Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <8fa904e1-f94f-9f7a-fe1b-fcb6ada6b321@gmail.com>
Date:   Thu, 9 Jun 2022 13:53:45 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.10.0
Subject: Re: [PATCH v3 02/33] lib/string_helpers: Convert string_escape_mem()
 to printbuf
Content-Language: en-US
To:     Petr Mladek <pmladek@suse.com>
Cc:     linux-kernel@vger.kernel.org, rostedt@goodmis.org
References: <20220604193042.1674951-1-kent.overstreet@gmail.com>
 <20220604193042.1674951-3-kent.overstreet@gmail.com> <YqIC4AWW0bF7nOGu@alley>
From:   Kent Overstreet <kent.overstreet@gmail.com>
In-Reply-To: <YqIC4AWW0bF7nOGu@alley>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Precedence: bulk

On 6/9/22 10:25, Petr Mladek wrote:
> On Sat 2022-06-04 15:30:11, Kent Overstreet wrote:
>> Like the upcoming vsprintf.c conversion, this converts string_escape_mem
>> to prt_escaped_string(), which uses and outputs to a printbuf, and makes
>> string_escape_mem() a smaller wrapper to support existing users.
>>
>> The new printbuf helpers greatly simplify the code.
>>
>> --- a/lib/string_helpers.c
>> +++ b/lib/string_helpers.c
>> @@ -15,6 +15,7 @@
>>   #include <linux/fs.h>
>>   #include <linux/limits.h>
>>   #include <linux/mm.h>
>> +#include <linux/printbuf.h>
>>   #include <linux/slab.h>
>>   #include <linux/string.h>
>>   #include <linux/string_helpers.h>
>> @@ -301,19 +302,14 @@ int string_unescape(char *src, char *dst, size_t size, unsigned int flags)
>>   }
>>   EXPORT_SYMBOL(string_unescape);
>>   
>> -static bool escape_passthrough(unsigned char c, char **dst, char *end)
>> +static bool escape_passthrough(struct printbuf *out, unsigned char c)
>>   {
>> -	char *out = *dst;
>> -
>> -	if (out < end)
>> -		*out = c;
>> -	*dst = out + 1;
>> +	prt_char(out, c);
> 
> This modifies the behavior. The original code did not add
> the trailing '\0'.
> 
> I agree that the original behavior is ugly but it is documented
> see the comment:
> 
>   * Return:
>   * The total size of the escaped output that would be generated for
>   * the given input and flags. To check whether the output was
>   * truncated, compare the return value to osz. There is room left in
>   * dst for a '\0' terminator if and only if ret < osz.
>                               ^^^^^^^^^^^^^^
> 
> 
> I am all for changing the behavior but it would require checking
> all callers.
> 
> Anyway, adding the trailing '\0' all is not much effective.
> I suggest to use __prt_char() and add the trailing '\0' when
> the string is complete.
> 
> We must make sure that __prt_char() is able to add the last
> character even when there will not longer be space for
> the trailing '\0'.

You really think there's going to be code depending on an _absence_ of a 
trailing nul? I should've updated the comment (I missed that originally, 
doing it now) - but this seems excessively nitpicky.

And I'm looking at the callers now:
  - seq_file, which doesn't commit the results if it overflowed the buffer
  - net/sunrpc/cache.c, which also appears to turn an overflow into an error

and that's it, aside from test cases.

The nul termination is an explicit thing: as I convert to printbuf, I 
don't want functions that output to printbufs returning printbufs that 
aren't nul terminated unless explicitly documented - and there's no 
reason to be doing this except for a few fast path helpers.

> 
>> +int string_escape_mem(const char *src, size_t isz, char *dst, size_t osz,
>> +		      unsigned int flags, const char *only)
> 
> We need keep the comment above this API as long as it is public.

Will do.