On Fri, 2018-04-06 at 11:15 +0200, Petr Mladek wrote: > On Thu 2018-04-05 15:30:51, Rasmus Villemoes wrote: > > On 2018-04-04 10:58, Petr Mladek wrote: > > > We are going to check the address using probe_kernel_address(). It > > > will > > > be more expensive and it does not make sense for well known > > > address. > > > > > > This patch splits the string() function. The variant without the > > > check > > > is then used on locations that handle string constants or strings > > > defined > > > as local variables. > > > > > > This patch does not change the existing behavior. > > > > Please leave string() alone, except for moving the < PAGE_SIZE check > > to > > a new helper checked_string (feel free to find a better name), and > > use > > checked_string for handling %s and possibly the few other cases > > where > > we're passing a user-supplied pointer. That avoids cluttering the > > entire > > file with double-underscore calls, and e.g. in the %pO case, it's > > easier > > to understand why one uses two different *string() helpers if the > > name > > of one somehow conveys how it is different from the other. > > I understand your reasoning. I thought about exactly this as well. > My problem is that string() will then be unsafe. It might be dangerous > when porting patches.
I agree with Rasmus, and your argument here from my point of view kinda weak. Are we really going to backport this patches? Why? We lived w/o them for a long time. What's changed now? > Is _string() really that bad? I would think so. -- Andy Shevchenko <andriy.shevche...@linux.intel.com> Intel Finland Oy