On Mon, Jan 31, 2022 at 12:02:29PM +0100, Rasmus Villemoes wrote:
> On 31/01/2022 11.34, Andy Shevchenko wrote:
> > On Mon, Jan 31, 2022 at 12:30:33PM +0200, Andy Shevchenko wrote:
> >> On Mon, Jan 31, 2022 at 12:25:09PM +0200, Andy Shevchenko wrote:
> >>> On Sun, Jan 30, 2022 at 12:49:37PM -0800, David Rientjes wrote:
> >>>> On Sat, 29 Jan 2022, Waiman Long wrote:
> >>>>
> >>>>> For *scnprintf(), vsnprintf() is always called even if the input size is
> >>>>> 0. That is a waste of time, so just return 0 in this case.
> >>>
> >>> Why do you think it's not legit?
> >>
> >> I have to elaborate.
> >>
> >> For *nprintf() the size=0 is quite useful to have.
> >> For *cnprintf() the size=0 makes less sense, but, if we read `man snprintf()`:
> >>
> >> The functions snprintf() and vsnprintf() do not write more than size bytes
> >> (including the terminating null byte ('\0')). If the output was truncated due
> >> to this limit, then the return value is the number of characters (excluding
> >> the terminating null byte) which would have been written to the final string
> >> if enough space had been available. Thus, a return value of size or more
> >> means that the output was truncated. (See also below under NOTES.)
> >>
> >> If an output error is encountered, a negative value is returned.
> >>
> >> Note the last sentence there. You need to answer to it in the commit message
> >> why your change is okay and it will show that you thought through all possible
> >> scenarios.
> >
> > Also it seems currently the kernel documentation is not aligned with the code
> >
> > "If @size is == 0 the function returns 0."
> >
> > It should mention the (theoretical?) possibility of getting negative value,
> > if vsnprintf() returns negative value.
> >
>
> The kernel's vsnprintf _will never_ return a negative value. There is
> way too much code which relies on that. It also has to work from any
> context, so we'll never do any memory allocation or anything else that
> could possibly force us to error out, and even if we encounter some
> impossible situation, we do not return a negative value, but just stop
> the output where we are.
Yep, I see the code. My comments more or less are related to the (better)
commit message which may include what you just said.
> So yes, micro-optimizing [v]scnprintf() is completely valid, but I've
> never bothered to send the patch because the use case for scnprintf() is
> primarily the
>
> ret += scnprintf(buf + ret, size - ret, ...);
>
> pattern, with ret starting out at 0 and size being some non-zero number.
> When given a non-zero size, scnprintf() is guaranteed to return
> something _strictly less_ than that value; that invariant guarantees
> that the size-ret expression never becomes 0. So if scnprintf() is
> properly used, I can't think of any situation where size will be 0,
> hence I see that patch as correct-but-mostly-pointless.
Good remark and again commit message probably should elaborate this as
well.
--
With Best Regards,
Andy Shevchenko
