On Wed, Apr 14, 2021 at 1:16 AM Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> wrote: > On Mon, Apr 12, 2021 at 8:38 AM Florent Revest <revest@xxxxxxxxxxxx> wrote: > > +static int check_bpf_snprintf_call(struct bpf_verifier_env *env, > > + struct bpf_reg_state *regs) > > +{ > > + struct bpf_reg_state *fmt_reg = ®s[BPF_REG_3]; > > + struct bpf_reg_state *data_len_reg = ®s[BPF_REG_5]; > > + struct bpf_map *fmt_map = fmt_reg->map_ptr; > > + int err, fmt_map_off, num_args; > > + u64 fmt_addr; > > + char *fmt; > > + > > + /* data must be an array of u64 */ > > + if (data_len_reg->var_off.value % 8) > > + return -EINVAL; > > + num_args = data_len_reg->var_off.value / 8; > > + > > + /* fmt being ARG_PTR_TO_CONST_STR guarantees that var_off is const > > + * and map_direct_value_addr is set. > > + */ > > + fmt_map_off = fmt_reg->off + fmt_reg->var_off.value; > > + err = fmt_map->ops->map_direct_value_addr(fmt_map, &fmt_addr, > > + fmt_map_off); > > + if (err) > > + return err; > > + fmt = (char *)fmt_addr + fmt_map_off; > > + > > bot complained about lack of (long) cast before fmt_addr, please address Will do. > > + /* Maximumly we can have MAX_SNPRINTF_VARARGS parameters, just give > > + * all of them to snprintf(). > > + */ > > + err = snprintf(str, str_size, fmt, BPF_CAST_FMT_ARG(0, args, mod), > > + BPF_CAST_FMT_ARG(1, args, mod), BPF_CAST_FMT_ARG(2, args, mod), > > + BPF_CAST_FMT_ARG(3, args, mod), BPF_CAST_FMT_ARG(4, args, mod), > > + BPF_CAST_FMT_ARG(5, args, mod), BPF_CAST_FMT_ARG(6, args, mod), > > + BPF_CAST_FMT_ARG(7, args, mod), BPF_CAST_FMT_ARG(8, args, mod), > > + BPF_CAST_FMT_ARG(9, args, mod), BPF_CAST_FMT_ARG(10, args, mod), > > + BPF_CAST_FMT_ARG(11, args, mod)); > > + > > + put_fmt_tmp_buf(); > > reading this for at least 3rd time, this put_fmt_tmp_buf() looks a bit > out of place and kind of random. I think bpf_printf_cleanup() name > pairs with bpf_printf_prepare() better. Yes, I thought it would be clever to name that function put_fmt_tmp_buf() as a clear parallel to try_get_fmt_tmp_buf() but because it only puts the buffer if it is used and because they get called in two different contexts, it's after all maybe not such a clever name... I'll revert to bpf_printf_cleanup(). Thank you for your patience with my naming adventures! :) > > + > > + return err + 1; > > snprintf() already returns string length *including* terminating zero, > so this is wrong lib/vsprintf.c says: * The return value is the number of characters which would be * generated for the given input, excluding the trailing null, * as per ISO C99. Also if I look at the "no arg" test case in the selftest patch. "simple case" is asserted to return 12 which seems correct to me (includes the terminating zero only once). Am I missing something ? However that makes me wonder whether it would be more appropriate to return the value excluding the trailing null. On one hand it makes sense to be coherent with other BPF helpers that include the trailing zero (as discussed in patch v1), on the other hand the helper is clearly named after the standard "snprintf" function and it's likely that users will assume it works the same as the std snprintf.