From: David Laight <David.Laight@ACULAB.COM>
To: 'Bill Wendling' <morbo@google.com>,
Andrew Morton <akpm@linux-foundation.org>
Cc: Bill Wendling <isanbard@gmail.com>,
Tony Luck <tony.luck@intel.com>, Borislav Petkov <bp@alien8.de>,
Thomas Gleixner <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Phillip Potter <phil@philpotter.co.uk>,
Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Jan Kara <jack@suse.com>,
"Pablo Neira Ayuso" <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
"Florian Westphal" <fw@strlen.de>,
"David S. Miller" <davem@davemloft.net>,
"Eric Dumazet" <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Tom Rix <trix@redhat.com>,
Ross Philipson <ross.philipson@oracle.com>,
Daniel Kiper <daniel.kiper@oracle.com>,
"linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
ACPI Devel Maling List <linux-acpi@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"netfilter-devel@vger.kernel.org"
<netfilter-devel@vger.kernel.org>,
"coreteam@netfilter.org" <coreteam@netfilter.org>,
Networking <netdev@vger.kernel.org>,
"alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>,
clang-built-linux <llvm@lists.linux.dev>
Subject: RE: [PATCH 00/12] Clang -Wformat warning fixes
Date: Fri, 10 Jun 2022 08:17:25 +0000 [thread overview]
Message-ID: <01da36bfd13e421aadb2eff661e7a959@AcuMS.aculab.com> (raw)
In-Reply-To: <CAGG=3QXDt9AeCQOAp1311POFRSByJru4=Q=oFiQn3u2iZYk2_w@mail.gmail.com>
From: Bill Wendling
> Sent: 09 June 2022 23:49
>
> On Thu, Jun 9, 2022 at 3:25 PM Andrew Morton <akpm@linux-foundation.org> wrote:
> >
> > On Thu, 9 Jun 2022 22:16:19 +0000 Bill Wendling <morbo@google.com> wrote:
> >
> > > This patch set fixes some clang warnings when -Wformat is enabled.
> > >
> >
> > tldr:
> >
> > - printk(msg);
> > + printk("%s", msg);
> >
> > the only reason to make this change is where `msg' could contain a `%'.
> > Generally, it came from userspace.
>
> It helps kernel developers not accidentally to insert an unescaped '%'
> in their messages, potentially exposing their code to an attack
> vector.
>
> > Otherwise these changes are a
> > useless consumer of runtime resources.
>
> Calling a "printf" style function is already insanely expensive. :-) I
> understand that it's not okay blithely to increase runtime resources
> simply because it's already slow, but in this case it's worthwhile.
Yep, IMHO definitely should be fixed.
It is even possible that using "%s" is faster because the printf
code doesn't have to scan the string for format effectors.
> > I think it would be better to quieten clang in some fashion.
>
> The "printk" and similar functions all have the "__printf" attribute.
> I don't know of a modification to that attribute which can turn off
> this type of check.
And you wouldn't want to for these cases.
The only problems arise when the format is calculated
(or passed in from a caller).
But that is likely to be dangerous - reading formats from
files (eg for language translation) isn't a good idea at all.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
WARNING: multiple messages have this Message-ID (diff)
From: David Laight <David.Laight@ACULAB.COM>
To: 'Bill Wendling' <morbo@google.com>,
Andrew Morton <akpm@linux-foundation.org>
Cc: "alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>,
"maintainer:X86 ARCHITECTURE \(32-BIT AND 64-BIT\)"
<x86@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Phillip Potter <phil@philpotter.co.uk>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Eric Dumazet <edumazet@google.com>,
Networking <netdev@vger.kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Bill Wendling <isanbard@gmail.com>,
Daniel Kiper <daniel.kiper@oracle.com>,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
ACPI Devel Maling List <linux-acpi@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>, Tom Rix <trix@redhat.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
clang-built-linux <llvm@lists.linux.dev>,
"coreteam@netfilter.org" <coreteam@netfilter.org>,
Arnd Bergmann <arnd@arndb.de>,
Ross Philipson <ross.philipson@oracle.com>,
Nathan Chancellor <nathan@kernel.org>,
Borislav Petkov <bp@alien8.de>,
Thomas Gleixner <tglx@linutronix.de>,
"linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>,
Tony Luck <tony.luck@intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Florian Westphal <fw@strlen.de>, Takashi Iwai <tiwai@suse.com>,
LKML <linux-kernel@vger.kernel.org>,
"netfilter-devel@vger.kernel.org"
<netfilter-devel@vger.kernel.org>, Jan Kara <jack@suse.com>,
"David S. Miller" <davem@davemloft.net>
Subject: RE: [PATCH 00/12] Clang -Wformat warning fixes
Date: Fri, 10 Jun 2022 08:17:25 +0000 [thread overview]
Message-ID: <01da36bfd13e421aadb2eff661e7a959@AcuMS.aculab.com> (raw)
In-Reply-To: <CAGG=3QXDt9AeCQOAp1311POFRSByJru4=Q=oFiQn3u2iZYk2_w@mail.gmail.com>
From: Bill Wendling
> Sent: 09 June 2022 23:49
>
> On Thu, Jun 9, 2022 at 3:25 PM Andrew Morton <akpm@linux-foundation.org> wrote:
> >
> > On Thu, 9 Jun 2022 22:16:19 +0000 Bill Wendling <morbo@google.com> wrote:
> >
> > > This patch set fixes some clang warnings when -Wformat is enabled.
