* [PATCH] sysfs.txt: update show method notes about sprintf/snprintf/scnprintf usage
@ 2015-06-25 0:55 Seymour, Shane M
[not found] ` <DDB9C85B850785449757F9914A034FCB3F8EA364-MCKW7lC+H9ISZAcGdq5asR6epYMZPwEe5NbjCUgZEJk@public.gmane.org>
0 siblings, 1 reply; 4+ messages in thread
From: Seymour, Shane M @ 2015-06-25 0:55 UTC (permalink / raw)
To: linux-api-u79uwXL29TY76Z2rM5mHXA,
Greg KH
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
(gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org)
Changed the documentation to allow sprintf() for small
single values and explicitly say snprintf() must never be used in
a show function to format data to be returned to user space.
Change based on a discussion about the patch
st: convert DRIVER_ATTR macros to DRIVER_ATTR_RO
Suggested-by: Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
Signed-off-by: Shane Seymour <shane.seymour-VXdhtT5mjnY@public.gmane.org>
---
--- a/Documentation/filesystems/sysfs.txt 2015-06-22 14:18:40.278620871 -0500
+++ b/Documentation/filesystems/sysfs.txt 2015-06-24 13:42:21.344446532 -0500
@@ -212,7 +212,9 @@ Other notes:
- show() methods should return the number of bytes printed into the
buffer. This is the return value of scnprintf().
-- show() should always use scnprintf().
+- show() must not use snprintf() when formatting a value to be
+ returned to user space. For small single values you can use
+ sprintf() otherwise you must use scnprintf().
- store() should return the number of bytes used from the buffer. If the
entire buffer has been used, just return the count argument.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] sysfs.txt: update show method notes about sprintf/snprintf/scnprintf usage
[not found] ` <DDB9C85B850785449757F9914A034FCB3F8EA364-MCKW7lC+H9ISZAcGdq5asR6epYMZPwEe5NbjCUgZEJk@public.gmane.org>
@ 2015-06-25 1:59 ` Sergey Senozhatsky
2015-06-25 6:03 ` Greg KH <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org> (gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org)
0 siblings, 1 reply; 4+ messages in thread
From: Sergey Senozhatsky @ 2015-06-25 1:59 UTC (permalink / raw)
To: Seymour, Shane M
Cc: linux-api-u79uwXL29TY76Z2rM5mHXA,
Greg KH
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
(gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org)
On (06/25/15 00:55), Seymour, Shane M wrote:
> Changed the documentation to allow sprintf() for small
> single values and explicitly say snprintf() must never be used in
> a show function to format data to be returned to user space.
>
> Change based on a discussion about the patch
> st: convert DRIVER_ATTR macros to DRIVER_ATTR_RO
>
> Suggested-by: Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
> Signed-off-by: Shane Seymour <shane.seymour-VXdhtT5mjnY@public.gmane.org>
> ---
> --- a/Documentation/filesystems/sysfs.txt 2015-06-22 14:18:40.278620871 -0500
> +++ b/Documentation/filesystems/sysfs.txt 2015-06-24 13:42:21.344446532 -0500
> @@ -212,7 +212,9 @@ Other notes:
> - show() methods should return the number of bytes printed into the
> buffer. This is the return value of scnprintf().
>
> -- show() should always use scnprintf().
> +- show() must not use snprintf() when formatting a value to be
> + returned to user space. For small single values you can use
> + sprintf() otherwise you must use scnprintf().
Well, a single value can easily overflow
sprintf(buf, "%s", dev->large_value);
Probably the wording better be "if you guarantee that overflow will
never happen, then you can use ...".
