From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 00DA9C83F03 for ; Sun, 6 Jul 2025 17:37:37 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 347F66B03F7; Sun, 6 Jul 2025 13:37:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 31F476B03F8; Sun, 6 Jul 2025 13:37:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 25C2F6B03F9; Sun, 6 Jul 2025 13:37:37 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 0E85B6B03F7 for ; Sun, 6 Jul 2025 13:37:37 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 66464ABCEA for ; Sun, 6 Jul 2025 17:37:36 +0000 (UTC) X-FDA: 83634546912.15.D5F4B06 Received: from tor.source.kernel.org (tor.source.kernel.org [172.105.4.254]) by imf20.hostedemail.com (Postfix) with ESMTP id D8C8C1C000D for ; Sun, 6 Jul 2025 17:37:34 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mxfjiZoS; spf=pass (imf20.hostedemail.com: domain of alx@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=alx@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1751823454; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=f9voBFlWHzeaC+iDj5Wl/SZbZdAKJR9r5mrtiRs6/es=; b=GzUxyC2uzdQUWgWYMann8ZPQ3yUM0fLXC7dxVQPulI9GBW2En6Ik7LoEGt338UkOfesmFe 5bZu5TRffJpGnoXHudA0GIUEgqJlCThdi8M1CSnoqj+bfZABhOsgASfUdtyd9oUMo/tNQz 3o6FeL6qxhj905ajEr5ngTmzzn9P7yU= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=mxfjiZoS; spf=pass (imf20.hostedemail.com: domain of alx@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=alx@kernel.org; dmarc=pass (policy=quarantine) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1751823454; a=rsa-sha256; cv=none; b=A9lnufznbERBliDTXz8QmCBPogdpqkuIK6TBTspiqDmC82eq3cYFQOSNLrljHtHeVGJgoY JJEBfYcTN7qSi7NAOiKvA9gc9wEFP/h4HKABrCOzZTIjTcVFcTdAOEIqidDZ/jJyyF2DZs zL7clyz9uRY4iFUHz1ZaayowCJwYKyU= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by tor.source.kernel.org (Postfix) with ESMTP id 0131561127; Sun, 6 Jul 2025 17:37:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 93105C4CEED; Sun, 6 Jul 2025 17:37:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1751823453; bh=ovktrmFqgAtBsSi2ZsROA0X6b8FGHHeHhSSb81Ojs6s=; h=Date:From:To:Cc:Subject:From; b=mxfjiZoSfrtIsbdPdv/fpyMPc7LfJvD+F03tsE/rydIotMh8gluN1pIEyQnsqVByM 6HPzmlMLHoFb8vz1rVkUelZ/9vtc3AydYiza4o9RMA6lyy6cLRZOVMp28i91gHt3q/ ny3XAyB+IQFU1DOZjab9IzyfZ6+/f0f79858wG2uo/9yVdDMHGwJC7wS+sZpyxUaQ8 x6C9hPnplkC2au3JPtwxD28Nkrmqm26a6r4iN5QmkbpW8rfOF2zBH6s6d5orzx2H7p HXI9NleViYCNjz+W8EUTAhQJuHpakBE7alC4cFbCZntKnzUcJczq2axXIm+PiQDIar SOHAQ+GDM86IQ== Date: Sun, 6 Jul 2025 19:37:32 +0200 From: Alejandro Colomar To: linux-mm@kvack.org, linux-hardening@vger.kernel.org Cc: Alejandro Colomar , Kees Cook , Christopher Bazley , shadow <~hallyn/shadow@lists.sr.ht>, linux-kernel@vger.kernel.org, Andrew Morton , kasan-dev@googlegroups.com, Dmitry Vyukov , Alexander Potapenko , Marco Elver , Christoph Lameter , David Rientjes , Vlastimil Babka , Roman Gushchin , Harry Yoo , Andrew Clayton Subject: [RFC v2 0/5] Add and use seprintf() instead of less ergonomic APIs Message-ID: X-Mailer: git-send-email 2.50.