> > >
> >
> > tldr:
> >
> > - printk(msg);
> > + printk("%s", msg);
> >
> > the only reason to make this change is where `msg' could contain a `%'.
> > Generally, it came from userspace.
>
> It helps kernel developers not accidentally to insert an unescaped '%'
> in their messages, potentially exposing their code to an attack
> vector.
>
> > Otherwise these changes are a
> > useless consumer of runtime resources.
>
> Calling a "printf" style function is already insanely expensive. :-) I
> understand that it's not okay blithely to increase runtime resources
> simply because it's already slow, but in this case it's worthwhile.
Yep, IMHO definitely should be fixed.
It is even possible that using "%s" is faster because the printf
code doesn't have to scan the string for format effectors.
> > I think it would be better to quieten clang in some fashion.
>
> The "printk" and similar functions all have the "__printf" attribute.
> I don't know of a modification to that attribute which can turn off
> this type of check.
And you wouldn't want to for these cases.
The only problems arise when the format is calculated
(or passed in from a caller).
But that is likely to be dangerous - reading formats from
files (eg for language translation) isn't a good idea at all.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2022-06-10 8:17 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-09 22:16 [PATCH 00/12] Clang -Wformat warning fixes Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 01/12] x86/mce: use correct format characters Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-09 23:14 ` Randy Dunlap
2022-06-09 23:14 ` Randy Dunlap
2022-06-09 23:18 ` Bill Wendling
2022-06-09 23:18 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 02/12] x86/CPU/AMD: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 03/12] x86/e820: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 04/12] blk-cgroup: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-10 8:10 ` Christoph Hellwig
2022-06-10 8:10 ` Christoph Hellwig
2022-06-09 22:16 ` [PATCH 05/12] fs: quota: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 06/12] PNP: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 07/12] driver/char: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-10 5:18 ` Greg Kroah-Hartman
2022-06-10 5:18 ` Greg Kroah-Hartman
2022-06-13 18:40 ` Bill Wendling
2022-06-13 18:40 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 08/12] cdrom: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-12 16:23 ` Phillip Potter
2022-06-12 16:23 ` Phillip Potter
2022-06-13 18:47 ` Bill Wendling
2022-06-13 18:47 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 09/12] ALSA: seq: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 10/12] " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 11/12] ALSA: control: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-09 22:16 ` [PATCH 12/12] netfilter: conntrack: " Bill Wendling
2022-06-09 22:16 ` Bill Wendling
2022-06-20 14:44 ` Pablo Neira Ayuso
2022-07-11 14:35 ` Pablo Neira Ayuso
2022-07-11 14:35 ` Pablo Neira Ayuso
2022-06-09 22:25 ` [PATCH 00/12] Clang -Wformat warning fixes Andrew Morton
2022-06-09 22:25 ` Andrew Morton
2022-06-09 22:49 ` Bill Wendling
2022-06-09 22:49 ` Bill Wendling
2022-06-09 23:03 ` Jan Engelhardt
2022-06-09 23:03 ` Jan Engelhardt
2022-06-09 23:16 ` Bill Wendling
2022-06-09 23:16 ` Bill Wendling
2022-06-10 1:19 ` Andrew Morton
2022-06-10 1:19 ` Andrew Morton
2022-06-10 5:20 ` Greg Kroah-Hartman
2022-06-10 5:20 ` Greg Kroah-Hartman
2022-06-10 12:44 ` Joe Perches
2022-06-10 12:44 ` Joe Perches
2022-06-10 8:17 ` David Laight [this message]
2022-06-10 8:17 ` David Laight
2022-06-10 8:32 ` Jan Engelhardt
2022-06-10 8:32 ` Jan Engelhardt
2022-06-10 9:14 ` David Laight
2022-06-10 9:14 ` David Laight
2022-06-10 9:22 ` Jan Engelhardt
2022-06-10 9:22 ` Jan Engelhardt
2022-06-10 0:32 ` Nick Desaulniers
2022-06-10 0:32 ` Nick Desaulniers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=01da36bfd13e421aadb2eff661e7a959@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=akpm@linux-foundation.org \
--cc=alsa-devel@alsa-project.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=coreteam@netfilter.org \
--cc=daniel.kiper@oracle.com \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=isanbard@gmail.com \
--cc=jack@suse.com \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=linux-acpi@vger.kernel.org \
--cc=linux-edac@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=llvm@lists.linux.dev \
--cc=mingo@redhat.com \
--cc=morbo@google.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=perex@perex.cz \
--cc=phil@philpotter.co.uk \
--cc=rafael.j.wysocki@intel.com \
--cc=ross.philipson@oracle.com \
--cc=tglx@linutronix.de \
--cc=tiwai@suse.com \
--cc=tony.luck@intel.com \
--cc=trix@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.