2021-05-28 12:31:23

by Justin He

[permalink] [raw]
Subject: [PATCH RFCv2 0/3] make '%pD' print full path for file

Background
==========
Linus suggested printing full path for file instead of printing
the components as '%pd'.

Typically, there is no need for printk specifiers to take any real locks
(ie mount_lock or rename_lock). So I introduce a new helper d_path_fast
which is similar to d_path except it doesn't take any seqlock/spinlock.

This series is based on Al Viro's d_path cleanup patches [1] which
lifted the inner lockless loop into a new helper.

[1] https://lkml.org/lkml/2021/5/18/1260

Test
====
The cases I tested:
1. print '%pD' with full path of ext4 file
2. mount a ext4 filesystem upon a ext4 filesystem, and print the file
with '%pD'
3. print file path which has more than 256 chars,"-ENAMETOOLONG" will
be returned
4. print file path with '%32pD'
5. all test_print selftests

After this set, I found many lines containing '%pD[234]' should be changed
to '%pD'. I don't want to involve those subsystems in this patch series
before the helper is stable enough.

You can get the lines by:
$find fs/ -name \*.[ch] | xargs grep -rn "\%pD[234"

fs/overlayfs/file.c:65: pr_debug("open(%p[%pD2/%c], 0%o) -> (%p, 0%o)\n",
fs/nfs/direct.c:453: dfprintk(FILE, "NFS: direct read(%pD2, %[email protected]%Ld)\n",
fs/nfs/direct.c:908: dfprintk(FILE, "NFS: direct write(%pD2, %[email protected]%Ld)\n",
fs/nfs/write.c:1371: dprintk("NFS: nfs_updatepage(%pD2 %[email protected]%lld)\n",
fs/nfs/nfs4file.c:116: dprintk("NFS: flush(%pD2)\n", file);
fs/nfs/file.c:69: dprintk("NFS: open file(%pD2)\n", filp);
fs/nfs/file.c:83: dprintk("NFS: release(%pD2)\n", filp);
fs/nfs/file.c:117: dprintk("NFS: llseek file(%pD2, %lld, %d)\n",
fs/nfs/file.c:145: dprintk("NFS: flush(%pD2)\n", file);
fs/nfs/file.c:166: dprintk("NFS: read(%pD2, %[email protected]%lu)\n",
fs/nfs/file.c:188: dprintk("NFS: mmap(%pD2)\n", file);
fs/nfs/file.c:213: dprintk("NFS: fsync file(%pD2) datasync %d\n", file, datasync);
fs/nfs/file.c:328: dfprintk(PAGECACHE, "NFS: write_begin(%pD2(%lu), %[email protected]%lld)\n",
fs/nfs/file.c:360: dfprintk(PAGECACHE, "NFS: write_end(%pD2(%lu), %[email protected]%lld)\n",
fs/nfs/file.c:551: dfprintk(PAGECACHE, "NFS: vm_page_mkwrite(%pD2(%lu), offset %lld)\n",
fs/nfs/file.c:621: dprintk("NFS: write(%pD2, %[email protected]%Ld)\n",
fs/nfs/file.c:803: dprintk("NFS: lock(%pD2, t=%x, fl=%x, r=%lld:%lld)\n",
fs/nfs/file.c:841: dprintk("NFS: flock(%pD2, t=%x, fl=%x)\n",
fs/nfs/dir.c:111: dfprintk(FILE, "NFS: open dir(%pD2)\n", filp);
fs/nfs/dir.c:456: pr_notice("NFS: directory %pD2 contains a readdir loop."
fs/nfs/dir.c:1084: dfprintk(FILE, "NFS: readdir(%pD2) starting at cookie %llu\n",
fs/nfs/dir.c:1158: dfprintk(FILE, "NFS: readdir(%pD2) returns %d\n", file, res);
fs/nfs/dir.c:1166: dfprintk(FILE, "NFS: llseek dir(%pD2, %lld, %d)\n",
fs/nfs/dir.c:1208: dfprintk(FILE, "NFS: fsync dir(%pD2) datasync %d\n", filp, datasync);
fs/nfsd/nfs4state.c:2439: seq_printf(s, "filename: \"%pD2\"", f->nf_file);
fs/exec.c:817: pr_warn_once("process '%pD4' started with executable stack\n",
fs/iomap/direct-io.c:429: pr_warn_ratelimited("Direct I/O collision with buffered writes! File: %pD4 Comm: %.20s\n",
fs/ioctl.c:81: pr_warn_ratelimited("[%s/%d] FS: %s File: %pD4 would truncate fibmap result\n",
fs/read_write.c:425: "kernel %s not supported for file %pD4 (pid: %d comm: %.20s)\n",
fs/splice.c:754: "splice %s not supported for file %pD4 (pid: %d comm: %.20s)\n",
fs/afs/mntpt.c:64: _enter("%p,%p{%pD2}", inode, file, file);

Changelog:
v2:
- implement new d_path_fast based on Al Viro's patches
- add check_pointer check (by Petr)
- change the max full path size to 256 in stack space
v1: https://lkml.org/lkml/2021/5/8/122

Jia He (3):
fs: introduce helper d_path_fast()
lib/vsprintf.c: make %pD print full path for file
s390/hmcdrv: remove the redundant directory path in debug message

Documentation/core-api/printk-formats.rst | 5 +++--
drivers/s390/char/hmcdrv_dev.c | 10 +++++-----
fs/d_path.c | 21 +++++++++++++++++++++
include/linux/dcache.h | 1 +
lib/vsprintf.c | 21 +++++++++++++++++----
5 files changed, 47 insertions(+), 11 deletions(-)

--
2.17.1


2021-05-28 12:32:23

by Justin He

[permalink] [raw]
Subject: [PATCH RFCv2 1/3] fs: introduce helper d_path_fast()

This helper is similar to d_path except that it doesn't take any
seqlock/spinlock. It is typical for debugging purpose.

Signed-off-by: Jia He <[email protected]>
---
fs/d_path.c | 21 +++++++++++++++++++++
include/linux/dcache.h | 1 +
2 files changed, 22 insertions(+)

diff --git a/fs/d_path.c b/fs/d_path.c
index 23a53f7b5c71..f9df68d62786 100644
--- a/fs/d_path.c
+++ b/fs/d_path.c
@@ -263,6 +263,27 @@ char *d_path(const struct path *path, char *buf, int buflen)
}
EXPORT_SYMBOL(d_path);

