lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <202310270847.87B9B46EE@keescook> Date: Fri, 27 Oct 2023 08:49:28 -0700 From: Kees Cook <keescook@...omium.org> To: Andy Shevchenko <andriy.shevchenko@...ux.intel.com> Cc: Steven Rostedt <rostedt@...dmis.org>, "Matthew Wilcox (Oracle)" <willy@...radead.org>, Christoph Hellwig <hch@....de>, Justin Stitt <justinstitt@...gle.com>, Kent Overstreet <kent.overstreet@...ux.dev>, Petr Mladek <pmladek@...e.com>, Rasmus Villemoes <linux@...musvillemoes.dk>, Sergey Senozhatsky <senozhatsky@...omium.org>, Masami Hiramatsu <mhiramat@...nel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Arnd Bergmann <arnd@...db.de>, Jonathan Corbet <corbet@....net>, Yun Zhou <yun.zhou@...driver.com>, Jacob Keller <jacob.e.keller@...el.com>, Zhen Lei <thunder.leizhen@...wei.com>, linux-trace-kernel@...r.kernel.org, Yosry Ahmed <yosryahmed@...gle.com>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v2] seq_buf: Introduce DECLARE_SEQ_BUF and seq_buf_str() On Thu, Oct 26, 2023 at 11:20:15PM +0300, Andy Shevchenko wrote: > On Thu, Oct 26, 2023 at 12:40:37PM -0700, Kees Cook wrote: > > Solve two ergonomic issues with struct seq_buf; > > > > 1) Too much boilerplate is required to initialize: > > > > struct seq_buf s; > > char buf[32]; > > > > seq_buf_init(s, buf, sizeof(buf)); > > > > Instead, we can build this directly on the stack. Provide > > DECLARE_SEQ_BUF() macro to do this: > > > > DECLARE_SEQ_BUF(s, 32); > > > > 2) %NUL termination is fragile and requires 2 steps to get a valid > > C String (and is a layering violation exposing the "internals" of > > seq_buf): > > > > seq_buf_terminate(s); > > do_something(s->buffer); > > > > Instead, we can just return s->buffer direction after terminating it > > in refactored seq_buf_terminate(), now known as seq_buf_str(): > > > > do_soemthing(seq_buf_str(s)); > > ... > > > +#define DECLARE_SEQ_BUF(NAME, SIZE) \ > > + char __ ## NAME ## _buffer[SIZE] = ""; \ > > + struct seq_buf NAME = { .buffer = &__ ## NAME ## _buffer, \ > > + .size = SIZE } > > Hmm... Wouldn't be more readable to have it as > > #define DECLARE_SEQ_BUF(NAME, SIZE) \ > char __ ## NAME ## _buffer[SIZE] = ""; \ > struct seq_buf NAME = { \ > .buffer = &__ ## NAME ## _buffer, \ > .size = SIZE, \ > } > > ? Yes, I don't know why I did it the smooshed way. Fixed for v3. > > +static inline char *seq_buf_str(struct seq_buf *s) > > { > > if (WARN_ON(s->size == 0)) > > - return; > > + return ""; > > I'm wondering why it's a problem to have an empty string? Well, it's a pathological case where "size" is 0 -- it shouldn't happen (hence the warn), but it's more robust to return an empty .data string pointer than a NULL s->buffer or an s->buffer that isn't intended to be used (i.e. the size == 0). -- Kees Cook
Powered by blists - more mailing lists