller must do that if necessary. > > */ > > -int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) > > +static int vsnprintf_noterm(char *buf, char *end, const char *fmt, > > + va_list args) > > { > > unsigned long long num; > > - char *str, *end; > > + char *str; > > struct printf_spec spec = {0}; > > > > - /* Reject out-of-range values early. Large positive sizes are > > - used for unknown buffer sizes. */ > > - if (WARN_ON_ONCE(size > INT_MAX)) > > - return 0; > > - > > str = buf; > > - end = buf + size; > > - > > - /* Make sure end is always >= buf */ > > - if (end < buf) { > > - end = ((void *)-1); > > - size = end - buf; > > - } > > - > > while (*fmt) { > > const char *old_fmt = fmt; > > int read = format_decode(fmt, &spec); > > @@ -2462,18 +2433,69 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) > > str = number(str, end, num, spec); > > } > > } > > - > > out: > > + /* the trailing null byte doesn't count towards the total */ > > + return str-buf; > > +} > > +EXPORT_SYMBOL(vsnprintf_noterm); > > export static function? > Good catch! I had originally had this function as an exported helper, but made it static because there were no callers. Will fix. > > + > > +/** > > + * vsnprintf - Format a string and place it in a buffer > > + * @buf: The buffer to place the result into > > + * @size: The size of the buffer, including the trailing null space > > + * @fmt: The format string to use > > + * @args: Arguments for the format string > > + * > > + * This function generally follows C99 vsnprintf, but has some > > + * extensions and a few limitations: > > + * > > + * - ``%n`` is unsupported > > + * - ``%p*`` is handled by pointer() > > + * > > + * See pointer() or Documentation/core-api/printk-formats.rst for more > > + * extensive description. > > + * > > + * **Please update the documentation in both places when making changes** > > + * > > + * The return value is the number of characters which would > > + * be generated for the given input, excluding the trailing > > + * '\0', as per ISO C99. If you want to have the exact > > + * number of characters written into @buf as return value > > + * (not including the trailing '\0'), use vscnprintf(). If the > > + * return is greater than or equal to @size, the resulting > > + * string is truncated. > > + * > > + * If you're not already dealing with a va_list consider using snprintf(). > > + */ > > +int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) > > +{ > > + int ret; > > + char *end; > > + > > + /* Reject out-of-range values early. Large positive sizes are > > + used for unknown buffer sizes. */ > > + if (WARN_ON_ONCE(size > INT_MAX)) > > + return 0; > > + > > + end = buf + size; > > + > > + /* Make sure end is always >= buf */ > > + if (end < buf) { > > + end = ((void *)-1); > > + size = end - buf; > > + } > > + > > + ret = vsnprintf_noterm(buf, end, fmt, args); > > + > > + /* NULL terminate the result */ > > if (size > 0) { > > - if (str < end) > > - *str = '\0'; > > + if (ret < size) > > + buf[ret] = '\0'; > > else > > - end[-1] = '\0'; > > + buf[size - 1] = '\0'; > > } > > > > - /* the trailing null byte doesn't count towards the total */ > > - return str-buf; > > - > > + return ret; > > } > > EXPORT_SYMBOL(vsnprintf); > > > > @@ -2506,6 +2528,41 @@ int vscnprintf(char *buf, size_t size, const char *fmt, va_list args) > > } > > EXPORT_SYMBOL(vscnprintf); > > > > +/** > > + * snprintf_noterm - Format a string and place it in a buffer > > + * @buf: The buffer to place the result into > > + * @size: The size of the buffer, including the trailing null space > > + * @fmt: The format string to use > > + * @...: Arguments for the format string > > + * > > + * Same as snprintf, but don't NULL terminate the result. > > + */ > > +int snprintf_noterm(char *buf, size_t size, const char *fmt, ...) > > +{ > > + va_list args; > > + int ret; > > + char *end; > > + > > + /* Reject out-of-range values early. Large positive sizes are > > + used for unknown buffer sizes. */ > > + if (WARN_ON_ONCE(size > INT_MAX)) > > + return 0; > > + > > + /* Make sure end is always >= buf */ > > + end = buf + size; > > + if (end < buf) { > > + end = ((void *)-1); > > + size = end - buf; > > + } > > + > > + va_start(args, fmt); > > + ret = vsnprintf_noterm(buf, end, fmt, args); > > + va_end(args); > > + > > + return ret; > > +} > > +EXPORT_SYMBOL(snprintf_noterm); > > + > > /** > > * snprintf - Format a string and place it in a buffer > > * @buf: The buffer to place the result into > > -- > > 2.21.0 > > -- Jeff Layton