On Sun, 22 Nov 2020, Joe Perches wrote:
> On Sun, 2020-11-22 at 08:49 -0800, James Bottomley wrote:
> > We can enforce sysfs_emit going forwards
> > using tools like checkpatch
>
> It's not really possible for checkpatch to find or warn about
> sysfs uses of sprintf. checkpatch is really just a trivial
> line-by-line parser and it has no concept of code intent.
>
Checkpatch does suffer from the limitations of regular expressions. But
that doesn't stop people from using it. Besides, Coccinelle can do
analyses that can't be done with regular expressions, so it's moot.
> It just can't warn on every use of the sprintf family.
> There are just too many perfectly valid uses.
>
> > but there's no benefit and a lot of harm to
> > be done by trying to churn the entire tree
>
> Single uses of sprintf for sysfs is not really any problem.
>
> But likely there are still several possible overrun sprintf/snprintf
> paths in sysfs. Some of them are very obscure and unlikely to be
> found by a robot as the logic for sysfs buf uses can be fairly twisty.
>
Logic errors of this kind are susceptible to fuzzing, formal methods,
symbolic execution etc. No doubt there are other techniques that I don't
know about.
> But provably correct conversions IMO _should_ be done and IMO churn
> considerations should generally have less importance.
>
Provably equivalent conversions are provably churn. So apparently you're
advocating changes that are not provably equivalent.
These are patches for code not that's not been shown to be buggy. Code
which, after patching, can be shown to be free of a specific kind of
theoretical bug. Hardly "provably correct".
The problem is, the class of theoretical bugs that can be avoided in this
way is probably limitless, as is the review cost and the risk of
accidental regressions. And the payoff is entirely theoretical.
Moreover, the patch review workload for skilled humans is being generated
by the automation, which is completely backwards: the machine is supposed
to be helping.