Re: [PATCH 08/14] d_path: make prepend_name() boolean

[Petr Mladek]

On Thu 2021-05-20 09:12:34, Justin He wrote:
> Hi Al
> 
> > -----Original Message-----
> > From: Al Viro <viro@xxxxxxxxxxxxxxxx> On Behalf Of Al Viro
> > Sent: Wednesday, May 19, 2021 8:49 AM
> > To: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
> > Cc: Justin He <Justin.He@xxxxxxx>; Petr Mladek <pmladek@xxxxxxxx>; Steven
> > Rostedt <rostedt@xxxxxxxxxxx>; Sergey Senozhatsky
> > <senozhatsky@xxxxxxxxxxxx>; Andy Shevchenko
> > <andriy.shevchenko@xxxxxxxxxxxxxxx>; Rasmus Villemoes
> > <linux@xxxxxxxxxxxxxxxxxx>; Jonathan Corbet <corbet@xxxxxxx>; Heiko
> > Carstens <hca@xxxxxxxxxxxxx>; Vasily Gorbik <gor@xxxxxxxxxxxxx>; Christian
> > Borntraeger <borntraeger@xxxxxxxxxx>; Eric W . Biederman
> > <ebiederm@xxxxxxxxxxxx>; Darrick J. Wong <darrick.wong@xxxxxxxxxx>; Peter
> > Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>; Ira Weiny <ira.weiny@xxxxxxxxx>;
> > Eric Biggers <ebiggers@xxxxxxxxxx>; Ahmed S. Darwish
> > <a.darwish@xxxxxxxxxxxxx>; open list:DOCUMENTATION <linux-
> > doc@xxxxxxxxxxxxxxx>; Linux Kernel Mailing List <linux-
> > kernel@xxxxxxxxxxxxxxx>; linux-s390 <linux-s390@xxxxxxxxxxxxxxx>; linux-
> > fsdevel <linux-fsdevel@xxxxxxxxxxxxxxx>
> > Subject: [PATCH 08/14] d_path: make prepend_name() boolean
> >
> > It returns only 0 or -ENAMETOOLONG and both callers only check if
> > the result is negative.  Might as well return true on success and
> > false on failure...
> >
> > Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> > ---
> >  fs/d_path.c | 12 ++++++------
> >  1 file changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/fs/d_path.c b/fs/d_path.c
> > index 327cc3744554..83db83446afd 100644
> > --- a/fs/d_path.c
> > +++ b/fs/d_path.c
> > @@ -34,15 +34,15 @@ static void prepend(char **buffer, int *buflen, const
> > char *str, int namelen)
> >   *
> >   * Load acquire is needed to make sure that we see that terminating NUL.
> >   */
> > -static int prepend_name(char **buffer, int *buflen, const struct qstr
> > *name)
> > +static bool prepend_name(char **buffer, int *buflen, const struct qstr
> > *name)
> >  {
> >       const char *dname = smp_load_acquire(&name->name); /* ^^^ */
> >       u32 dlen = READ_ONCE(name->len);
> >       char *p;
> >
> >       *buflen -= dlen + 1;
> > -     if (*buflen < 0)
> > -             return -ENAMETOOLONG;
> > +     if (unlikely(*buflen < 0))
> > +             return false;
> 
> I don't object to this patch itself.
> Just wonder whether we need to relax the check condition of "*buflen < 0" ?
> 
> Given that in vsnprintf code path, sometimes the *buflen is < 0.
> 
> Please see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/lib/vsprintf.c#n2698

IMHO, the patch is fine. It is likely some misunderstanding.
The above link points to:

2693	str = buf;
2694	end = buf + size;
2695
2696	/* Make sure end is always >= buf */
2697	if (end < buf) {
2698		end = ((void *)-1);
2699		size = end - buf;
2700	}

"end" points right behind the end of the buffer. It is later
used instead of the buffer size. The above code handles a potential
overflow of "buf + size". I causes that "end" will be 0xffffffff
in case of the overflow.

That said. vsnprintf() returns the number of characters which would
be generated for the given input. But only the "size" is written.
This require copying the characters one by one.

It is useful to see how many characters were lost. But I am not sure
if this ever worked for the dentry functions.

Best Regards,
Petr