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Stat-Signature: w37ds1seafhczncfyxjfmxsae7wfsnj8 X-Rspamd-Queue-Id: D8C8C1C000D X-Rspam-User: X-Rspamd-Server: rspam07 X-HE-Tag: 1751823454-164713 X-HE-Meta: U2FsdGVkX1/tpwxq39XpkwXCKehxyN871lvDxmZJHkpPFf5HwKQblNDkdoj0o+mRwH/KJnOGFPP0HElCU6goeNGyQRFhUhvLKK4BGTULn1Zfso3b043p5xOUmdiRS8eoohMhYSDFmJoWndTkbcz8l1OJ470upFPd6qfd60b39TybzNAXOZo1MzG+hjc8Y4AEYB58OaHsx011u3AMtYkbFconXaTNWJcAPotyjcqw/SfhdbXXCYax/mpuHpoyHF9vkVxvjWoIr6uJvtBIxum2oY8WUI96OIwhHVCHzDib4JQaWkPv6XS10t5HiMpioeBagiG+IuLt1Di718zlWOH/NZbSst2ZDemhwF9c3e5AWw/OWDl6NCEXHM28krmAk7LIhpx0SQtRaipoe+Wq33jiFmt0knSN+Ku8FtFtpWu98sJ3X1yKIRRjCtj56hALRWPZiYD74nkJOwRRyrs+GRiVMpbvF6wwO2/wd0OGe7TL3/nGml/P07eKkz0AyAjd9qhrDgvd0S0RJg4tPXWaqP3MtOOgU071o4/3dS1hTuHyorMdW9AI6sPcdyhsJ00A2v8gL6U7b2w4B2wPrRL+8IhbdXK5rQFqnfEB4YgsLl2LIsE6eWXQl/8FZX2RDYfcsnpt0rRy9XaRbLiwv9OAEtmPivIfC3LDq1XbvkZFoSd+Tl3/9rpxpoRYWmKAxr10Oj3V0GkfPDh3U9hqXhzGxJxYgJboCZHAqZl0tx/ZudTZmQz27iuPdFP0GHAFa3LywW9IcTCcKc+VhrAOY1UlI6exdKOYSlcXkIx1zKwCEPctxt5Oo1hSFZMNcMCewdXY2jLAOz6IrM1wM4J8FueSncBB/PCXTmIm9bXOUOHXizPaxYhrYTZDcJchP8B5Zf3C6mRIa8nRXeQ3ofEKRz0RDj4jZijfpiZYt2aB6QbotQUThpsuvW5+504rcucoDxkA3O3Ouf/6fk1z7Xaf7mn143K 2Spou9N6 QjHB7340qnlGhpw1eAy2f+oLfhLKvi5IFPAReSrX5oe7B0YD71pPwlEoagMHr26RddS5TLVPkm7DFbHpGn4Uv1S22bPyQn4MkfWbuGPVNLPeZ+pSWfmY3fVLwX16uUh7Ok730qME8Lv7aVbGy96DVmjc/o0QygCpPFDItRl06t/XFGJE9IMTxuR9prC6nM/zXy6cZ3OwSlJPBM4zPoeqH/NgLOMgpW0bD0GQvb9kl2otkedeZffb9TZ1EJYaZE1PjeHeMceHlM0EEctXIlrPGC2SQKPzdOxdJaLYmp/JjO0hCw8lyB9K4/tl/d4NybcKalRyD+RDgWQlDJFnCxXoOFVyAPA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Kees, I've found some more bugs in the same code. There were three off-by-one bugs in the code I had replaced, and while I had noticed something weird, I hadn't stopped to think too much about them. I've documented the bugs, and fixed them in the last commit. I've also added an ENDOF() macro to prevent these off-by-one bugs when we can avoid them. This time I've built the kernel, which showed I had forgotten some prototypes, plus also one typo. See range-diff below. This is still not complying to coding style, but is otherwise in working order. I'll send it as is for discussion. When we agree on the specific questions on the code I made in v1, I'll turn it into coding- style compliant. Have a lovely Sun day! Alex Alejandro Colomar (5): vsprintf: Add [v]seprintf(), [v]stprintf() stacktrace, stackdepot: Add seprintf()-like variants of functions mm: Use seprintf() instead of less ergonomic APIs array_size.h: Add ENDOF() mm: Fix benign off-by-one bugs include/linux/array_size.h | 6 ++ include/linux/sprintf.h | 4 ++ include/linux/stackdepot.h | 13 +++++ include/linux/stacktrace.h | 3 + kernel/stacktrace.c | 28 ++++++++++ lib/stackdepot.c | 12 ++++ lib/vsprintf.c | 109 +++++++++++++++++++++++++++++++++++++ mm/kfence/kfence_test.c | 28 +++++----- mm/kmsan/kmsan_test.c | 6 +- mm/mempolicy.c | 18 +++--- mm/page_owner.c | 32 ++++++----- mm/slub.c | 5 +- 12 files changed, 221 insertions(+), 43 deletions(-) Range-diff against v1: 1: 2d20eaf1752e ! 