From: David Laight <David.Laight@ACULAB.COM> To: 'Bill Wendling' <morbo@google.com>, Andrew Morton <akpm@linux-foundation.org> Cc: Bill Wendling <isanbard@gmail.com>, Tony Luck <tony.luck@intel.com>, Borislav Petkov <bp@alien8.de>, Thomas Gleixner <tglx@linutronix.de>, "Ingo Molnar" <mingo@redhat.com>, Dave Hansen <dave.hansen@linux.intel.com>, "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Phillip Potter <phil@philpotter.co.uk>, Arnd Bergmann <arnd@arndb.de>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>, Jan Kara <jack@suse.com>, "Pablo Neira Ayuso" <pablo@netfilter.org>, Jozsef Kadlecsik <kadlec@netfilter.org>, "Florian Westphal" <fw@strlen.de>, "David S. Miller" <davem@davemloft.net>, "Eric Dumazet" <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>, Nathan Chancellor <nathan@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, Tom Rix <trix@redhat.com>, Ross Philipson <ross.philipson@oracle.com>, Daniel Kiper <daniel.kiper@oracle.com>, "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>, ACPI Devel Maling List <linux-acpi@vger.kernel.org>, "linux-mm@kvack.org" <linux-mm@kvack.org>, "netfilter-devel@vger.kernel.org" <netfilter-devel@vger.kernel.org>, "coreteam@netfilter.org" <coreteam@netfilter.org>, Networking <netdev@vger.kernel.org>, "alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>, clang-built-linux <llvm@lists.linux.dev> Subject: RE: [PATCH 00/12] Clang -Wformat warning fixes Date: Fri, 10 Jun 2022 08:17:25 +0000 [thread overview] Message-ID: <01da36bfd13e421aadb2eff661e7a959@AcuMS.aculab.com> (raw) In-Reply-To: <CAGG=3QXDt9AeCQOAp1311POFRSByJru4=Q=oFiQn3u2iZYk2_w@mail.gmail.com> From: Bill Wendling > Sent: 09 June 2022 23:49 > > On Thu, Jun 9, 2022 at 3:25 PM Andrew Morton <akpm@linux-foundation.org> wrote: > > > > On Thu, 9 Jun 2022 22:16:19 +0000 Bill Wendling <morbo@google.com> wrote: > > > > > This patch set fixes some clang warnings when -Wformat is enabled. > > > > > > > tldr: > > > > - printk(msg); > > + printk("%s", msg); > > > > the only reason to make this change is where `msg' could contain a `%'. > > Generally, it came from userspace. > > It helps kernel developers not accidentally to insert an unescaped '%' > in their messages, potentially exposing their code to an attack > vector. > > > Otherwise these changes are a > > useless consumer of runtime resources. > > Calling a "printf" style function is already insanely expensive. :-) I > understand that it's not okay blithely to increase runtime resources > simply because it's already slow, but in this case it's worthwhile. Yep, IMHO definitely should be fixed. It is even possible that using "%s" is faster because the printf code doesn't have to scan the string for format effectors. > > I think it would be better to quieten clang in some fashion. > > The "printk" and similar functions all have the "__printf" attribute. > I don't know of a modification to that attribute which can turn off > this type of check. And you wouldn't want to for these cases. The only problems arise when the format is calculated (or passed in from a caller). But that is likely to be dangerous - reading formats from files (eg for language translation) isn't a good idea at all. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
WARNING: multiple messages have this Message-ID (diff)