+/**
+ * d_path_fast - fast return the full path of a dentry without taking
+ * any seqlock/spinlock. This helper is typical for debugging purpose
+ */
+char *d_path_fast(const struct path *path, char *buf, int buflen)
+{
+ struct path root;
+ struct mount *mnt = real_mount(path->mnt);
+ DECLARE_BUFFER(b, buf, buflen);
+
+ rcu_read_lock();
+ get_fs_root_rcu(current->fs, &root);
+
+ prepend(&b, "", 1);
+ __prepend_path(path->dentry, mnt, &root, &b);
+ rcu_read_unlock();
+
+ return extract_string(&b);
+}
+EXPORT_SYMBOL(d_path_fast);
+
/*
* Helper function for dentry_operations.d_dname() members
*/
diff --git a/include/linux/dcache.h b/include/linux/dcache.h
index 9e23d33bb6f1..c4483fc887a5 100644
--- a/include/linux/dcache.h
+++ b/include/linux/dcache.h
@@ -301,6 +301,7 @@ char *dynamic_dname(struct dentry *, char *, int, const char *, ...);
extern char *__d_path(const struct path *, const struct path *, char *, int);
extern char *d_absolute_path(const struct path *, char *, int);
extern char *d_path(const struct path *, char *, int);
+extern char *d_path_fast(const struct path *, char *, int);
extern char *dentry_path_raw(const struct dentry *, char *, int);
extern char *dentry_path(const struct dentry *, char *, int);

--
2.17.1

2021-05-28 12:33:02

by Justin He

[permalink] [raw]
Subject: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

We have '%pD' for printing a filename. It may not be perfect (by
default it only prints one component.)

As suggested by Linus at [1]:
A dentry has a parent, but at the same time, a dentry really does
inherently have "one name" (and given just the dentry pointers, you
can't show mount-related parenthood, so in many ways the "show just
one name" makes sense for "%pd" in ways it doesn't necessarily for
"%pD"). But while a dentry arguably has that "one primary component",
a _file_ is certainly not exclusively about that last component.

Hence "file_dentry_name()" simply shouldn't use "dentry_name()" at all.
Despite that shared code origin, and despite that similar letter
choice (lower-vs-upper case), a dentry and a file really are very
different from a name standpoint.

Here stack space is preferred for file_d_path_name() because it is
much safer. The stack size 256 is a compromise between stack overflow
and too short full path.

[1] https://lore.kernel.org/lkml/[email protected]om/

Suggested-by: Linus Torvalds <[email protected]>
Signed-off-by: Jia He <[email protected]>
---
Documentation/core-api/printk-formats.rst | 5 +++--
lib/vsprintf.c | 21 +++++++++++++++++----
2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/Documentation/core-api/printk-formats.rst b/Documentation/core-api/printk-formats.rst
index f063a384c7c8..95ba14dc529b 100644
--- a/Documentation/core-api/printk-formats.rst
+++ b/Documentation/core-api/printk-formats.rst
@@ -408,12 +408,13 @@ dentry names
::

%pd{,2,3,4}
- %pD{,2,3,4}
+ %pD

For printing dentry name; if we race with :c:func:`d_move`, the name might
be a mix of old and new ones, but it won't oops. %pd dentry is a safer
equivalent of %s dentry->d_name.name we used to use, %pd<n> prints ``n``
-last components. %pD does the same thing for struct file.
+last components. %pD prints full file path together with mount-related
+parenthood.

Passed by reference.

diff --git a/lib/vsprintf.c b/lib/vsprintf.c
index f0c35d9b65bf..2e5387b08d67 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -27,6 +27,7 @@
#include <linux/string.h>
#include <linux/ctype.h>
#include <linux/kernel.h>
+#include <linux/dcache.h>
#include <linux/kallsyms.h>
#include <linux/math64.h>
#include <linux/uaccess.h>
@@ -920,13 +921,25 @@ char *dentry_name(char *buf, char *end, const struct dentry *d, struct printf_sp
}

static noinline_for_stack
-char *file_dentry_name(char *buf, char *end, const struct file *f,
+char *file_d_path_name(char *buf, char *end, const struct file *f,
struct printf_spec spec, const char *fmt)
{
+ const struct path *path;
+ char *p;
+ char full_path[256];
+
if (check_pointer(&buf, end, f, spec))
return buf;

- return dentry_name(buf, end, f->f_path.dentry, spec, fmt);
+ path = &f->f_path;
+ if (check_pointer(&buf, end, path, spec))
+ return buf;
+
+ p = d_path_fast(path, full_path, sizeof(full_path));
+ if (IS_ERR(p))
+ return err_ptr(buf, end, p, spec);
+
+ return string_nocheck(buf, end, p, spec);
}
#ifdef CONFIG_BLOCK
static noinline_for_stack
@@ -2296,7 +2309,7 @@ early_param("no_hash_pointers", no_hash_pointers_enable);
* - 'a[pd]' For address types [p] phys_addr_t, [d] dma_addr_t and derivatives
* (default assumed to be phys_addr_t, passed by reference)
* - 'd[234]' For a dentry name (optionally 2-4 last components)
- * - 'D[234]' Same as 'd' but for a struct file
+ * - 'D' For full path name of a struct file
* - 'g' For block_device name (gendisk + partition number)
* - 't[RT][dt][r]' For time and date as represented by:
* R struct rtc_time
@@ -2395,7 +2408,7 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
case 'C':
return clock(buf, end, ptr, spec, fmt);
case 'D':
- return file_dentry_name(buf, end, ptr, spec, fmt);
+ return file_d_path_name(buf, end, ptr, spec, fmt);
#ifdef CONFIG_BLOCK
case 'g':
return bdev_name(buf, end, ptr, spec, fmt);
--
2.17.1

2021-05-28 12:47:00

by Al Viro

[permalink] [raw]
Subject: Re: [PATCH RFCv2 1/3] fs: introduce helper d_path_fast()

On Fri, May 28, 2021 at 07:39:49PM +0800, Jia He wrote:

> +/**
> + * d_path_fast - fast return the full path of a dentry without taking
> + * any seqlock/spinlock. This helper is typical for debugging purpose
> + */
> +char *d_path_fast(const struct path *path, char *buf, int buflen)
> +{
> + struct path root;
> + struct mount *mnt = real_mount(path->mnt);
> + DECLARE_BUFFER(b, buf, buflen);
> +
> + rcu_read_lock();
> + get_fs_root_rcu(current->fs, &root);
> +
> + prepend(&b, "", 1);
> + __prepend_path(path->dentry, mnt, &root, &b);
> + rcu_read_unlock();
> +
> + return extract_string(&b);
> +}
> +EXPORT_SYMBOL(d_path_fast);

Umm... I'd suggest failing if __prepend_path() returns 3 (at least)...

2021-05-28 13:02:22

by Matthew Wilcox

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On Fri, May 28, 2021 at 07:39:50PM +0800, Jia He wrote:
> We have '%pD' for printing a filename. It may not be perfect (by
> default it only prints one component.)
>
> As suggested by Linus at [1]:
> A dentry has a parent, but at the same time, a dentry really does
> inherently have "one name" (and given just the dentry pointers, you
> can't show mount-related parenthood, so in many ways the "show just
> one name" makes sense for "%pd" in ways it doesn't necessarily for
> "%pD"). But while a dentry arguably has that "one primary component",
> a _file_ is certainly not exclusively about that last component.
>
> Hence "file_dentry_name()" simply shouldn't use "dentry_name()" at all.
> Despite that shared code origin, and despite that similar letter
> choice (lower-vs-upper case), a dentry and a file really are very
> different from a name standpoint.
>
> Here stack space is preferred for file_d_path_name() because it is
> much safer. The stack size 256 is a compromise between stack overflow
> and too short full path.