-ss
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] sysfs.txt: update show method notes about sprintf/snprintf/scnprintf usage
2015-06-25 1:59 ` Sergey Senozhatsky
@ 2015-06-25 6:03 ` Greg KH <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org> (gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org)
2015-06-25 7:05 ` Sergey Senozhatsky
0 siblings, 1 reply; 4+ messages in thread
From: Greg KH <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org> (gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org) @ 2015-06-25 6:03 UTC (permalink / raw)
To: Sergey Senozhatsky; +Cc: Seymour, Shane M, linux-api-u79uwXL29TY76Z2rM5mHXA
On Thu, Jun 25, 2015 at 10:59:57AM +0900, Sergey Senozhatsky wrote:
> On (06/25/15 00:55), Seymour, Shane M wrote:
> > Changed the documentation to allow sprintf() for small
> > single values and explicitly say snprintf() must never be used in
> > a show function to format data to be returned to user space.
> >
> > Change based on a discussion about the patch
> > st: convert DRIVER_ATTR macros to DRIVER_ATTR_RO
> >
> > Suggested-by: Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
> > Signed-off-by: Shane Seymour <shane.seymour-VXdhtT5mjnY@public.gmane.org>
> > ---
> > --- a/Documentation/filesystems/sysfs.txt 2015-06-22 14:18:40.278620871 -0500
> > +++ b/Documentation/filesystems/sysfs.txt 2015-06-24 13:42:21.344446532 -0500
> > @@ -212,7 +212,9 @@ Other notes:
> > - show() methods should return the number of bytes printed into the
> > buffer. This is the return value of scnprintf().
> >
> > -- show() should always use scnprintf().
> > +- show() must not use snprintf() when formatting a value to be
> > + returned to user space. For small single values you can use
> > + sprintf() otherwise you must use scnprintf().
>
> Well, a single value can easily overflow
>
> sprintf(buf, "%s", dev->large_value);
That's an obviously foolish sysfs attribute, if you do that, you deserve
the kernel crash :)
> Probably the wording better be "if you guarantee that overflow will
> never happen, then you can use ...".
For a document that no one has obviously read in the past 5 years, I
really doubt we need to work too hard on the exact specific wording of
it.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] sysfs.txt: update show method notes about sprintf/snprintf/scnprintf usage
2015-06-25 6:03 ` Greg KH <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org> (gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org)
@ 2015-06-25 7:05 ` Sergey Senozhatsky
0 siblings, 0 replies; 4+ messages in thread
From: Sergey Senozhatsky @ 2015-06-25 7:05 UTC (permalink / raw)
To: Greg KH <gregkh@linuxfoundation.org> (gregkh@linuxfoundation.org)
Cc: Sergey Senozhatsky, Seymour, Shane M, linux-api, Jonathan Corbet,
linux-doc
Cc Jonathan and linux-doc
On (06/24/15 23:03), Greg KH <gregkh@linuxfoundation.org> (gregkh@linuxfoundation.org) wrote:
[..]
> > > -- show() should always use scnprintf().
> > > +- show() must not use snprintf() when formatting a value to be
> > > + returned to user space. For small single values you can use
> > > + sprintf() otherwise you must use scnprintf().
> >
> > Well, a single value can easily overflow
> >
> > sprintf(buf, "%s", dev->large_value);
>
> That's an obviously foolish sysfs attribute, if you do that, you deserve
> the kernel crash :)
:)
And the 'always use scnprintf()' rule keeps all of us on the safe
side (almost for free).
> > Probably the wording better be "if you guarantee that overflow will
> > never happen, then you can use ...".
>
> For a document that no one has obviously read in the past 5 years, I
> really doubt we need to work too hard on the exact specific wording of
> it.
Oh, it's especially pleasant and satisfactory to ignore
a well-written and scrupulous documentation :) just kidding.
-ss
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2015-06-25 7:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-06-25 0:55 [PATCH] sysfs.txt: update show method notes about sprintf/snprintf/scnprintf usage Seymour, Shane M
[not found] ` <DDB9C85B850785449757F9914A034FCB3F8EA364-MCKW7lC+H9ISZAcGdq5asR6epYMZPwEe5NbjCUgZEJk@public.gmane.org>
2015-06-25 1:59 ` Sergey Senozhatsky
2015-06-25 6:03 ` Greg KH <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org> (gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org)
2015-06-25 7:05 ` Sergey Senozhatsky
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.