From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C8DA9C83F1D
	for <linux-mm@archiver.kernel.org>; Fri, 11 Jul 2025 18:01:09 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 698DC6B00A6; Fri, 11 Jul 2025 14:01:09 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6493C6B00A7; Fri, 11 Jul 2025 14:01:09 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 510E46B00A8; Fri, 11 Jul 2025 14:01:09 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 3DA026B00A6
	for <linux-mm@kvack.org>; Fri, 11 Jul 2025 14:01:09 -0400 (EDT)
Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay08.hostedemail.com (Postfix) with ESMTP id ECB38140167
	for <linux-mm@kvack.org>; Fri, 11 Jul 2025 18:01:08 +0000 (UTC)
X-FDA: 83652750216.19.F9BC8B5
Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47])
	by imf25.hostedemail.com (Postfix) with ESMTP id CE018A0018
	for <linux-mm@kvack.org>; Fri, 11 Jul 2025 18:01:06 +0000 (UTC)
Authentication-Results: imf25.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=VugeS0pO;
	spf=pass (imf25.hostedemail.com: domain of ma.uecker@gmail.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=ma.uecker@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1752256866;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=FXNOWT6MTv3Dyhe38G7xRW7KYU7suaaUF5CZ16ccYh4=;
	b=wlW2SmN9p42AJIaJjGCPiAwc3HE+aqoAEZd9RmAz+nh1uW5Hd8Frvv6IhHVJRmQsOK9cft
	q5VfBCNmlNTbPeiyC2zkSE06YCZI0v9y/t8r3fFQ9p78M+pwGskEc1G8wEpCYPsDvSrkJ4
	0extvfj02i7rP58UjEx8oOjSL7PbVZo=
ARC-Authentication-Results: i=1;
	imf25.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=VugeS0pO;
	spf=pass (imf25.hostedemail.com: domain of ma.uecker@gmail.com designates 209.85.208.47 as permitted sender) smtp.mailfrom=ma.uecker@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1752256866; a=rsa-sha256;
	cv=none;
	b=Lzg7uXhGGaKinNCn8N5ple86Rt2XZMFfmwEGOxsrAoJ4wBTXLZK1y05+XwJjYsVmcwhbzr
	yy6VwSYXJocbxzIRCssHJ/adOXJxGHPUlHD9Kr1JS3myrKkHM+ixKVq1UtCZ8HuXEzjtSt
	0r56Az/u7ZKfFkHGQA+dU4gd0gNxXqg=
Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-611f74c1837so1378707a12.3
        for <linux-mm@kvack.org>; Fri, 11 Jul 2025 11:01:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1752256865; x=1752861665; darn=kvack.org;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject
         :date:message-id:reply-to;
        bh=FXNOWT6MTv3Dyhe38G7xRW7KYU7suaaUF5CZ16ccYh4=;
        b=VugeS0pOPVUVhbB+ZIk2p9q16KeWGSsGKGK/CK/qcdPoBotb7ymoSmVfGjtMnuO9/C
         2t8ZKBdvhk1qmHyurvMXYEV/PszU5f//bTqSh0eIGkU+dYBXnmR9W3y7cvDYFMYXaOsX
         NU1OvVruTE+iGaqwpsqMIziIMUF3JWeTcL8pysvXzc1zf9eKDbPuBfSMYuR13lCUAp9o
         POpD0+8aOPDiN/ufEsvxRbrWxMfBQoqifwsfrh8c7li2M76S+8rMfNtL6Bhppa6Uoy+E
         F210Ney6UkMv4tC5NDjo7goxf9TkOosg7Le0O3UiuLn5d79+BWcmZ5+ymg+zgyGRn2F3
         wKPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752256865; x=1752861665;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=FXNOWT6MTv3Dyhe38G7xRW7KYU7suaaUF5CZ16ccYh4=;
