From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.2 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18D65C28CBC for ; Wed, 6 May 2020 17:47:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F029820CC7 for ; Wed, 6 May 2020 17:47:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728686AbgEFRrv (ORCPT ); Wed, 6 May 2020 13:47:51 -0400 Received: from verein.lst.de ([213.95.11.211]:42252 "EHLO verein.lst.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728566AbgEFRrv (ORCPT ); Wed, 6 May 2020 13:47:51 -0400 Received: by verein.lst.de (Postfix, from userid 2407) id C3AAB68C7B; Wed, 6 May 2020 19:47:47 +0200 (CEST) Date: Wed, 6 May 2020 19:47:47 +0200 From: Christoph Hellwig To: Linus Torvalds Cc: Christoph Hellwig , the arch/x86 maintainers , Alexei Starovoitov , Daniel Borkmann , Masami Hiramatsu , Andrew Morton , linux-parisc@vger.kernel.org, linux-um , Netdev , bpf@vger.kernel.org, Linux-MM , Linux Kernel Mailing List Subject: Re: [PATCH 08/15] maccess: rename strnlen_unsafe_user to strnlen_user_unsafe Message-ID: <20200506174747.GA7549@lst.de> References: <20200506062223.30032-1-hch@lst.de> <20200506062223.30032-9-hch@lst.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.17 (2007-11-01) Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org On Wed, May 06, 2020 at 10:44:15AM -0700, Linus Torvalds wrote: > So while I think using a consistent convention is good, and it's true > that there is a difference in the convention between the two cases > ("unsafe" at the beginning vs end), one of them is actually about the > safety and security of the operation (and we have automated logic > these days to verify it on x86), the other has nothing to do with > "safety", really. > > Would it be better to standardize around a "probe_xyz()" naming? So: probe_strncpy, probe_strncpy_user, probe_strnlen_user? Sounds weird, but at least it is consistent. > Or perhaps a "xyz_nofault()" naming? That sounds a little better: strncpy_nofault, strncpy_user_nofault, strnlen_user_nofault > I realize this is nit-picky, and I think the patch series as-is is > already an improvement, but I do think our naming in this area is > really quite bad. Always open for improvements :) > The fact that we have "probe_kernel_read()" but then > "strncpy_from_user_unsafe()" for the _same_ conceptual difference > really tells me how inconsistent the naming for these kinds of "we > can't take page faults" is. No? True. If we wanted to do _nofaul, what would the basic read/write versions be?