1: 64334f0b94d6 vsprintf: Add [v]seprintf(), [v]stprintf() @@ Commit message Cc: Christopher Bazley Signed-off-by: Alejandro Colomar + ## include/linux/sprintf.h ## +@@ include/linux/sprintf.h: __printf(2, 3) int sprintf(char *buf, const char * fmt, ...); + __printf(2, 0) int vsprintf(char *buf, const char *, va_list); + __printf(3, 4) int snprintf(char *buf, size_t size, const char *fmt, ...); + __printf(3, 0) int vsnprintf(char *buf, size_t size, const char *fmt, va_list args); ++__printf(3, 4) int stprintf(char *buf, size_t size, const char *fmt, ...); ++__printf(3, 0) int vstprintf(char *buf, size_t size, const char *fmt, va_list args); + __printf(3, 4) int scnprintf(char *buf, size_t size, const char *fmt, ...); + __printf(3, 0) int vscnprintf(char *buf, size_t size, const char *fmt, va_list args); ++__printf(3, 4) char *seprintf(char *p, const char end[0], const char *fmt, ...); ++__printf(3, 0) char *vseprintf(char *p, const char end[0], const char *fmt, va_list args); + __printf(2, 3) __malloc char *kasprintf(gfp_t gfp, const char *fmt, ...); + __printf(2, 0) __malloc char *kvasprintf(gfp_t gfp, const char *fmt, va_list args); + __printf(2, 0) const char *kvasprintf_const(gfp_t gfp, const char *fmt, va_list args); + ## lib/vsprintf.c ## @@ lib/vsprintf.c: int vsnprintf(char *buf, size_t size, const char *fmt_str, va_list args) } 2: ec2e375c2d1e ! 2: 9c140de9842d stacktrace, stackdepot: Add seprintf()-like variants of functions @@ lib/stackdepot.c: int stack_depot_snprint(depot_stack_handle_t handle, char *buf + unsigned int nr_entries; + + nr_entries = stack_depot_fetch(handle, &entries); -+ return nr_entries ? stack_trace_seprint(p, e, entries, nr_entries, ++ return nr_entries ? stack_trace_seprint(p, end, entries, nr_entries, + spaces) : p; +} +EXPORT_SYMBOL_GPL(stack_depot_seprint); 3: be193e1856aa ! 3: e3271b5f2ad9 mm: Use seprintf() instead of less ergonomic APIs @@ Commit message mm/kfence/kfence_test.c: - The last call to scnprintf() did increment 'cur', but it's - unused after that, so it was dead code. I've removed the dead - code in this patch. + - The last call to scnprintf() did increment 'cur', but it's + unused after that, so it was dead code. I've removed the dead + code in this patch. + + - 'end' is calculated as + + end = &expect[0][sizeof(expect[0] - 1)]; + + However, the '-1' doesn't seem to be necessary. When passing + $2 to scnprintf(), the size was specified as 'end - cur'. + And scnprintf() --just like snprintf(3)--, won't write more + than $2 bytes (including the null byte). That means that + scnprintf() wouldn't write more than + + &expect[0][sizeof(expect[0]) - 1] - expect[0] + + which simplifies to + + sizeof(expect[0]) - 1 + + bytes. But we have sizeof(expect[0]) bytes available, so + we're wasting one byte entirely. This is a benign off-by-one + bug. The two occurrences of this bug will be fixed in a + following patch in this series. + + mm/kmsan/kmsan_test.c: + + The same benign off-by-one bug calculating the remaining size. mm/mempolicy.c: -: ------------ > 4: 5331d286ceca array_size.h: Add ENDOF() -: ------------ > 5: 08cfdd2bf779 mm: Fix benign off-by-one bugs -- 2.50.0