        b=D8BWFrJUDGA0ucEBrUhMzrn2y4D2qoyZ1+adLrTodOw9DhixHdxzNqz10dbNfsUUDw
         ZBdXum+olzHDa9sLPxLBqr5fWmMW7R7/fTGmuAzy0YfqvZUBjkm8TywF6dDCjvaH7dsQ
         R2nu/X5virUIH50v67Mx9IcsZuCxxtU4VMuYS7WstO+yETHHRyGR6TItjlMF2TwjnHYm
         TWYzFP9YtpINRerrl5RMUtBVM0Fz7Ge1qOv56wo7oZir+V7kEy5jVGH7EPTmFh/N3DaN
         2Ea9hVuv9VOBeHfu/iIVrLTRLaFQ6HXrTY4l+apyFO6bzEK17KcbVBOy0GN7N7J9Qqll
         W92g==
X-Forwarded-Encrypted: i=1; AJvYcCULBxpdObCxfhP+Ml9WSKt6g5jtihVxkDWQlKIJ+dxASwuXsm2SUYa9x4OLmNd0Drp8pyu2t1HUKA==@kvack.org
X-Gm-Message-State: AOJu0YxCSqZpOMicPKLBVPuqMHn0M9+2x9I1Wk3BQC9Sx5swjevJncWj
	Goxs+uHfYsqBix46/iaagUUm9tsBS/cXHScAPGoSi8jHu4mVu4kmkDYm
X-Gm-Gg: ASbGncvymz2T3NiVz6gnkUng9G18kdmLVsYBDayNdBUBaQmwJitdIGhClQudd2tX8hw
	ZCUvYashal7lCYC7NA1KEufaway0S/QtI4jvkRfPAHHjm4Z/MVe7GkhD3vtWnd6j/D5X3MDisC5
	wFAvocytPkD8U9ish0SLeQgg7vFXgcN4sq+86FIus38UR0TFXzmGuascI8/hUCzcC/xtcrE4Kmw
	6Eer0MlJQLycngU+7i3qUHEItoSAnp7akjx5H6UMGqKqnacZE80nS62j5wuZjkVldXo6cTEtghA
	0V8VLajdKvWZ3LO8N4VFd5H/lYHnkbcbmm45xtI4n71t09imssIFxZZ3fPT0sBKkbe1R0KYj0rg
	dWSCREfpoiDdF0YgPpWycBwj2Ry+sorZTtq/1yH5dk5DVxqiBtclDexBNsYXaepZMyCWt4Crwat
	9JBynrwUJm6F452ZHaheH5GX+i1YfwTxJAgORahuIhGEhkN8V6Q2XW0ZwQVk06Q1wabwphUytiM
	l4mFpFytu8axF9C9b8Bpzvys4jjLlOz5moWR0RcbQ==
X-Google-Smtp-Source: AGHT+IGcUXOQL27BoWlYQg1iU+Z/FJ5iU0XT8uYIRTsmnYUn0qBz2IUxxAJ1wnfWaogLaUnbGHNcDg==
X-Received: by 2002:a05:6402:40c7:b0:60e:404:a931 with SMTP id 4fb4d7f45d1cf-611e7c0ab1dmr3697521a12.15.1752256864591;
        Fri, 11 Jul 2025 11:01:04 -0700 (PDT)
Received: from 2a02-8388-e6bb-e300-2ae5-f1e1-5796-cbba.cable.dynamic.v6.surfer.at (2a02-8388-e6bb-e300-2ae5-f1e1-5796-cbba.cable.dynamic.v6.surfer.at. [2a02:8388:e6bb:e300:2ae5:f1e1:5796:cbba])
        by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-611c952b753sm2472335a12.31.2025.07.11.11.01.02
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 11 Jul 2025 11:01:04 -0700 (PDT)
Message-ID: <7deb2ddcf0f3e6cd196b7520ad19e0d2ce07c639.camel@gmail.com>
Subject: Re: [RFC v5 6/7] sprintf: Add [v]sprintf_array()
From: Martin Uecker <ma.uecker@gmail.com>
To: David Laight <david.laight.linux@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>, Alejandro Colomar
 <alx@kernel.org>, linux-mm@kvack.org, linux-hardening@vger.kernel.org, Kees
 Cook <kees@kernel.org>, Christopher Bazley <chris.bazley.wg14@gmail.com>,
 shadow <~hallyn/shadow@lists.sr.ht>, linux-kernel@vger.kernel.org, Andrew
 Morton <akpm@linux-foundation.org>, kasan-dev@googlegroups.com, Dmitry
 Vyukov <dvyukov@google.com>, Alexander Potapenko <glider@google.com>, Marco
 Elver <elver@google.com>, Christoph Lameter <cl@linux.com>, David Rientjes
 <rientjes@google.com>, Vlastimil Babka <vbabka@suse.cz>, Roman Gushchin
 <roman.gushchin@linux.dev>, Harry Yoo <harry.yoo@oracle.com>, Andrew
 Clayton <andrew@digital-domain.net>, Rasmus Villemoes
