From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
To: Arnd Bergmann <arnd@kernel.org>
Cc: "Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Huang Rui" <ray.huang@amd.com>,
"Jinzhou Su" <Jinzhou.Su@amd.com>,
"amd-gfx list" <amd-gfx@lists.freedesktop.org>,
dri-devel <dri-devel@lists.freedesktop.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] amdgpu: fix gcc -Wrestrict warning
Date: Wed, 24 Mar 2021 15:14:36 +0100 [thread overview]
Message-ID: <4e63dbbc-0aa3-2950-dda1-1e6aa19d7d5d@rasmusvillemoes.dk> (raw)
In-Reply-To: <CAK8P3a17=PdOqKrvemuP1OCzoxRZ0HLBje-tV4Ssc=kZeVbQRw@mail.gmail.com>
On 24/03/2021 14.33, Arnd Bergmann wrote:
> On Tue, Mar 23, 2021 at 4:57 PM Rasmus Villemoes
> <linux@rasmusvillemoes.dk> wrote:
>> On 23/03/2021 14.04, Arnd Bergmann wrote:
>>> if (securedisplay_cmd->status == TA_SECUREDISPLAY_STATUS__SUCCESS) {
>>> + int pos = 0;
>>> memset(i2c_output, 0, sizeof(i2c_output));
>>> for (i = 0; i < TA_SECUREDISPLAY_I2C_BUFFER_SIZE; i++)
>>> - sprintf(i2c_output, "%s 0x%X", i2c_output,
>>> + pos += sprintf(i2c_output + pos, " 0x%X",
>>> securedisplay_cmd->securedisplay_out_message.send_roi_crc.i2c_buf[i]);
>>> dev_info(adev->dev, "SECUREDISPLAY: I2C buffer out put is :%s\n", i2c_output);
>>
>> Eh, why not get rid of the 256 byte stack allocation and just replace
>> all of this by
>>
>> dev_info(adev->dev, ""SECUREDISPLAY: I2C buffer out put is: %*ph\n",
>> TA_SECUREDISPLAY_I2C_BUFFER_SIZE,
>> securedisplay_cmd->securedisplay_out_message.send_roi_crc.i2c_buf);
>>
>> That's much less code (both in #LOC and .text), and avoids adding yet
>> another place that will be audited over and over for "hm, yeah, that
>> sprintf() is actually not gonna overflow".
>>
>> Yeah, it'll lose the 0x prefixes for each byte and use lowercase hex chars.
>
> Ah, I didn't know the kernel's sprintf could do that, that's really nice.
If you're bored, you can "git grep -E -C4 '%[0.]2[xX]'" and find places
that are inside a small loop, many can trivially be converted to %ph,
though often with some small change in formatting. If you're lucky, you
even get to fix real bugs when people pass a "char" to %02x and "know"
that that will produce precisely two bytes of output, so they've sized
their stack buffer accordingly - boom when "char" happens to be signed
and one of the bytes have a value beyond ascii and %02x produces 0xffffffXX.
%ph has a hard-coded upper bound of 64 bytes, I think that's silly
because people instead do these inefficient and very verbose loops
instead, wasting stack, .text and runtime.