How is it "safer"? You already have a buffer passed from the caller.
Are you saying that d_path_fast() might overrun a really small buffer
but won't overrun a 256 byte buffer?

> @@ -920,13 +921,25 @@ char *dentry_name(char *buf, char *end, const struct dentry *d, struct printf_sp
> }
>
> static noinline_for_stack
> -char *file_dentry_name(char *buf, char *end, const struct file *f,
> +char *file_d_path_name(char *buf, char *end, const struct file *f,
> struct printf_spec spec, const char *fmt)
> {
> + const struct path *path;
> + char *p;
> + char full_path[256];
> +
> if (check_pointer(&buf, end, f, spec))
> return buf;
>
> - return dentry_name(buf, end, f->f_path.dentry, spec, fmt);
> + path = &f->f_path;
> + if (check_pointer(&buf, end, path, spec))
> + return buf;
> +
> + p = d_path_fast(path, full_path, sizeof(full_path));
> + if (IS_ERR(p))
> + return err_ptr(buf, end, p, spec);
> +
> + return string_nocheck(buf, end, p, spec);
> }
> #ifdef CONFIG_BLOCK
> static noinline_for_stack

2021-05-28 14:39:42

by Justin He

[permalink] [raw]
Subject: RE: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file


Hi Matthew
> -----Original Message-----
> From: Matthew Wilcox <[email protected]>
> Sent: Friday, May 28, 2021 9:00 PM
> To: Justin He <[email protected]>
> Cc: Linus Torvalds <[email protected]>; Petr Mladek
> <[email protected]>; Steven Rostedt <[email protected]>; Sergey
> Senozhatsky <[email protected]>; Andy Shevchenko
> <[email protected]>; Rasmus Villemoes
> <[email protected]>; Jonathan Corbet <[email protected]>; Alexander
> Viro <[email protected]>; Luca Coelho <[email protected]>;
> Kalle Valo <[email protected]>; David S. Miller <[email protected]>;
> Jakub Kicinski <[email protected]>; Heiko Carstens <[email protected]>;
> Vasily Gorbik <[email protected]>; Christian Borntraeger
> <[email protected]>; Johannes Berg <[email protected]>; linux-
> [email protected]; [email protected]; linux-
> [email protected]; [email protected]; linux-
> [email protected]
> Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path
> for file
>
> On Fri, May 28, 2021 at 07:39:50PM +0800, Jia He wrote:
> > We have '%pD' for printing a filename. It may not be perfect (by
> > default it only prints one component.)
> >
> > As suggested by Linus at [1]:
> > A dentry has a parent, but at the same time, a dentry really does
> > inherently have "one name" (and given just the dentry pointers, you
> > can't show mount-related parenthood, so in many ways the "show just
> > one name" makes sense for "%pd" in ways it doesn't necessarily for
> > "%pD"). But while a dentry arguably has that "one primary component",
> > a _file_ is certainly not exclusively about that last component.
> >
> > Hence "file_dentry_name()" simply shouldn't use "dentry_name()" at all.
> > Despite that shared code origin, and despite that similar letter
> > choice (lower-vs-upper case), a dentry and a file really are very
> > different from a name standpoint.
> >
> > Here stack space is preferred for file_d_path_name() because it is
> > much safer. The stack size 256 is a compromise between stack overflow
> > and too short full path.
>
> How is it "safer"? You already have a buffer passed from the caller.
> Are you saying that d_path_fast() might overrun a really small buffer
> but won't overrun a 256 byte buffer?
No, it won't overrun a 256 byte buf. When the full path size is larger than 256, the p->len is < 0 in prepend_name, and this overrun will be
dectected in extract_string() with "-ENAMETOOLONG".

Each printk contains 2 vsnprintf. vsnprintf() returns the required size after formatting the string.
1. vprintk_store() will invoke 1st vsnprintf() will 8 bytes space to get the reserve_size. In this case, the _buf_ could be less than _end_ by design.
2. Then it invokes 2nd printk_sprint()->vscnprintf()->vsnprintf() to really fill the space.

If we choose the stack space, it can meet above 2 cases.

If we pass the parameter like:
p = d_path_fast(path, buf, end - buf);
We need to handle the complicated logic in prepend_name()
I have tried this way in local test, the code logic is very complicated
and not so graceful.
e.g. I need to firstly go through the loop and get the full path size of
that file. And then return reserved_size for that 1st vsnprintf

Thanks for any suggestion

--
Cheers,
Justin (Jia He)

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

2021-05-28 14:40:04

by Justin He

[permalink] [raw]
Subject: RE: [PATCH RFCv2 1/3] fs: introduce helper d_path_fast()



> -----Original Message-----
> From: Matthew Wilcox <[email protected]>
> Sent: Friday, May 28, 2021 8:52 PM
> To: Justin He <[email protected]>
> Cc: Linus Torvalds <[email protected]>; Petr Mladek
> <[email protected]>; Steven Rostedt <[email protected]>; Sergey
> Senozhatsky <[email protected]>; Andy Shevchenko
> <[email protected]>; Rasmus Villemoes
> <[email protected]>; Jonathan Corbet <[email protected]>; Alexander
> Viro <[email protected]>; Luca Coelho <[email protected]>;
> Kalle Valo <[email protected]>; David S. Miller <[email protected]>;
> Jakub Kicinski <[email protected]>; Heiko Carstens <[email protected]>;
> Vasily Gorbik <[email protected]>; Christian Borntraeger
> <[email protected]>; Johannes Berg <[email protected]>; linux-
> [email protected]; [email protected]; linux-
> [email protected]; [email protected]; linux-
> [email protected]
> Subject: Re: [PATCH RFCv2 1/3] fs: introduce helper d_path_fast()
>
> On Fri, May 28, 2021 at 07:39:49PM +0800, Jia He wrote:
> > +/**
> > + * d_path_fast - fast return the full path of a dentry without taking
> > + * any seqlock/spinlock. This helper is typical for debugging purpose
> > + */
> > +char *d_path_fast(const struct path *path, char *buf, int buflen)
>
> I'd suggest calling it d_path_unsafe(). Otherwise people will call it
> instead of d_path because who doesn't like fast?
>
Okay, thanks

> > +{
> > + struct path root;
> > + struct mount *mnt = real_mount(path->mnt);
> > + DECLARE_BUFFER(b, buf, buflen);
> > +
> > + rcu_read_lock();
> > + get_fs_root_rcu(current->fs, &root);
> > +
> > + prepend(&b, "", 1);
> > + __prepend_path(path->dentry, mnt, &root, &b);
> > + rcu_read_unlock();
> > +
> > + return extract_string(&b);
> > +}
> > +EXPORT_SYMBOL(d_path_fast);
>
> Why export it? What module needs this?
Okay, indeed