 <linux@rasmusvillemoes.dk>,  Michal Hocko <mhocko@suse.com>, Al Viro
 <viro@zeniv.linux.org.uk>, Sam James <sam@gentoo.org>, Andrew Pinski
 <pinskia@gmail.com>
Date: Fri, 11 Jul 2025 20:01:01 +0200
In-Reply-To: <20250711184541.68d770b9@pumpkin>
References: <cover.1751823326.git.alx@kernel.org>
	 <cover.1752182685.git.alx@kernel.org>
	 <04c1e026a67f1609167e834471d0f2fe977d9cb0.1752182685.git.alx@kernel.org>
	 <CAHk-=wiNJQ6dVU8t7oM0sFpSqxyK8JZQXV5NGx7h+AE0PY4kag@mail.gmail.com>
	 <28c8689c7976b4755c0b5c2937326b0a3627ebf6.camel@gmail.com>
	 <20250711184541.68d770b9@pumpkin>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.46.4-2 
MIME-Version: 1.0
X-Rspam-User: 
X-Rspamd-Queue-Id: CE018A0018
X-Rspamd-Server: rspam09
X-Stat-Signature: zrn4uzfk9o5hz9qet1apbcwddz8bxhgc
X-HE-Tag: 1752256866-151092
X-HE-Meta: U2FsdGVkX187Eaw3r4tussS1bFKenYr0bnaEdK0HbEw+jfUP+WqXxoYtN3crpSXxPS31+nANza9rYGfzTh5QOCgEczRIeoVhSz0VpyTqUNqMfobiTspKYIDG9GAGl7jAprB7S8SuCMo80BUkfrJSE+0TRRz2Nyn2qE1Fy6agb9jJYZBiCad3oXMlB1KpRYMFvN0cD09S8rBEBssYwNeo/a26+Y5bM3g1/4Bn+tPyEvzl2qIVzCJQ+kmD/9IhMwCBLlW8RtXXTz0RnYFnKKCtwZ3YVCTqSPS4NC7D3kCQmLI3Vum0Sm77Y5Z58UETdekulKPu4ONfTE6JH9oxP0JmmUSVKGrAuVAJ0y6hrIhjsxZ0lAdl9Lzpb6MK31EPHSe3SoBorK28qiuHJvIMLJU1jfK1es3aP5+6S2QpVfggxY6qLScc/6DoX6gIqyLNY1Z52UKYYd1f9V9/5vbv3gixbml3JyslWE5duzxBWfGmS5aOj/bbGRlmmQMHZ9jFwDDJdF1GnZbWY25n/lwxio1d/UUmXPoX2jHAiaR+E64yrBZY0VcgYrGebC5LMmFARmnztC7OIkrDfD5+0vJg6gWc8s31fkxcZoE66VWOcD32Bf0JU9GlXofb13dPAm+NVdWKwmt5XkeXZa87qm3cyKyRSi+SmTXqtSOpZvDE05lCV80K2R7kcYGcuC3Tqz9BaDpaiW58SvoUWW3RRTEg/qtyLBQjP2BOLm8oih5a8DYTGImKKaVgadEsLd1BBnkwnjwVHrOQVo+AQJzeOTILJxitsSbvrgZxBOJ+hfGhC6Sz4W2c1AsXvavKv5MyLOkMyX3RuOKrsiX7Kyr2yGK4MCEz0PhLlg1E5Ydkl9cKgTaoe7SZgJlRKiHwRdFPWS2pRC5tsI88cZv725Fxn10/A9Sm8FXbhjKiLxOiH7LgHhnEiKW8bc1nOqgKzFjyVqjBeWbu12tRXo5OA+OwfTPx1w4
 lK9ujMLs
 XyvY/712+bWntYeMnFgmNrSKFgHRL61uCj72OO1sC4zbjKg1ENuzjn8dlILR+xReMiRC6xvVhurxKEfEa7JSzZkRTzJbtc4Yp/Zofp9YyKiMjmPv6t8KcG7tXX9B19tdaq/eXfDgMXgJFJra5qv7Q7v0VULdXL25CBn5O/XnB61pBpbrgJ/v0Pat//QQjtZxb2ifHYcD6vAs6LvYQXGk8FqjsG9hwtMIssGbWgL9dMkIRPUjlW7rv34S7FJ8oq5e6aXLha9074TC5ajfZuuhmSbAJm2yXztyox6BwRQUJe7dwkhjnlJQ0PXo9a1ntwMKMz8at8cs8ZgmtopWOFtFhx8LREakH5RUPxViCz4dfVDhS6CiiqtEfKoRChjnvFNRljHV2DH2eGu2SNsblbNFEKLXAxkwBD9N0dGrSqk5COJfE76vbeL4yRXuE70q/G32q7UD03HA9b/L1lAc7ur/1waNtU5PJuOwDshvpxNZJvh4yFA3uwvRK9l8s9ze9yZ/hk2puKLSjAPbWG3pn75jTq4DRXYTvlzzMSzOH4n+Kh7LsQnX+uKZSnce7FK6xbUMzUUMuO8r2LsgSdbAw6xmfPsphR1fIbgCz1irZxQU/cYEOrh89aZwjVRD1Ku1k+w3wmAx4aduc4eQPICmY59uVcKMNErW70eIlhqwWbPygQOlPv3WnwjiCTfKyaf5F7/OZ2GEllyzIo1ngAiC6vESUI3WozHpcTtLDrTqgvCdfmFN6mhQ=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Am Freitag, dem 11.07.2025 um 18:45 +0100 schrieb David Laight:
> On Fri, 11 Jul 2025 08:05:38 +0200
> Martin Uecker <ma.uecker@gmail.com> wrote:
>=20
> > Am Donnerstag, dem 10.07.2025 um 14:58 -0700 schrieb Linus Torvalds:
> > > On Thu, 10 Jul 2025 at 14:31, Alejandro Colomar <alx@kernel.org> wrot=
e: =20
> > > >=20