Rasmus
WARNING: multiple messages have this Message-ID (diff)
From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
To: Arnd Bergmann <arnd@kernel.org>
Cc: "Jinzhou Su" <Jinzhou.Su@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"amd-gfx list" <amd-gfx@lists.freedesktop.org>,
"Huang Rui" <ray.huang@amd.com>,
dri-devel <dri-devel@lists.freedesktop.org>,
"Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>
Subject: Re: [PATCH] amdgpu: fix gcc -Wrestrict warning
Date: Wed, 24 Mar 2021 15:14:36 +0100 [thread overview]
Message-ID: <4e63dbbc-0aa3-2950-dda1-1e6aa19d7d5d@rasmusvillemoes.dk> (raw)
In-Reply-To: <CAK8P3a17=PdOqKrvemuP1OCzoxRZ0HLBje-tV4Ssc=kZeVbQRw@mail.gmail.com>
On 24/03/2021 14.33, Arnd Bergmann wrote:
> On Tue, Mar 23, 2021 at 4:57 PM Rasmus Villemoes
> <linux@rasmusvillemoes.dk> wrote:
>> On 23/03/2021 14.04, Arnd Bergmann wrote:
>>> if (securedisplay_cmd->status == TA_SECUREDISPLAY_STATUS__SUCCESS) {
>>> + int pos = 0;
>>> memset(i2c_output, 0, sizeof(i2c_output));
>>> for (i = 0; i < TA_SECUREDISPLAY_I2C_BUFFER_SIZE; i++)
>>> - sprintf(i2c_output, "%s 0x%X", i2c_output,
>>> + pos += sprintf(i2c_output + pos, " 0x%X",
>>> securedisplay_cmd->securedisplay_out_message.send_roi_crc.i2c_buf[i]);
>>> dev_info(adev->dev, "SECUREDISPLAY: I2C buffer out put is :%s\n", i2c_output);
>>
>> Eh, why not get rid of the 256 byte stack allocation and just replace
>> all of this by
>>
>> dev_info(adev->dev, ""SECUREDISPLAY: I2C buffer out put is: %*ph\n",
>> TA_SECUREDISPLAY_I2C_BUFFER_SIZE,
>> securedisplay_cmd->securedisplay_out_message.send_roi_crc.i2c_buf);
>>
>> That's much less code (both in #LOC and .text), and avoids adding yet
>> another place that will be audited over and over for "hm, yeah, that
>> sprintf() is actually not gonna overflow".
>>
>> Yeah, it'll lose the 0x prefixes for each byte and use lowercase hex chars.
>
> Ah, I didn't know the kernel's sprintf could do that, that's really nice.
If you're bored, you can "git grep -E -C4 '%[0.]2[xX]'" and find places
that are inside a small loop, many can trivially be converted to %ph,
though often with some small change in formatting. If you're lucky, you
even get to fix real bugs when people pass a "char" to %02x and "know"
that that will produce precisely two bytes of output, so they've sized
their stack buffer accordingly - boom when "char" happens to be signed
and one of the bytes have a value beyond ascii and %02x produces 0xffffffXX.
%ph has a hard-coded upper bound of 64 bytes, I think that's silly
because people instead do these inefficient and very verbose loops
instead, wasting stack, .text and runtime.
Rasmus
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
WARNING: multiple messages have this Message-ID (diff)
From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
To: Arnd Bergmann <arnd@kernel.org>
Cc: "Jinzhou Su" <Jinzhou.Su@amd.com>,
"David Airlie" <airlied@linux.ie>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"amd-gfx list" <amd-gfx@lists.freedesktop.org>,
"Huang Rui" <ray.huang@amd.com>,
dri-devel <dri-devel@lists.freedesktop.org>,
"Daniel Vetter" <daniel@ffwll.ch>,
"Alex Deucher" <alexander.deucher@amd.com>,
"Christian König" <christian.koenig@amd.com>
Subject: Re: [PATCH] amdgpu: fix gcc -Wrestrict warning
Date: Wed, 24 Mar 2021 15:14:36 +0100 [thread overview]
Message-ID: <4e63dbbc-0aa3-2950-dda1-1e6aa19d7d5d@rasmusvillemoes.dk> (raw)