--
Cheers,
Justin (Jia He)


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

2021-05-28 14:54:11

by Matthew Wilcox

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On Fri, May 28, 2021 at 02:22:01PM +0000, Justin He wrote:
> > On Fri, May 28, 2021 at 07:39:50PM +0800, Jia He wrote:
> > > We have '%pD' for printing a filename. It may not be perfect (by
> > > default it only prints one component.)
> > >
> > > As suggested by Linus at [1]:
> > > A dentry has a parent, but at the same time, a dentry really does
> > > inherently have "one name" (and given just the dentry pointers, you
> > > can't show mount-related parenthood, so in many ways the "show just
> > > one name" makes sense for "%pd" in ways it doesn't necessarily for
> > > "%pD"). But while a dentry arguably has that "one primary component",
> > > a _file_ is certainly not exclusively about that last component.
> > >
> > > Hence "file_dentry_name()" simply shouldn't use "dentry_name()" at all.
> > > Despite that shared code origin, and despite that similar letter
> > > choice (lower-vs-upper case), a dentry and a file really are very
> > > different from a name standpoint.
> > >
> > > Here stack space is preferred for file_d_path_name() because it is
> > > much safer. The stack size 256 is a compromise between stack overflow
> > > and too short full path.
> >
> > How is it "safer"? You already have a buffer passed from the caller.
> > Are you saying that d_path_fast() might overrun a really small buffer
> > but won't overrun a 256 byte buffer?
> No, it won't overrun a 256 byte buf. When the full path size is larger than 256, the p->len is < 0 in prepend_name, and this overrun will be
> dectected in extract_string() with "-ENAMETOOLONG".
>
> Each printk contains 2 vsnprintf. vsnprintf() returns the required size after formatting the string.
> 1. vprintk_store() will invoke 1st vsnprintf() will 8 bytes space to get the reserve_size. In this case, the _buf_ could be less than _end_ by design.
> 2. Then it invokes 2nd printk_sprint()->vscnprintf()->vsnprintf() to really fill the space.

I think you need to explain _that_ in the commit log, not make some
nebulous claim of "safer".

> If we choose the stack space, it can meet above 2 cases.
>
> If we pass the parameter like:
> p = d_path_fast(path, buf, end - buf);
> We need to handle the complicated logic in prepend_name()
> I have tried this way in local test, the code logic is very complicated
> and not so graceful.
> e.g. I need to firstly go through the loop and get the full path size of
> that file. And then return reserved_size for that 1st vsnprintf

I'm not sure why it's so complicated. p->len records how many bytes
are needed for the entire path; can't you just return -p->len ?

2021-05-28 16:12:13

by Justin He

[permalink] [raw]
Subject: RE: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

Hi Matthew

> -----Original Message-----
> From: Matthew Wilcox <[email protected]>
> Sent: Friday, May 28, 2021 10:53 PM
> To: Justin He <[email protected]>
> Cc: Linus Torvalds <[email protected]>; Petr Mladek
> <[email protected]>; Steven Rostedt <[email protected]>; Sergey
> Senozhatsky <[email protected]>; Andy Shevchenko
> <[email protected]>; Rasmus Villemoes
> <[email protected]>; Jonathan Corbet <[email protected]>; Alexander
> Viro <[email protected]>; Luca Coelho <[email protected]>;
> Kalle Valo <[email protected]>; David S. Miller <[email protected]>;
> Jakub Kicinski <[email protected]>; Heiko Carstens <[email protected]>;
> Vasily Gorbik <[email protected]>; Christian Borntraeger
> <[email protected]>; Johannes Berg <[email protected]>; linux-
> [email protected]; [email protected]; linux-
> [email protected]; [email protected]; linux-
> [email protected]
> Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path
> for file
>
> On Fri, May 28, 2021 at 02:22:01PM +0000, Justin He wrote:
> > > On Fri, May 28, 2021 at 07:39:50PM +0800, Jia He wrote:
> > > > We have '%pD' for printing a filename. It may not be perfect (by
> > > > default it only prints one component.)
> > > >
> > > > As suggested by Linus at [1]:
> > > > A dentry has a parent, but at the same time, a dentry really does
> > > > inherently have "one name" (and given just the dentry pointers, you
> > > > can't show mount-related parenthood, so in many ways the "show just
> > > > one name" makes sense for "%pd" in ways it doesn't necessarily for
> > > > "%pD"). But while a dentry arguably has that "one primary component",
> > > > a _file_ is certainly not exclusively about that last component.
> > > >
> > > > Hence "file_dentry_name()" simply shouldn't use "dentry_name()" at
> all.
> > > > Despite that shared code origin, and despite that similar letter
> > > > choice (lower-vs-upper case), a dentry and a file really are very
> > > > different from a name standpoint.
> > > >
> > > > Here stack space is preferred for file_d_path_name() because it is
> > > > much safer. The stack size 256 is a compromise between stack
> overflow
> > > > and too short full path.
> > >
> > > How is it "safer"? You already have a buffer passed from the caller.
> > > Are you saying that d_path_fast() might overrun a really small buffer
> > > but won't overrun a 256 byte buffer?
> > No, it won't overrun a 256 byte buf. When the full path size is larger
> than 256, the p->len is < 0 in prepend_name, and this overrun will be
> > dectected in extract_string() with "-ENAMETOOLONG".
> >
> > Each printk contains 2 vsnprintf. vsnprintf() returns the required size
> after formatting the string.
> > 1. vprintk_store() will invoke 1st vsnprintf() will 8 bytes space to get
> the reserve_size. In this case, the _buf_ could be less than _end_ by
> design.
> > 2. Then it invokes 2nd printk_sprint()->vscnprintf()->vsnprintf() to
> really fill the space.
>
> I think you need to explain _that_ in the commit log, not make some
> nebulous claim of "safer".

Okay

>
> > If we choose the stack space, it can meet above 2 cases.
> >
> > If we pass the parameter like:
> > p = d_path_fast(path, buf, end - buf);
> > We need to handle the complicated logic in prepend_name()
> > I have tried this way in local test, the code logic is very complicated
> > and not so graceful.
> > e.g. I need to firstly go through the loop and get the full path size of
> > that file. And then return reserved_size for that 1st vsnprintf
>
> I'm not sure why it's so complicated. p->len records how many bytes
> are needed for the entire path; can't you just return -p->len ?

prepend_name() will return at the beginning if p->len is <0 in this case,
we can't even get the correct full path size if keep __prepend_path unchanged.
We need another new helper __prepend_path_size() to get the full path size
regardless of the negative value p->len.

More than that, even the 1st vsnprintf could have _end_ > _buf_ in some case:
What if printk("%pD", filp) ? The 1st vsnprintf has positive (end-buf).

This make things more complicated.

Hope I have described it clearly as above.

