Improving kernel string handling

Posted May 7, 2015 10:10 UTC (Thu) by ibukanov (subscriber, #3942)
Parent article: Improving kernel string handling

I think it would be better for strscpy to require that count should be at least 1 treating count==0 as a programming error with similar consequences as passing a null pointer. This way one can be assured that the result is always null-terminated no matter what.

Improving kernel string handling

Posted May 8, 2015 18:08 UTC (Fri) by reubenhwk (guest, #75803) [Link] (1 responses)

I'd also suggest that -E2BIG is a really bad return value. Rather return -(space_needed).

int rc = strscpy(dest, src, sizeof(dest));
if (rc < 0) {
   dest = malloc(-rc);
   strscpy(dest, src, -rc);
}

...or something like that anyway.

Improving kernel string handling

Posted May 8, 2015 18:49 UTC (Fri) by cesarb (subscriber, #6266) [Link]

For the kernel, -E2BIG is often what you want.

long sys_foo(...)
{
long ret = 0;

/* ... */

ret = strscpy(dest, src, sizeof_dest);
if (ret < 0)
goto err;
/* ret now has the string length, saving a strlen() */

/* ... */

return ret;

err:
/* ...cleanup... */
return ret;
}

That is, in case of error, the value can be returned directly to userspace. That is a common design pattern in the kernel: if a function you called returns a negative value (indicating failure), abort what you were doing and pass that value up the stack.