On Sun 2021-05-30 16:18:23, Matthew Wilcox wrote: > On Fri, May 28, 2021 at 10:06:37PM +0200, Rasmus Villemoes wrote: > > On 28/05/2021 16.22, Justin He wrote: > > > > > >> From: Matthew Wilcox <willy@xxxxxxxxxxxxx> > > > > >> How is it "safer"? You already have a buffer passed from the caller. > > >> Are you saying that d_path_fast() might overrun a really small buffer > > >> but won't overrun a 256 byte buffer? > > > No, it won't overrun a 256 byte buf. When the full path size is larger than 256, the p->len is < 0 in prepend_name, and this overrun will be > > > dectected in extract_string() with "-ENAMETOOLONG". > > > > > > Each printk contains 2 vsnprintf. vsnprintf() returns the required size after formatting the string.> > > > 1. vprintk_store() will invoke 1st vsnprintf() will 8 bytes space to get the reserve_size. In this case, the _buf_ could be less than _end_ by design. > > > 2. Then it invokes 2nd printk_sprint()->vscnprintf()->vsnprintf() to really fill the space. > > > > Please do not assume that printk is the only user of vsnprintf() or the > > only one that would use a given %p<foo> extension. > > > > Also, is it clear that nothing can change underneath you in between two > > calls to vsnprintf()? IOW, is it certain that the path will fit upon a > > second call using the size returned from the first? > > No, but that's also true of %s. I think vprintk_store() is foolish to > do it this way. Just for record. vprintk_store() is foolish here by intention. It avoids the need of static per-CPU X per-context buffers and it is simple. I believe that it should be good enough in practice. Any race here would make the result racy anyway. Of course, we might need to reconsider it if there are real life problems with this approach. Best Regards, Petr