--
Cheers,
Justin (Jia He)


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

2021-05-28 16:21:49

by Matthew Wilcox

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On Fri, May 28, 2021 at 03:09:28PM +0000, Justin He wrote:
> > I'm not sure why it's so complicated. p->len records how many bytes
> > are needed for the entire path; can't you just return -p->len ?
>
> prepend_name() will return at the beginning if p->len is <0 in this case,
> we can't even get the correct full path size if keep __prepend_path unchanged.
> We need another new helper __prepend_path_size() to get the full path size
> regardless of the negative value p->len.

It's a little hard to follow, based on just the patches. Is there a
git tree somewhere of Al's patches that you're based on?

Seems to me that prepend_name() is just fine because it updates p->len
before returning false:

static bool prepend_name(struct prepend_buffer *p, const struct qstr *name)
{
const char *dname = smp_load_acquire(&name->name); /* ^^^ */
u32 dlen = READ_ONCE(name->len);
char *s;

p->len -= dlen + 1;
if (unlikely(p->len < 0))
return false;

I think the only change you'd need to make for vsnprintf() is in
prepend_path():

- if (!prepend_name(&b, &dentry->d_name))
- break;
+ prepend_name(&b, &dentry->d_name);

Would that hurt anything else?

> More than that, even the 1st vsnprintf could have _end_ > _buf_ in some case:
> What if printk("%pD", filp) ? The 1st vsnprintf has positive (end-buf).

I don't understand the problem ... if p->len is positive, then you
succeeded. if p->len is negative then -p->len is the expected return
value from vsnprintf(). No?

2021-05-28 20:07:11

by Rasmus Villemoes

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On 28/05/2021 16.22, Justin He wrote:
>
>> From: Matthew Wilcox <[email protected]>

>> How is it "safer"? You already have a buffer passed from the caller.
>> Are you saying that d_path_fast() might overrun a really small buffer
>> but won't overrun a 256 byte buffer?
> No, it won't overrun a 256 byte buf. When the full path size is larger than 256, the p->len is < 0 in prepend_name, and this overrun will be
> dectected in extract_string() with "-ENAMETOOLONG".
>
> Each printk contains 2 vsnprintf. vsnprintf() returns the required size after formatting the string.>
> 1. vprintk_store() will invoke 1st vsnprintf() will 8 bytes space to get the reserve_size. In this case, the _buf_ could be less than _end_ by design.
> 2. Then it invokes 2nd printk_sprint()->vscnprintf()->vsnprintf() to really fill the space.

Please do not assume that printk is the only user of vsnprintf() or the
only one that would use a given %p<foo> extension.

Also, is it clear that nothing can change underneath you in between two
calls to vsnprintf()? IOW, is it certain that the path will fit upon a
second call using the size returned from the first?

Rasmus

2021-05-30 15:20:43

by Matthew Wilcox

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On Fri, May 28, 2021 at 10:06:37PM +0200, Rasmus Villemoes wrote:
> On 28/05/2021 16.22, Justin He wrote:
> >
> >> From: Matthew Wilcox <[email protected]>
>
> >> How is it "safer"? You already have a buffer passed from the caller.
> >> Are you saying that d_path_fast() might overrun a really small buffer
> >> but won't overrun a 256 byte buffer?
> > No, it won't overrun a 256 byte buf. When the full path size is larger than 256, the p->len is < 0 in prepend_name, and this overrun will be
> > dectected in extract_string() with "-ENAMETOOLONG".
> >
> > Each printk contains 2 vsnprintf. vsnprintf() returns the required size after formatting the string.>
> > 1. vprintk_store() will invoke 1st vsnprintf() will 8 bytes space to get the reserve_size. In this case, the _buf_ could be less than _end_ by design.
> > 2. Then it invokes 2nd printk_sprint()->vscnprintf()->vsnprintf() to really fill the space.
>
> Please do not assume that printk is the only user of vsnprintf() or the
> only one that would use a given %p<foo> extension.
>
> Also, is it clear that nothing can change underneath you in between two
> calls to vsnprintf()? IOW, is it certain that the path will fit upon a
> second call using the size returned from the first?

No, but that's also true of %s. I think vprintk_store() is foolish to
do it this way.

2021-05-31 00:45:09

by Justin He

[permalink] [raw]
Subject: RE: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file



> -----Original Message-----
> From: Matthew Wilcox <[email protected]>
> Sent: Friday, May 28, 2021 11:22 PM
> To: Justin He <[email protected]>
> Cc: Linus Torvalds <[email protected]>; Petr Mladek
> <pmla[email protected]>; Steven Rostedt <[email protected]>; Sergey
> Senozhatsky <[email protected]>; Andy Shevchenko
> <[email protected]>; Rasmus Villemoes
> <[email protected]>; Jonathan Corbet <[email protected]>; Alexander
> Viro <[email protected]>; Luca Coelho <[email protected]>;
> Kalle Valo <[email protected]>; David S. Miller <[email protected]>;
> Jakub Kicinski <[email protected]>; Heiko Carstens <[email protected]>;
> Vasily Gorbik <[email protected]>; Christian Borntraeger
> <[email protected]>; Johannes Berg <[email protected]>; linux-
> [email protected]; [email protected]; linux-
> [email protected]; [email protected]; linux-
> [email protected]
> Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path
> for file
>
> On Fri, May 28, 2021 at 03:09:28PM +0000, Justin He wrote:
> > > I'm not sure why it's so complicated. p->len records how many bytes
> > > are needed for the entire path; can't you just return -p->len ?
> >
> > prepend_name() will return at the beginning if p->len is <0 in this case,
> > we can't even get the correct full path size if keep __prepend_path
> unchanged.
> > We need another new helper __prepend_path_size() to get the full path
> size
> > regardless of the negative value p->len.
>
> It's a little hard to follow, based on just the patches. Is there a
> git tree somewhere of Al's patches that you're based on?

The git tree of Al's patches is at:
https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git/log/?h=work.d_path

>
> Seems to me that prepend_name() is just fine because it updates p->len
> before returning false:
>
> static bool prepend_name(struct prepend_buffer *p, const struct qstr
> *name)
> {
> const char *dname = smp_load_acquire(&name->name); /* ^^^ */
> u32 dlen = READ_ONCE(name->len);
> char *s;
>
> p->len -= dlen + 1;
> if (unlikely(p->len < 0))
> return false;
>
> I think the only change you'd need to make for vsnprintf() is in
> prepend_path():
>
> - if (!prepend_name(&b, &dentry->d_name))
> - break;
> + prepend_name(&b, &dentry->d_name);
>
> Would that hurt anything else?
I will try your suggestion soon.

>
> > More than that, even the 1st vsnprintf could have _end_ > _buf_ in some
> case:
> > What if printk("%pD", filp) ? The 1st vsnprintf has positive (end-buf).
>
> I don't understand the problem ... if p->len is positive, then you
> succeeded. if p->len is negative then -p->len is the expected return
> value from vsnprintf(). No?

