Re: [PATCH 1/3] lib: early_string: allow early usage of some string functions
On Mon, May 03, 2021 at 11:01:41AM -0700, Daniel Walker wrote: > On Sat, May 01, 2021 at 09:31:47AM +0200, Christophe Leroy wrote: > > > > > In fact, should be like in prom_init today: > > > > > > #ifdef __EARLY_STRING_ENABLED > > > if (dsize >= count) > > > return count; > > > #else > > > BUG_ON(dsize >= count); > > > #endif > > > > Thinking about it once more, this BUG_ON() is overkill and should be > > avoided, see https://www.kernel.org/doc/html/latest/process/deprecated.html > > > > Therefore, something like the following would make it: > > > > if (dsize >= count) { > > WARN_ON(!__is_defined(__EARLY_STRING_ENABLED)); > > > > return count; > > } > > I agree, it's overkill it stop the system for this condition. > > how about I do something more like this for my changes, > > > > if (WARN_ON(dsize >= count && !__is_defined(__EARLY_STRING_ENABLED))) > > return count; I'll have to work on this one.. Daniel
Re: [PATCH 1/3] lib: early_string: allow early usage of some string functions
On Sat, May 01, 2021 at 09:31:47AM +0200, Christophe Leroy wrote: > > > In fact, should be like in prom_init today: > > > > #ifdef __EARLY_STRING_ENABLED > > if (dsize >= count) > > return count; > > #else > > BUG_ON(dsize >= count); > > #endif > > Thinking about it once more, this BUG_ON() is overkill and should be > avoided, see https://www.kernel.org/doc/html/latest/process/deprecated.html > > Therefore, something like the following would make it: > > if (dsize >= count) { > WARN_ON(!__is_defined(__EARLY_STRING_ENABLED)); > > return count; > } I agree, it's overkill it stop the system for this condition. how about I do something more like this for my changes, > if (WARN_ON(dsize >= count && !__is_defined(__EARLY_STRING_ENABLED))) > return count; and for generic kernel, > if (WARN_ON(dsize >= count)) > return count; Daniel
Re: [PATCH 1/3] lib: early_string: allow early usage of some string functions
Le 30/04/2021 à 10:50, Christophe Leroy a écrit : Le 30/04/2021 à 10:47, Christophe Leroy a écrit : Le 30/04/2021 à 06:22, Daniel Walker a écrit : This systems allows some string functions to be moved into lib/early_string.c and they will be prepended with "early_" and compiled without debugging like KASAN. This is already done on x86 for, "AMD Secure Memory Encryption (SME) support" and on powerpc prom_init.c , and EFI's libstub. The AMD memory feature disabled KASAN for all string functions, and prom_init.c and efi libstub implement their own versions of the functions. This implementation allows sharing of the string functions without removing the debugging features for the whole system. This looks good. I prefer that rather than the way you proposed to do it two years ago. Only one problem, see below. +size_t strlcat(char *dest, const char *src, size_t count) +{ + size_t dsize = strlen(dest); + size_t len = strlen(src); + size_t res = dsize + len; + + /* This would be a bug */ + BUG_ON(dsize >= count); powerpc is not ready to handle BUG_ON() in when in prom_init. Can you do: #ifndef __EARLY_STRING_ENABLED BUG_ON(dsize >= count); #endif In fact, should be like in prom_init today: #ifdef __EARLY_STRING_ENABLED if (dsize >= count) return count; #else BUG_ON(dsize >= count); #endif Thinking about it once more, this BUG_ON() is overkill and should be avoided, see https://www.kernel.org/doc/html/latest/process/deprecated.html Therefore, something like the following would make it: if (dsize >= count) { WARN_ON(!__is_defined(__EARLY_STRING_ENABLED)); return count; } + + dest += dsize; + count -= dsize; + if (len >= count) + len = count-1; + memcpy(dest, src, len); + dest[len] = 0; + return res; +} +EXPORT_SYMBOL(strlcat); +#endif +
Re: [PATCH 1/3] lib: early_string: allow early usage of some string functions
Le 30/04/2021 à 10:47, Christophe Leroy a écrit : Le 30/04/2021 à 06:22, Daniel Walker a écrit : This systems allows some string functions to be moved into lib/early_string.c and they will be prepended with "early_" and compiled without debugging like KASAN. This is already done on x86 for, "AMD Secure Memory Encryption (SME) support" and on powerpc prom_init.c , and EFI's libstub. The AMD memory feature disabled KASAN for all string functions, and prom_init.c and efi libstub implement their own versions of the functions. This implementation allows sharing of the string functions without removing the debugging features for the whole system. This looks good. I prefer that rather than the way you proposed to do it two years ago. Only one problem, see below. +size_t strlcat(char *dest, const char *src, size_t count) +{ + size_t dsize = strlen(dest); + size_t len = strlen(src); + size_t res = dsize + len; + + /* This would be a bug */ + BUG_ON(dsize >= count); powerpc is not ready to handle BUG_ON() in when in prom_init. Can you do: #ifndef __EARLY_STRING_ENABLED BUG_ON(dsize >= count); #endif In fact, should be like in prom_init today: #ifdef __EARLY_STRING_ENABLED if (dsize >= count) return count; #else BUG_ON(dsize >= count); #endif + + dest += dsize; + count -= dsize; + if (len >= count) + len = count-1; + memcpy(dest, src, len); + dest[len] = 0; + return res; +} +EXPORT_SYMBOL(strlcat); +#endif +
Re: [PATCH 1/3] lib: early_string: allow early usage of some string functions
Le 30/04/2021 à 06:22, Daniel Walker a écrit : This systems allows some string functions to be moved into lib/early_string.c and they will be prepended with "early_" and compiled without debugging like KASAN. This is already done on x86 for, "AMD Secure Memory Encryption (SME) support" and on powerpc prom_init.c , and EFI's libstub. The AMD memory feature disabled KASAN for all string functions, and prom_init.c and efi libstub implement their own versions of the functions. This implementation allows sharing of the string functions without removing the debugging features for the whole system. This looks good. I prefer that rather than the way you proposed to do it two years ago. Only one problem, see below. +size_t strlcat(char *dest, const char *src, size_t count) +{ + size_t dsize = strlen(dest); + size_t len = strlen(src); + size_t res = dsize + len; + + /* This would be a bug */ + BUG_ON(dsize >= count); powerpc is not ready to handle BUG_ON() in when in prom_init. Can you do: #ifndef __EARLY_STRING_ENABLED BUG_ON(dsize >= count); #endif + + dest += dsize; + count -= dsize; + if (len >= count) + len = count-1; + memcpy(dest, src, len); + dest[len] = 0; + return res; +} +EXPORT_SYMBOL(strlcat); +#endif +