[PATCH RFC 2/2] sysfs: add helper macro for showing simple integer values

From: Alex Dewar
Date: Sat Aug 29 2020 - 19:41:18 EST

Next message: Chao Yu: "Re: [f2fs-dev] [PATCH] f2fs: make fibmap consistent with fiemap for compression chunk"
Previous message: Alex Dewar: "[PATCH RFC 1/2] sysfs: add helpers for safely showing simple strings"
In reply to: Alex Dewar: "[PATCH RFC 1/2] sysfs: add helpers for safely showing simple strings"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH RFC 2/2] sysfs: add helper macro for showing simple integer values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sysfs attributes are supposed to be only single values, which are
printed into a buffer of PAGE_SIZE. Accordingly, for many simple
attributes, sprintf() can be used like so:
static ssize_t my_show(..., char *buf)
{
...
return sprintf("%d\n", my_integer);
}

The problem is that whilst this use of sprintf() is memory safe, other
cases where e.g. a possibly unterminated string is passed as input, are
not and so use of sprintf() here might make it more difficult to
identify these problematic cases.

Define a macro, sysfs_sprinti(), which outputs the value of a single
integer to a buffer (with terminating "\n\0") and returns the size written.
This way, we can convert over the some of the trivially correct users of
sprintf() and decrease its usage in the kernel source tree.

Another advantage of this approach is that we can now statically check
the type of the integer so that e.g. an unsigned long long will be
formatted as %llu. This will fix cases where the wrong format string has
been passed to sprintf().

Signed-off-by: Alex Dewar <alex.dewar90@xxxxxxxxx>
---
include/linux/sysfs.h | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)

diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
index 26e7d9f69dfd..763316788153 100644
--- a/include/linux/sysfs.h
+++ b/include/linux/sysfs.h
@@ -197,6 +197,37 @@ sysfs_strscpy((dest), (src), \
) \
)

+/**
+ * sysfs_sprinti - emit an integer-type value from a sysfs show method
+ * @buf: destination buffer
+ * @x: the variable whose value is to be shown
+ *
+ * The appropriate format is passed to sprintf() according to the type of
+ * x, preventing accidental misuse of format strings.
+ */
+#define sysfs_sprinti(buf, x) \
+({ \
+ BUILD_BUG_ON(!__builtin_types_compatible_p(typeof(x), unsigned int) && \
+ !__builtin_types_compatible_p(typeof(x), unsigned long) && \
+ !__builtin_types_compatible_p(typeof(x), unsigned long long) && \
+ !__builtin_types_compatible_p(typeof(x), int) && \
+ !__builtin_types_compatible_p(typeof(x), short) && \
+ !__builtin_types_compatible_p(typeof(x), unsigned short)); \
+ __builtin_choose_expr( \
+ __builtin_types_compatible_p(typeof(x), unsigned int), \
+ sprintf(buf, "%u\n", (unsigned int)(x)), \
+ __builtin_choose_expr( \
+ __builtin_types_compatible_p(typeof(x), unsigned long), \
+ sprintf(buf, "%lu\n", (unsigned long)(x)), \
+ __builtin_choose_expr( \
+ __builtin_types_compatible_p(typeof(x), unsigned long long), \
+ sprintf(buf, "%llu\n", (unsigned long long)(x)), \
+ sprintf(buf, "%d\n", (int)(x)) \
+ ) \
+ ) \
+ ); \
+})
+
struct file;
struct vm_area_struct;

--
2.28.0

Next message: Chao Yu: "Re: [f2fs-dev] [PATCH] f2fs: make fibmap consistent with fiemap for compression chunk"
Previous message: Alex Dewar: "[PATCH RFC 1/2] sysfs: add helpers for safely showing simple strings"
In reply to: Alex Dewar: "[PATCH RFC 1/2] sysfs: add helpers for safely showing simple strings"
Next in thread: Greg Kroah-Hartman: "Re: [PATCH RFC 2/2] sysfs: add helper macro for showing simple integer values"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]