There are 3 cases I once met in my debugging:
1. p->len is positive but too small (e.g. end-buf is 6). In first prepend_name
loop p-len-=dlen, then p->len is negative

2. p->len is negative at the very beginning (i.e. end-buf is negative)

3. p->len positive and large enough. Typically the 2nd vsnprintf of printk


--
Cheers,
Justin (Jia He)


IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

2021-05-31 09:41:52

by Petr Mladek

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On Sun 2021-05-30 16:18:23, Matthew Wilcox wrote:
> On Fri, May 28, 2021 at 10:06:37PM +0200, Rasmus Villemoes wrote:
> > On 28/05/2021 16.22, Justin He wrote:
> > >
> > >> From: Matthew Wilcox <[email protected]>
> >
> > >> How is it "safer"? You already have a buffer passed from the caller.
> > >> Are you saying that d_path_fast() might overrun a really small buffer
> > >> but won't overrun a 256 byte buffer?
> > > No, it won't overrun a 256 byte buf. When the full path size is larger than 256, the p->len is < 0 in prepend_name, and this overrun will be
> > > dectected in extract_string() with "-ENAMETOOLONG".
> > >
> > > Each printk contains 2 vsnprintf. vsnprintf() returns the required size after formatting the string.>
> > > 1. vprintk_store() will invoke 1st vsnprintf() will 8 bytes space to get the reserve_size. In this case, the _buf_ could be less than _end_ by design.
> > > 2. Then it invokes 2nd printk_sprint()->vscnprintf()->vsnprintf() to really fill the space.
> >
> > Please do not assume that printk is the only user of vsnprintf() or the
> > only one that would use a given %p<foo> extension.
> >
> > Also, is it clear that nothing can change underneath you in between two
> > calls to vsnprintf()? IOW, is it certain that the path will fit upon a
> > second call using the size returned from the first?
>
> No, but that's also true of %s. I think vprintk_store() is foolish to
> do it this way.

Just for record. vprintk_store() is foolish here by intention.
It avoids the need of static per-CPU X per-context buffers
and it is simple.

I believe that it should be good enough in practice. Any race here
would make the result racy anyway.

Of course, we might need to reconsider it if there are real life
problems with this approach.

Best Regards,
Petr

2021-06-01 14:42:56

by Justin He

[permalink] [raw]
Subject: RE: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

Hi Matthew

> -----Original Message-----
> From: Matthew Wilcox <[email protected]>
> Sent: Friday, May 28, 2021 11:22 PM
> To: Justin He <[email protected]>
> Cc: Linus Torvalds <[email protected]>; Petr Mladek
> <[email protected]>; Steven Rostedt <[email protected]>; Sergey
> Senozhatsky <[email protected]>; Andy Shevchenko
> <[email protected]>; Rasmus Villemoes
> <[email protected]>; Jonathan Corbet <[email protected]>; Alexander
> Viro <[email protected]>; Luca Coelho <[email protected]>;
> Kalle Valo <[email protected]>; David S. Miller <[email protected]>;
> Jakub Kicinski <[email protected]>; Heiko Carstens <[email protected]>;
> Vasily Gorbik <[email protected]>; Christian Borntraeger
> <[email protected]>; Johannes Berg <[email protected]>; linux-
> [email protected]; [email protected]; linux-
> [email protected]; [email protected]; linux-
> [email protected]
> Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path
> for file
>
> On Fri, May 28, 2021 at 03:09:28PM +0000, Justin He wrote:
> > > I'm not sure why it's so complicated. p->len records how many bytes
> > > are needed for the entire path; can't you just return -p->len ?
> >
> > prepend_name() will return at the beginning if p->len is <0 in this case,
> > we can't even get the correct full path size if keep __prepend_path
> unchanged.
> > We need another new helper __prepend_path_size() to get the full path
> size
> > regardless of the negative value p->len.
>
> It's a little hard to follow, based on just the patches. Is there a
> git tree somewhere of Al's patches that you're based on?
>
> Seems to me that prepend_name() is just fine because it updates p->len
> before returning false:
>
> static bool prepend_name(struct prepend_buffer *p, const struct qstr
> *name)
> {
> const char *dname = smp_load_acquire(&name->name); /* ^^^ */
> u32 dlen = READ_ONCE(name->len);
> char *s;
>
> p->len -= dlen + 1;
> if (unlikely(p->len < 0))
> return false;
>
> I think the only change you'd need to make for vsnprintf() is in
> prepend_path():
>
> - if (!prepend_name(&b, &dentry->d_name))
> - break;
> + prepend_name(&b, &dentry->d_name);
>
> Would that hurt anything else?
>

It almost works except the snprintf case,
Consider,assuming filp path is 256 bytes, 2 dentries "/root/$long_string":
snprintf(buffer, 128, "%pD", filp);
p->len is positive at first, but negative after prepend_name loop.
So, it will not fill any bytes in _buffer_.
But in theory, it should fill the beginning 127 bytes and '\0'.

What do you think of it?

--
Cheers,
Justin (Jia He)


> > More than that, even the 1st vsnprintf could have _end_ > _buf_ in some
> case:
> > What if printk("%pD", filp) ? The 1st vsnprintf has positive (end-buf).
>
> I don't understand the problem ... if p->len is positive, then you
> succeeded. if p->len is negative then -p->len is the expected return
> value from vsnprintf(). No?

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

2021-06-01 15:32:06

by Matthew Wilcox

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

somehow the linux-fsdevel mailing list got dropped from this revision
of the patch set. anyone who's following along may wish to refer to
the archives:
https://lore.kernel.org/linux-doc/[email protected]/

On Tue, Jun 01, 2021 at 02:42:15PM +0000, Justin He wrote:
> > On Fri, May 28, 2021 at 03:09:28PM +0000, Justin He wrote:
> > > > I'm not sure why it's so complicated. p->len records how many bytes
> > > > are needed for the entire path; can't you just return -p->len ?
> > >
> > > prepend_name() will return at the beginning if p->len is <0 in this case,
> > > we can't even get the correct full path size if keep __prepend_path
> > unchanged.
> > > We need another new helper __prepend_path_size() to get the full path
> > size
> > > regardless of the negative value p->len.
> >
> > It's a little hard to follow, based on just the patches. Is there a
> > git tree somewhere of Al's patches that you're based on?
> >
> > Seems to me that prepend_name() is just fine because it updates p->len
> > before returning false:
> >
> > static bool prepend_name(struct prepend_buffer *p, const struct qstr
> > *name)
> > {
> > const char *dname = smp_load_acquire(&name->name); /* ^^^ */
> > u32 dlen = READ_ONCE(name->len);
> > char *s;
> >
> > p->len -= dlen + 1;
> > if (unlikely(p->len < 0))
> > return false;
> >
> > I think the only change you'd need to make for vsnprintf() is in
> > prepend_path():
> >
> > - if (!prepend_name(&b, &dentry->d_name))
> > - break;
> > + prepend_name(&b, &dentry->d_name);
> >
> > Would that hurt anything else?
> >
>
> It almost works except the snprintf case,
> Consider,assuming filp path is 256 bytes, 2 dentries "/root/$long_string":
> snprintf(buffer, 128, "%pD", filp);
> p->len is positive at first, but negative after prepend_name loop.
> So, it will not fill any bytes in _buffer_.
> But in theory, it should fill the beginning 127 bytes and '\0'.

