| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202507171640.F649D58897@keescook> Date: Thu, 17 Jul 2025 16:44:31 -0700 From: Kees Cook <kees@...nel.org> To: Martin Uecker <ma.uecker@...il.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, David Laight <david.laight.linux@...il.com>, Alejandro Colomar <alx@...nel.org>, linux-mm@...ck.org, linux-hardening@...r.kernel.org, Christopher Bazley <chris.bazley.wg14@...il.com>, shadow <~hallyn/shadow@...ts.sr.ht>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, kasan-dev@...glegroups.com, Dmitry Vyukov <dvyukov@...gle.com>, Alexander Potapenko <glider@...gle.com>, Marco Elver <elver@...gle.com>, Christoph Lameter <cl@...ux.com>, David Rientjes <rientjes@...gle.com>, Vlastimil Babka <vbabka@...e.cz>, Roman Gushchin <roman.gushchin@...ux.dev>, Harry Yoo <harry.yoo@...cle.com>, Andrew Clayton <andrew@...ital-domain.net>, Rasmus Villemoes <linux@...musvillemoes.dk>, Michal Hocko <mhocko@...e.com>, Al Viro <viro@...iv.linux.org.uk>, Sam James <sam@...too.org>, Andrew Pinski <pinskia@...il.com> Subject: Re: [RFC v5 6/7] sprintf: Add [v]sprintf_array() On Tue, Jul 15, 2025 at 08:24:29AM +0200, Martin Uecker wrote: > Am Montag, dem 14.07.2025 um 22:19 -0700 schrieb Kees Cook: > > On Fri, Jul 11, 2025 at 10:58:56AM -0700, Linus Torvalds wrote: > > > struct seq_buf s; > > > seq_buf_init(&s, buf, szie); > > > > And because some folks didn't like this "declaration that requires a > > function call", we even added: > > > > DECLARE_SEQ_BUF(s, 32); > > > > to do it in 1 line. :P > > > > I would love to see more string handling replaced with seq_buf. > > Why not have? > > struct seq_buf s = SEQ_BUF(32); > > > So the kernel has safe abstractions, there are just not used enough. Yeah, that should be fine. The trouble is encapsulating the actual buffer itself. But things like spinlocks need initialization too, so it's not too unusual to need a constructor for things living in a struct. If the struct had DECLARE which created 2 variables, then an INIT could just reuse the special name... > The string builder is for safely construcing new strings, the > string view is for safely accessing parts of existing strings. seq_buf doesn't currently have a "view" API, just a "make sure the result is NUL terminated, please enjoy this char *" > Also what I found really convenient and useful in this context > was to have an accessor macro that expose the buffer as a > regular array cast to the correct size: > > *( (char(*)[(x)->N]) (x)->data ) > > (put into statement expressions to avoid double evaluation) > > instead of simply returning a char* Yeah, I took a look through your proposed C string library routines. I think it would be pretty nice, but it does feel like it has to go through a lot of hoops when C should have something native. Though to be clear, I'm not saying seq_buf is the answer. :) -- Kees Cook
Powered by blists - more mailing lists