On Thu 2021-05-20 09:12:34, Justin He wrote: > Hi Al > > > -----Original Message----- > > From: Al Viro <viro@xxxxxxxxxxxxxxxx> On Behalf Of Al Viro > > Sent: Wednesday, May 19, 2021 8:49 AM > > To: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > > Cc: Justin He <Justin.He@xxxxxxx>; Petr Mladek <pmladek@xxxxxxxx>; Steven > > Rostedt <rostedt@xxxxxxxxxxx>; Sergey Senozhatsky > > <senozhatsky@xxxxxxxxxxxx>; Andy Shevchenko > > <andriy.shevchenko@xxxxxxxxxxxxxxx>; Rasmus Villemoes > > <linux@xxxxxxxxxxxxxxxxxx>; Jonathan Corbet <corbet@xxxxxxx>; Heiko > > Carstens <hca@xxxxxxxxxxxxx>; Vasily Gorbik <gor@xxxxxxxxxxxxx>; Christian > > Borntraeger <borntraeger@xxxxxxxxxx>; Eric W . Biederman > > <ebiederm@xxxxxxxxxxxx>; Darrick J. Wong <darrick.wong@xxxxxxxxxx>; Peter > > Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>; Ira Weiny <ira.weiny@xxxxxxxxx>; > > Eric Biggers <ebiggers@xxxxxxxxxx>; Ahmed S. Darwish > > <a.darwish@xxxxxxxxxxxxx>; open list:DOCUMENTATION <linux- > > doc@xxxxxxxxxxxxxxx>; Linux Kernel Mailing List <linux- > > kernel@xxxxxxxxxxxxxxx>; linux-s390 <linux-s390@xxxxxxxxxxxxxxx>; linux- > > fsdevel <linux-fsdevel@xxxxxxxxxxxxxxx> > > Subject: [PATCH 08/14] d_path: make prepend_name() boolean > > > > It returns only 0 or -ENAMETOOLONG and both callers only check if > > the result is negative. Might as well return true on success and > > false on failure... > > > > Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > > --- > > fs/d_path.c | 12 ++++++------ > > 1 file changed, 6 insertions(+), 6 deletions(-) > > > > diff --git a/fs/d_path.c b/fs/d_path.c > > index 327cc3744554..83db83446afd 100644 > > --- a/fs/d_path.c > > +++ b/fs/d_path.c > > @@ -34,15 +34,15 @@ static void prepend(char **buffer, int *buflen, const > > char *str, int namelen) > > * > > * Load acquire is needed to make sure that we see that terminating NUL. > > */ > > -static int prepend_name(char **buffer, int *buflen, const struct qstr > > *name) > > +static bool prepend_name(char **buffer, int *buflen, const struct qstr > > *name) > > { > > const char *dname = smp_load_acquire(&name->name); /* ^^^ */ > > u32 dlen = READ_ONCE(name->len); > > char *p; > > > > *buflen -= dlen + 1; > > - if (*buflen < 0) > > - return -ENAMETOOLONG; > > + if (unlikely(*buflen < 0)) > > + return false; > > I don't object to this patch itself. > Just wonder whether we need to relax the check condition of "*buflen < 0" ? > > Given that in vsnprintf code path, sometimes the *buflen is < 0. > > Please see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/lib/vsprintf.c#n2698 IMHO, the patch is fine. It is likely some misunderstanding. The above link points to: 2693 str = buf; 2694 end = buf + size; 2695 2696 /* Make sure end is always >= buf */ 2697 if (end < buf) { 2698 end = ((void *)-1); 2699 size = end - buf; 2700 } "end" points right behind the end of the buffer. It is later used instead of the buffer size. The above code handles a potential overflow of "buf + size". I causes that "end" will be 0xffffffff in case of the overflow. That said. vsnprintf() returns the number of characters which would be generated for the given input. But only the "size" is written. This require copying the characters one by one. It is useful to see how many characters were lost. But I am not sure if this ever worked for the dentry functions. Best Regards, Petr