On Fri, May 28, 2021 at 10:06:37PM +0200, Rasmus Villemoes wrote: > On 28/05/2021 16.22, Justin He wrote: > > > >> From: Matthew Wilcox <willy@xxxxxxxxxxxxx> > > >> How is it "safer"? You already have a buffer passed from the caller. > >> Are you saying that d_path_fast() might overrun a really small buffer > >> but won't overrun a 256 byte buffer? > > No, it won't overrun a 256 byte buf. When the full path size is larger than 256, the p->len is < 0 in prepend_name, and this overrun will be > > dectected in extract_string() with "-ENAMETOOLONG". > > > > Each printk contains 2 vsnprintf. vsnprintf() returns the required size after formatting the string.> > > 1. vprintk_store() will invoke 1st vsnprintf() will 8 bytes space to get the reserve_size. In this case, the _buf_ could be less than _end_ by design. > > 2. Then it invokes 2nd printk_sprint()->vscnprintf()->vsnprintf() to really fill the space. > > Please do not assume that printk is the only user of vsnprintf() or the > only one that would use a given %p<foo> extension. > > Also, is it clear that nothing can change underneath you in between two > calls to vsnprintf()? IOW, is it certain that the path will fit upon a > second call using the size returned from the first? No, but that's also true of %s. I think vprintk_store() is foolish to do it this way.
