On Tue, Nov 14, 2017 at 08:34:08AM +0100, Ingo Molnar wrote:
>
> * Ricardo Neri <ricardo.neri-calde...@linux.intel.com> wrote:
>
> > +const char * const umip_insns[5] = {
> > + [UMIP_INST_SGDT] = "sgdt",
> > + [UMIP_INST_SIDT] = "sidt",
> > + [UMIP_INST_SMSW] = "smsw",
> > + [UMIP_INST_SLDT] = "sldt",
> > + [UMIP_INST_STR] = "str",
> > +};
>
> Sigh ...
It made sense to me to capitalize code and changelogs but keep the printed
warnings
in lower case. Thus, the format would look like:
umip: smsw instruction cannot be used by applications.
I do see that this could be confusing with STR. I will capitalize these as well.
>
> > +/*
> > + * If you change these strings, ensure that buffers using them are
> > sufficiently
> > + * large.
> > + */
> > +static const char umip_warn_use[] = "cannot be used by applications.";
> > +static const char umip_warn_emu[] = "For now, expensive software emulation
> > returns result.";
>
> Please use the string literals directly, don't add an extra obfuscation layer.
>
> Plus:
>
> > + unsigned char buf[MAX_INSN_SIZE], warn[128];
>
> > + snprintf(warn, sizeof(warn), "%s %s", umip_insns[umip_inst],
> > + umip_warn_use);
>
> This is incredibly fragile against future buffer overflows, and warning about
> it
> in comments does not make it less fragile!
I need to concatenate the instruction mnemonic with the a string. Does
something like
this is more acceptable?
unsigned char warn[50];
...
strcpy(warn, umip_insns[umip_inst]);
strcat(warn, " instruction cannot be used by applications.");
umip_pr_warn(regs, warn, 0);
In this manner I use the string literal directly but I still have a buffer that
might
overflow. Code looks more clear to me. I could #defines for the string lengths
or
set a maximum length.
Thanks and BR,
Ricardo