> > > > These macros are essentially the same as the 2-argument version of
> > > > strscpy(), but with a formatted string, and returning a pointer to =
the
> > > > terminating '\0' (or NULL, on error). =20
> > >=20
> > > No.
> > >=20
> > > Stop this garbage.
> > >=20
> > > You took my suggestion, and then you messed it up.
> > >=20
> > > Your version of sprintf_array() is broken. It evaluates 'a' twice.
> > > Because unlike ARRAY_SIZE(), your broken ENDOF() macro evaluates the
> > > argument.
> > >=20
> > > And you did it for no reason I can see. You said that you wanted to
> > > return the end of the resulting string, but the fact is, not a single
> > > user seems to care, and honestly, I think it would be wrong to care.
> > > The size of the result is likely the more useful thing, or you could
> > > even make these 'void' or something.
> > >=20
> > > But instead you made the macro be dangerous to use.
> > >=20
> > > This kind of churn is WRONG. It _looks_ like a cleanup that doesn't
> > > change anything, but then it has subtle bugs that will come and bite
> > > us later because you did things wrong.
> > >=20
> > > I'm NAK'ing all of this. This is BAD. Cleanup patches had better be
> > > fundamentally correct, not introduce broken "helpers" that will make
> > > for really subtle bugs.
> > >=20
> > > Maybe nobody ever ends up having that first argument with a side
> > > effect. MAYBE. It's still very very wrong.
> > >=20
> > >                 Linus =20
> >=20
> > What I am puzzled about is that - if you revise your string APIs -,
> > you do not directly go for a safe abstraction that combines length
> > and pointer and instead keep using these fragile 80s-style string
> > functions and open-coded pointer and size computations that everybody
> > gets wrong all the time.
> >=20
> > String handling could also look like this:
>=20
> What does that actually look like behind all the #defines and generics?
> It it continually doing malloc/free it is pretty much inappropriate
> for a lot of system/kernel code.

The example I linked would allocate behind your back and would clearly
not be useful for the kernel also because it would abort() on
allocation failure (as I pointed out below). =C2=A0

Still, I do not see why similar functions could not work for the
kernel.  The main point is to keep pointer and length together in a
single struct.  But it is certainly more difficult to define APIs
which make sense for the kernel.

I explain a bit how such types work here:

https://uecker.codeberg.page/2025-07-02.html
https://uecker.codeberg.page/2025-07-09.html

Martin
>=20

> >=20
> > https://godbolt.org/z/dqGz9b4sM
> >=20
> > and be completely bounds safe.
> >=20
> > (Note that those function abort() on allocation failure, but this
> > is an unfinished demo and also not for kernel use. Also I need to
> > rewrite this using string views.)
> >=20
> >=20
> > Martin
> >=20
> >=20
> >=20
> >=20
>=20