Re: [PATCH 2/2] proc: use set_puts() at /proc/*/wchan
From: Rasmus Villemoes
Date: Wed Feb 21 2018 - 03:57:58 EST
On 2018-02-21 01:02, Andrew Morton wrote:
> On Sat, 17 Feb 2018 16:06:42 +0200 Andy Shevchenko <andy.shevchenko@xxxxxxxxx> wrote:
>
>> On Sat, Feb 17, 2018 at 9:20 AM, Alexey Dobriyan <adobriyan@xxxxxxxxx> wrote:
>>> Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
>>
>>
>>> - seq_printf(m, "%s", symname);
>>> + seq_puts(m, symname);
>>
>> While this might have no security concerns, the pattern might be
>> brainlessly used by some janitors and there would have security
>> implications.
>
> And I'd like to see a changelog, please. One which explains why
> `symname' cannot have a %s (etc) in it, and never will.
OK, since #youtoo: It doesn't _matter_ if symname is "%pHAHAHA %fooled
you <unicode for evil grin emoji>", seq_puts does not interpret it at
all. There are _never_ security implications with the above replacement.
Sure, seq_printf(m, symname) would be bad, but that's not what is being
done.
AFAICT, this should always lead to slightly smaller code (one less
parameter passed) and in all likelyhood also slightly faster (no format
interpretation, no slow char-by-char handling by the string() function
etc.). So the only case where I'd think this should not necessarily be
done would be in a long sequence of seq_printf, where only one or two
could be replaced by seq_puts/seq_putc.
Rasmus