I have a few thoughts ...

1. Do we actually depend on that anywhere?
2. Is that something we should support?
3. We could print the start of the filename, if we do. So something like
this ...

static void prepend(struct prepend_buffer *p, const char *str, int namelen)
{
p->len -= namelen;
if (likely(p->len >= 0)) {
p->buf -= namelen;
memcpy(p->buf, str, namelen);
} else {
char *s = p->buf;
int buflen = strlen(p->buf);

/* The first time we overflow the buffer */
if (p->len + namelen > 0) {
p->buf -= p->len + namelen;
buflen += p->len + namelen;
}

if (buflen > namelen) {
memmove(p->buf + namelen, s, buflen - namelen);
memcpy(p->buf, str, namelen);
} else {
memcpy(p->buf, str, buflen);
}
}
}

I haven't tested this; it's probably full of confusion and off-by-one
errors. But I hope you get the point -- we continue to accumulate
p->len to indicate how many characters we shifted off the right of the
buffer while adding the (start of) the filename on the left.

4. If we want the end of the filename instead, that looks easier:

static void prepend(struct prepend_buffer *p, const char *str, int namelen)
{
p->len -= namelen;
if (likely(p->len >= 0)) {
p->buf -= namelen;
memcpy(p->buf, str, namelen);
} else if (p->len + namelen > 0) {
p->buf -= p->len + namelen;
memcpy(p->buf, str - p->len, p->len + namelen)
}
}

But I don't think we want any of this at all. Just don't put anything
in the buffer if the user didn't supply enough space. As long as you
get the return value right, they know the string is bad (or they don't
care if the string is bad)

2021-06-01 15:38:23

by Andy Shevchenko

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On Tue, Jun 1, 2021 at 6:32 PM Matthew Wilcox <[email protected]> wrote:
> On Tue, Jun 01, 2021 at 02:42:15PM +0000, Justin He wrote:

...

> Just don't put anything
> in the buffer if the user didn't supply enough space. As long as you
> get the return value right, they know the string is bad (or they don't
> care if the string is bad)

It might be that I'm out of context here, but printf() functionality
in the kernel (vsprintf() if being precise) and its users consider
that it should fill buffer up to the end of whatever space is
available.

--
With Best Regards,
Andy Shevchenko

2021-06-01 15:55:19

by Andy Shevchenko

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On Tue, Jun 01, 2021 at 04:44:00PM +0100, Matthew Wilcox wrote:
> On Tue, Jun 01, 2021 at 06:36:41PM +0300, Andy Shevchenko wrote:
> > On Tue, Jun 1, 2021 at 6:32 PM Matthew Wilcox <[email protected]> wrote:
> > > On Tue, Jun 01, 2021 at 02:42:15PM +0000, Justin He wrote:
> >
> > ...
> >
> > > Just don't put anything
> > > in the buffer if the user didn't supply enough space. As long as you
> > > get the return value right, they know the string is bad (or they don't
> > > care if the string is bad)
> >
> > It might be that I'm out of context here, but printf() functionality
> > in the kernel (vsprintf() if being precise) and its users consider
> > that it should fill buffer up to the end of whatever space is
> > available.
>
> Do they though? What use is it to specify a small buffer, print a
> large filename into it and then use that buffer, knowing that it wasn't
> big enough? That would help decide whether we should print the
> start or the end of the filename.
>
> Remember, we're going for usefulness here, not abiding by the letter of
> the standard under all circumstances, no matter the cost. At least
> partially because we're far outside the standard here; POSIX does
> not specify what %pD does.
>
> "The argument shall be a pointer to void. The value of the
> pointer is converted to a sequence of printable characters, in an
> implementation-defined manner."

All nice words, but don't forget kasprintf() or other usages like this.
For the same input we have to have the same result independently on the room in
the buffer.

So, if I print "Hello, World" I should always get it, not "Monkey's Paw".
I.o.w.

snprintf(10) ==> "Hello, Wor"
snprintf(5) ==> "Hello"
snprintf(2) !=> "Mo"
snprintf(1) !=> "M"
snprintf(1) ==> "H"

Inconsistency here is really not what we want.


--
With Best Regards,
Andy Shevchenko


2021-06-01 16:12:35

by Andy Shevchenko

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On Tue, Jun 01, 2021 at 06:53:26PM +0300, Andy Shevchenko wrote:
> On Tue, Jun 01, 2021 at 04:44:00PM +0100, Matthew Wilcox wrote:
> > On Tue, Jun 01, 2021 at 06:36:41PM +0300, Andy Shevchenko wrote:
> > > On Tue, Jun 1, 2021 at 6:32 PM Matthew Wilcox <[email protected]> wrote:
> > > > On Tue, Jun 01, 2021 at 02:42:15PM +0000, Justin He wrote:
> > >
> > > ...
> > >
> > > > Just don't put anything
> > > > in the buffer if the user didn't supply enough space. As long as you
> > > > get the return value right, they know the string is bad (or they don't
> > > > care if the string is bad)
> > >
> > > It might be that I'm out of context here, but printf() functionality
> > > in the kernel (vsprintf() if being precise) and its users consider
> > > that it should fill buffer up to the end of whatever space is
> > > available.
> >
> > Do they though? What use is it to specify a small buffer, print a
> > large filename into it and then use that buffer, knowing that it wasn't
> > big enough? That would help decide whether we should print the
> > start or the end of the filename.
> >
> > Remember, we're going for usefulness here, not abiding by the letter of
> > the standard under all circumstances, no matter the cost. At least
> > partially because we're far outside the standard here; POSIX does
> > not specify what %pD does.
> >
> > "The argument shall be a pointer to void. The value of the
> > pointer is converted to a sequence of printable characters, in an
> > implementation-defined manner."
>
> All nice words, but don't forget kasprintf() or other usages like this.
> For the same input we have to have the same result independently on the room in
> the buffer.
>
> So, if I print "Hello, World" I should always get it, not "Monkey's Paw".
> I.o.w.
>
> snprintf(10) ==> "Hello, Wor"
> snprintf(5) ==> "Hello"
> snprintf(2) !=> "Mo"
> snprintf(1) !=> "M"
> snprintf(1) ==> "H"
>
> Inconsistency here is really not what we want.

I have to add that in light of the topic those characters should be counted
from the end of the filename. So, we will give user as much as possible of useful
information. I.o.w. always print the last part of filename up to the buffer
size or if the filename is shorter than buffer we will have it in full.