In-Reply-To: <CAK8P3a17=PdOqKrvemuP1OCzoxRZ0HLBje-tV4Ssc=kZeVbQRw@mail.gmail.com>
On 24/03/2021 14.33, Arnd Bergmann wrote:
> On Tue, Mar 23, 2021 at 4:57 PM Rasmus Villemoes
> <linux@rasmusvillemoes.dk> wrote:
>> On 23/03/2021 14.04, Arnd Bergmann wrote:
>>> if (securedisplay_cmd->status == TA_SECUREDISPLAY_STATUS__SUCCESS) {
>>> + int pos = 0;
>>> memset(i2c_output, 0, sizeof(i2c_output));
>>> for (i = 0; i < TA_SECUREDISPLAY_I2C_BUFFER_SIZE; i++)
>>> - sprintf(i2c_output, "%s 0x%X", i2c_output,
>>> + pos += sprintf(i2c_output + pos, " 0x%X",
>>> securedisplay_cmd->securedisplay_out_message.send_roi_crc.i2c_buf[i]);
>>> dev_info(adev->dev, "SECUREDISPLAY: I2C buffer out put is :%s\n", i2c_output);
>>
>> Eh, why not get rid of the 256 byte stack allocation and just replace
>> all of this by
>>
>> dev_info(adev->dev, ""SECUREDISPLAY: I2C buffer out put is: %*ph\n",
>> TA_SECUREDISPLAY_I2C_BUFFER_SIZE,
>> securedisplay_cmd->securedisplay_out_message.send_roi_crc.i2c_buf);
>>
>> That's much less code (both in #LOC and .text), and avoids adding yet
>> another place that will be audited over and over for "hm, yeah, that
>> sprintf() is actually not gonna overflow".
>>
>> Yeah, it'll lose the 0x prefixes for each byte and use lowercase hex chars.
>
> Ah, I didn't know the kernel's sprintf could do that, that's really nice.
If you're bored, you can "git grep -E -C4 '%[0.]2[xX]'" and find places
that are inside a small loop, many can trivially be converted to %ph,
though often with some small change in formatting. If you're lucky, you
even get to fix real bugs when people pass a "char" to %02x and "know"
that that will produce precisely two bytes of output, so they've sized
their stack buffer accordingly - boom when "char" happens to be signed
and one of the bytes have a value beyond ascii and %02x produces 0xffffffXX.
%ph has a hard-coded upper bound of 64 bytes, I think that's silly
because people instead do these inefficient and very verbose loops
instead, wasting stack, .text and runtime.
Rasmus
_______________________________________________
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
next prev parent reply other threads:[~2021-03-24 14:15 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-23 13:04 [PATCH] amdgpu: fix gcc -Wrestrict warning Arnd Bergmann
2021-03-23 13:04 ` Arnd Bergmann
2021-03-23 13:04 ` Arnd Bergmann
2021-03-23 15:33 ` Alex Deucher
2021-03-23 15:33 ` Alex Deucher
2021-03-23 15:33 ` Alex Deucher
2021-03-23 15:57 ` Rasmus Villemoes
2021-03-23 15:57 ` Rasmus Villemoes
2021-03-23 15:57 ` Rasmus Villemoes
2021-03-24 13:33 ` Arnd Bergmann
2021-03-24 13:33 ` Arnd Bergmann
2021-03-24 13:33 ` Arnd Bergmann
2021-03-24 14:14 ` Rasmus Villemoes [this message]
2021-03-24 14:14 ` Rasmus Villemoes
2021-03-24 14:14 ` Rasmus Villemoes
2021-03-24 14:31 ` Joe Perches
2021-03-24 14:31 ` Joe Perches
2021-03-24 14:31 ` Joe Perches
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4e63dbbc-0aa3-2950-dda1-1e6aa19d7d5d@rasmusvillemoes.dk \
--to=linux@rasmusvillemoes.dk \
--cc=Jinzhou.Su@amd.com \
--cc=airlied@linux.ie \
--cc=alexander.deucher@amd.com \
--cc=amd-gfx@lists.freedesktop.org \
--cc=arnd@kernel.org \
--cc=christian.koenig@amd.com \
--cc=daniel@ffwll.ch \
--cc=dri-devel@lists.freedesktop.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ray.huang@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.