From: David Laight <David.Laight@ACULAB.COM> To: 'Bill Wendling' <morbo@google.com>, Andrew Morton <akpm@linux-foundation.org> Cc: "alsa-devel@alsa-project.org" <alsa-devel@alsa-project.org>, "maintainer:X86 ARCHITECTURE \(32-BIT AND 64-BIT\)" <x86@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, Dave Hansen <dave.hansen@linux.intel.com>, Phillip Potter <phil@philpotter.co.uk>, "linux-mm@kvack.org" <linux-mm@kvack.org>, Eric Dumazet <edumazet@google.com>, Networking <netdev@vger.kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Bill Wendling <isanbard@gmail.com>, Daniel Kiper <daniel.kiper@oracle.com>, "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>, Jozsef Kadlecsik <kadlec@netfilter.org>, ACPI Devel Maling List <linux-acpi@vger.kernel.org>, Ingo Molnar <mingo@redhat.com>, Tom Rix <trix@redhat.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Pablo Neira Ayuso <pablo@netfilter.org>, clang-built-linux <llvm@lists.linux.dev>, "coreteam@netfilter.org" <coreteam@netfilter.org>, Arnd Bergmann <arnd@arndb.de>, Ross Philipson <ross.philipson@oracle.com>, Nathan Chancellor <nathan@kernel.org>, Borislav Petkov <bp@alien8.de>, Thomas Gleixner <tglx@linutronix.de>, "linux-edac@vger.kernel.org" <linux-edac@vger.kernel.org>, Tony Luck <tony.luck@intel.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Florian Westphal <fw@strlen.de>, Takashi Iwai <tiwai@suse.com>, LKML <linux-kernel@vger.kernel.org>, "netfilter-devel@vger.kernel.org" <netfilter-devel@vger.kernel.org>, Jan Kara <jack@suse.com>, "David S. Miller" <davem@davemloft.net> Subject: RE: [PATCH 00/12] Clang -Wformat warning fixes Date: Fri, 10 Jun 2022 08:17:25 +0000 [thread overview] Message-ID: <01da36bfd13e421aadb2eff661e7a959@AcuMS.aculab.com> (raw) In-Reply-To: <CAGG=3QXDt9AeCQOAp1311POFRSByJru4=Q=oFiQn3u2iZYk2_w@mail.gmail.com> From: Bill Wendling > Sent: 09 June 2022 23:49 > > On Thu, Jun 9, 2022 at 3:25 PM Andrew Morton <akpm@linux-foundation.org> wrote: > > > > On Thu, 9 Jun 2022 22:16:19 +0000 Bill Wendling <morbo@google.com> wrote: > > > > > This patch set fixes some clang warnings when -Wformat is enabled. > > > > > > > tldr: > > > > - printk(msg); > > + printk("%s", msg); > > > > the only reason to make this change is where `msg' could contain a `%'. > > Generally, it came from userspace. > > It helps kernel developers not accidentally to insert an unescaped '%' > in their messages, potentially exposing their code to an attack > vector. > > > Otherwise these changes are a > > useless consumer of runtime resources. > > Calling a "printf" style function is already insanely expensive. :-) I > understand that it's not okay blithely to increase runtime resources > simply because it's already slow, but in this case it's worthwhile. Yep, IMHO definitely should be fixed. It is even possible that using "%s" is faster because the printf code doesn't have to scan the string for format effectors. > > I think it would be better to quieten clang in some fashion. > > The "printk" and similar functions all have the "__printf" attribute. > I don't know of a modification to that attribute which can turn off > this type of check. And you wouldn't want to for these cases. The only problems arise when the format is calculated (or passed in from a caller). But that is likely to be dangerous - reading formats from files (eg for language translation) isn't a good idea at all. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2022-06-10 8:17 UTC|newest] Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-06-09 22:16 [PATCH 00/12] Clang -Wformat warning fixes Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 01/12] x86/mce: use correct format characters Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-09 23:14 ` Randy Dunlap 2022-06-09 23:14 ` Randy Dunlap 2022-06-09 23:18 ` Bill Wendling 2022-06-09 23:18 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 02/12] x86/CPU/AMD: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 03/12] x86/e820: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 04/12] blk-cgroup: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-10 8:10 ` Christoph Hellwig 2022-06-10 8:10 ` Christoph Hellwig 2022-06-09 22:16 ` [PATCH 05/12] fs: quota: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 06/12] PNP: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 07/12] driver/char: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-10 5:18 ` Greg Kroah-Hartman 2022-06-10 5:18 ` Greg Kroah-Hartman 2022-06-13 18:40 ` Bill Wendling 2022-06-13 18:40 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 08/12] cdrom: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-12 16:23 ` Phillip Potter 2022-06-12 16:23 ` Phillip Potter 2022-06-13 18:47 ` Bill Wendling 2022-06-13 18:47 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 09/12] ALSA: seq: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 10/12] " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 11/12] ALSA: control: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-09 22:16 ` [PATCH 12/12] netfilter: conntrack: " Bill Wendling 2022-06-09 22:16 ` Bill Wendling 2022-06-20 14:44 ` Pablo Neira Ayuso 2022-07-11 14:35 ` Pablo Neira Ayuso 2022-07-11 14:35 ` Pablo Neira Ayuso 2022-06-09 22:25 ` [PATCH 00/12] Clang -Wformat warning fixes Andrew Morton 2022-06-09 22:25 ` Andrew Morton 2022-06-09 22:49 ` Bill Wendling 2022-06-09 22:49 ` Bill Wendling 2022-06-09 23:03 ` Jan Engelhardt 2022-06-09 23:03 ` Jan Engelhardt 2022-06-09 23:16 ` Bill Wendling 2022-06-09 23:16 ` Bill Wendling 2022-06-10 1:19 ` Andrew Morton 2022-06-10 1:19 ` Andrew Morton 2022-06-10 5:20 ` Greg Kroah-Hartman 2022-06-10 5:20 ` Greg Kroah-Hartman 2022-06-10 12:44 ` Joe Perches 2022-06-10 12:44 ` Joe Perches 2022-06-10 8:17 ` David Laight [this message] 2022-06-10 8:17 ` David Laight 2022-06-10 8:32 ` Jan Engelhardt 2022-06-10 8:32 ` Jan Engelhardt 2022-06-10 9:14 ` David Laight 2022-06-10 9:14 ` David Laight 2022-06-10 9:22 ` Jan Engelhardt 2022-06-10 9:22 ` Jan Engelhardt 2022-06-10 0:32 ` Nick Desaulniers 2022-06-10 0:32 ` Nick Desaulniers
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=01da36bfd13e421aadb2eff661e7a959@AcuMS.aculab.com \ --to=david.laight@aculab.com \ --cc=akpm@linux-foundation.org \ --cc=alsa-devel@alsa-project.org \ --cc=arnd@arndb.de \ --cc=bp@alien8.de \ --cc=coreteam@netfilter.org \ --cc=daniel.kiper@oracle.com \ --cc=dave.hansen@linux.intel.com \ --cc=davem@davemloft.net \ --cc=edumazet@google.com \ --cc=fw@strlen.de \ --cc=gregkh@linuxfoundation.org \ --cc=hpa@zytor.com \ --cc=isanbard@gmail.com \ --cc=jack@suse.com \ --cc=kadlec@netfilter.org \ --cc=kuba@kernel.org \ --cc=linux-acpi@vger.kernel.org \ --cc=linux-edac@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=llvm@lists.linux.dev \ --cc=mingo@redhat.com \ --cc=morbo@google.com \ --cc=nathan@kernel.org \ --cc=ndesaulniers@google.com \ --cc=netdev@vger.kernel.org \ --cc=netfilter-devel@vger.kernel.org \ --cc=pabeni@redhat.com \ --cc=pablo@netfilter.org \ --cc=perex@perex.cz \ --cc=phil@philpotter.co.uk \ --cc=rafael.j.wysocki@intel.com \ --cc=ross.philipson@oracle.com \ --cc=tglx@linutronix.de \ --cc=tiwai@suse.com \ --cc=tony.luck@intel.com \ --cc=trix@redhat.com \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.