--
With Best Regards,
Andy Shevchenko


2021-06-01 17:06:50

by Matthew Wilcox

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On Tue, Jun 01, 2021 at 07:10:41PM +0300, Andy Shevchenko wrote:
> On Tue, Jun 01, 2021 at 06:53:26PM +0300, Andy Shevchenko wrote:
> > On Tue, Jun 01, 2021 at 04:44:00PM +0100, Matthew Wilcox wrote:
> > > On Tue, Jun 01, 2021 at 06:36:41PM +0300, Andy Shevchenko wrote:
> > > > On Tue, Jun 1, 2021 at 6:32 PM Matthew Wilcox <[email protected]> wrote:
> > > > > On Tue, Jun 01, 2021 at 02:42:15PM +0000, Justin He wrote:
> > > >
> > > > ...
> > > >
> > > > > Just don't put anything
> > > > > in the buffer if the user didn't supply enough space. As long as you
> > > > > get the return value right, they know the string is bad (or they don't
> > > > > care if the string is bad)
> > > >
> > > > It might be that I'm out of context here, but printf() functionality
> > > > in the kernel (vsprintf() if being precise) and its users consider
> > > > that it should fill buffer up to the end of whatever space is
> > > > available.
> > >
> > > Do they though? What use is it to specify a small buffer, print a
> > > large filename into it and then use that buffer, knowing that it wasn't
> > > big enough? That would help decide whether we should print the
> > > start or the end of the filename.
> > >
> > > Remember, we're going for usefulness here, not abiding by the letter of
> > > the standard under all circumstances, no matter the cost. At least
> > > partially because we're far outside the standard here; POSIX does
> > > not specify what %pD does.
> > >
> > > "The argument shall be a pointer to void. The value of the
> > > pointer is converted to a sequence of printable characters, in an
> > > implementation-defined manner."
> >
> > All nice words, but don't forget kasprintf() or other usages like this.
> > For the same input we have to have the same result independently on the room in
> > the buffer.
> >
> > So, if I print "Hello, World" I should always get it, not "Monkey's Paw".
> > I.o.w.
> >
> > snprintf(10) ==> "Hello, Wor"
> > snprintf(5) ==> "Hello"
> > snprintf(2) !=> "Mo"
> > snprintf(1) !=> "M"
> > snprintf(1) ==> "H"
> >
> > Inconsistency here is really not what we want.
>
> I have to add that in light of the topic those characters should be counted
> from the end of the filename. So, we will give user as much as possible of useful
> information. I.o.w. always print the last part of filename up to the buffer
> size or if the filename is shorter than buffer we will have it in full.

Ah, not monkey's paw, but donkey hoof then ...

Here's some examples, what do you think makes sense?

snprintf(buf, 16, "bad file '%pD'\n", q);

what content do you want buf to have when q is variously:

1. /abcd/efgh
2. /a/bcdefgh.iso
3. /abcdef/gh

I would argue that
"bad file ''\n"
is actually a better string to have than any of (case 2)
"bad file '/a/bc"
"bad file 'bcdef"
"bad file 'h.iso"

2021-06-01 19:02:46

by Rasmus Villemoes

[permalink] [raw]
Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

On 01/06/2021 19.05, Matthew Wilcox wrote:

> Here's some examples, what do you think makes sense?
>
> snprintf(buf, 16, "bad file '%pD'\n", q);
>
> what content do you want buf to have when q is variously:
>
> 1. /abcd/efgh
> 2. /a/bcdefgh.iso
> 3. /abcdef/gh
>
> I would argue that
> "bad file ''\n"
> is actually a better string to have than any of (case 2)
> "bad file '/a/bc"
> "bad file 'bcdef"
> "bad file 'h.iso"
>

Whatever ends up being decided, _please_ document that in
machine-readable and -verifiable form. I.e., update lib/test_printf.c
accordingly.

Currently (and originally) it only tests %pd because %pD is/was
essentially just %pd with an indirection to get the struct dentry* from
a struct file*.

The existing framework is strongly centered around expecting '/a/bc (see
all the logic where we do multiple checks with size 0, size random, size
plenty, and for the random case check that the buffer contents match the
complete output up till the randomly chosen size), so adding tests for
some other semantics would require a bit more juggling.

Not that that should be an argument in favor of that behaviour. But FWIW
that would be my preference.

Rasmus


2021-06-02 06:42:57

by Justin He

[permalink] [raw]
Subject: RE: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for file

Hi Rasmus

> -----Original Message-----
> From: Rasmus Villemoes <[email protected]>
> Sent: Wednesday, June 2, 2021 3:02 AM
> To: Matthew Wilcox <[email protected]>; Andy Shevchenko
> <[email protected]>
> Cc: Justin He <[email protected]>; Linus Torvalds <[email protected]
> foundation.org>; Petr Mladek <[email protected]>; Steven Rostedt
> <[email protected]>; Sergey Senozhatsky <[email protected]>;
> Jonathan Corbet <[email protected]>; Alexander Viro <[email protected]>;
> Luca Coelho <[email protected]>; Kalle Valo <[email protected]>;
> David S. Miller <[email protected]>; Jakub Kicinski <[email protected]>;
> Heiko Carstens <[email protected]>; Vasily Gorbik <[email protected]>;
> Christian Borntraeger <[email protected]>; Johannes Berg
> <[email protected]>; [email protected]; linux-
> [email protected]; [email protected];
> [email protected]; [email protected]; Linux FS Devel <linux-
> [email protected]>
> Subject: Re: [PATCH RFCv2 2/3] lib/vsprintf.c: make %pD print full path for
> file
>
> On 01/06/2021 19.05, Matthew Wilcox wrote:
>
> > Here's some examples, what do you think makes sense?
> >
> > snprintf(buf, 16, "bad file '%pD'\n", q);
> >
> > what content do you want buf to have when q is variously:
> >
> > 1. /abcd/efgh
> > 2. /a/bcdefgh.iso
> > 3. /abcdef/gh
> >
> > I would argue that
> > "bad file ''\n"
> > is actually a better string to have than any of (case 2)
> > "bad file '/a/bc"
> > "bad file 'bcdef"
> > "bad file 'h.iso"
> >
>
> Whatever ends up being decided, _please_ document that in
> machine-readable and -verifiable form. I.e., update lib/test_printf.c
> accordingly.
>
> Currently (and originally) it only tests %pd because %pD is/was
> essentially just %pd with an indirection to get the struct dentry* from
> a struct file*.

Okay, I can add more test_printf cases for '%pD'

>
> The existing framework is strongly centered around expecting '/a/bc (see
> all the logic where we do multiple checks with size 0, size random, size
> plenty, and for the random case check that the buffer contents match the
> complete output up till the randomly chosen size), so adding tests for
> some other semantics would require a bit more juggling.
>

Yes, agree.
In other way, if the user:
char* full_path = d_path(...);
snprintf("%s", limited_size, full_path);

He/she will get the inconsistent result if we return "" for '%pD'.

--
Cheers,
Justin (Jia He)

> Not that that should be an argument in favor of that behaviour. But FWIW
> that would be my preference.
>
> Rasmus
>

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.