| Message ID | 20220129205315.478628-2-longman@redhat.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | mm/page_owner: Extend page_owner to show memcg information | expand |
On Sat, 29 Jan 2022, Waiman Long wrote: > For *scnprintf(), vsnprintf() is always called even if the input size is > 0. That is a waste of time, so just return 0 in this case. > > Signed-off-by: Waiman Long <longman@redhat.com> > --- > lib/vsprintf.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > index 3b8129dd374c..a65df546fb06 100644 > --- a/lib/vsprintf.c > +++ b/lib/vsprintf.c > @@ -2895,13 +2895,15 @@ int vscnprintf(char *buf, size_t size, const char *fmt, va_list args) > { > int i; > > + if (!size) > + return 0; Nit: any reason this shouldn't be unlikely()? If the conditional for i < size is likely(), this seems assumed already? > + > i = vsnprintf(buf, size, fmt, args); > > if (likely(i < size)) > return i; > - if (size != 0) > - return size - 1; > - return 0; > + > + return size - 1; > } > EXPORT_SYMBOL(vscnprintf); > > -- > 2.27.0 > > >
On 1/30/22 15:49, David Rientjes wrote: > On Sat, 29 Jan 2022, Waiman Long wrote: > >> For *scnprintf(), vsnprintf() is always called even if the input size is >> 0. That is a waste of time, so just return 0 in this case. >> >> Signed-off-by: Waiman Long <longman@redhat.com> >> --- >> lib/vsprintf.c | 8 +++++--- >> 1 file changed, 5 insertions(+), 3 deletions(-) >> >> diff --git a/lib/vsprintf.c b/lib/vsprintf.c >> index 3b8129dd374c..a65df546fb06 100644 >> --- a/lib/vsprintf.c >> +++ b/lib/vsprintf.c >> @@ -2895,13 +2895,15 @@ int vscnprintf(char *buf, size_t size, const char *fmt, va_list args) >> { >> int i; >> >> + if (!size) >> + return 0; > Nit: any reason this shouldn't be unlikely()? If the conditional for > i < size is likely(), this seems assumed already? Good suggestion. Will make the change in the next version. Cheers, Longman
On (22/01/29 15:53), Waiman Long wrote: > For *scnprintf(), vsnprintf() is always called even if the input size is > 0. That is a waste of time, so just return 0 in this case. > > Signed-off-by: Waiman Long <longman@redhat.com> Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org> > +++ b/lib/vsprintf.c > @@ -2895,13 +2895,15 @@ int vscnprintf(char *buf, size_t size, const char *fmt, va_list args) > { > int i; > > + if (!size) > + return 0; > + > i = vsnprintf(buf, size, fmt, args); > > if (likely(i < size)) > return i; > - if (size != 0) > - return size - 1; > - return 0; > + > + return size - 1; > } > EXPORT_SYMBOL(vscnprintf);
On Sun, Jan 30, 2022 at 12:49:37PM -0800, David Rientjes wrote: > On Sat, 29 Jan 2022, Waiman Long wrote: > > > For *scnprintf(), vsnprintf() is always called even if the input size is > > 0. That is a waste of time, so just return 0 in this case. Why do you think it's not legit?
On Mon, Jan 31, 2022 at 12:25:09PM +0200, Andy Shevchenko wrote: > On Sun, Jan 30, 2022 at 12:49:37PM -0800, David Rientjes wrote: > > On Sat, 29 Jan 2022, Waiman Long wrote: > > > > > For *scnprintf(), vsnprintf() is always called even if the input size is > > > 0. That is a waste of time, so just return 0 in this case. > > Why do you think it's not legit? I have to elaborate. For *nprintf() the size=0 is quite useful to have. For *cnprintf() the size=0 makes less sense, but, if we read `man snprintf()`: The functions snprintf() and vsnprintf() do not write more than size bytes (including the terminating null byte ('\0')). If the output was truncated due to this limit, then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available. Thus, a return value of size or more means that the output was truncated. (See also below under NOTES.) If an output error is encountered, a negative value is returned. Note the last sentence there. You need to answer to it in the commit message why your change is okay and it will show that you thought through all possible scenarios.
On Mon, Jan 31, 2022 at 12:30:33PM +0200, Andy Shevchenko wrote: > On Mon, Jan 31, 2022 at 12:25:09PM +0200, Andy Shevchenko wrote: > > On Sun, Jan 30, 2022 at 12:49:37PM -0800, David Rientjes wrote: > > > On Sat, 29 Jan 2022, Waiman Long wrote: > > > > > > > For *scnprintf(), vsnprintf() is always called even if the input size is > > > > 0. That is a waste of time, so just return 0 in this case. > > > > Why do you think it's not legit? > > I have to elaborate. > > For *nprintf() the size=0 is quite useful to have. > For *cnprintf() the size=0 makes less sense, but, if we read `man snprintf()`: > > The functions snprintf() and vsnprintf() do not write more than size bytes > (including the terminating null byte ('\0')). If the output was truncated due > to this limit, then the return value is the number of characters (excluding > the terminating null byte) which would have been written to the final string > if enough space had been available. Thus, a return value of size or more > means that the output was truncated. (See also below under NOTES.) > > If an output error is encountered, a negative value is returned. > > Note the last sentence there. You need to answer to it in the commit message > why your change is okay and it will show that you thought through all possible > scenarios. Also it seems currently the kernel documentation is not aligned with the code "If @size is == 0 the function returns 0." It should mention the (theoretical?) possibility of getting negative value, if vsnprintf() returns negative value.
On 31/01/2022 11.34, Andy Shevchenko wrote: > On Mon, Jan 31, 2022 at 12:30:33PM +0200, Andy Shevchenko wrote: >> On Mon, Jan 31, 2022 at 12:25:09PM +0200, Andy Shevchenko wrote: >>> On Sun, Jan 30, 2022 at 12:49:37PM -0800, David Rientjes wrote: >>>> On Sat, 29 Jan 2022, Waiman Long wrote: >>>> >>>>> For *scnprintf(), vsnprintf() is always called even if the input size is >>>>> 0. That is a waste of time, so just return 0 in this case. >>> >>> Why do you think it's not legit? >> >> I have to elaborate. >> >> For *nprintf() the size=0 is quite useful to have. >> For *cnprintf() the size=0 makes less sense, but, if we read `man snprintf()`: >> >> The functions snprintf() and vsnprintf() do not write more than size bytes >> (including the terminating null byte ('\0')). If the output was truncated due >> to this limit, then the return value is the number of characters (excluding >> the terminating null byte) which would have been written to the final string >> if enough space had been available. Thus, a return value of size or more >> means that the output was truncated. (See also below under NOTES.) >> >> If an output error is encountered, a negative value is returned. >> >> Note the last sentence there. You need to answer to it in the commit message >> why your change is okay and it will show that you thought through all possible >> scenarios. > > Also it seems currently the kernel documentation is not aligned with the code > > "If @size is == 0 the function returns 0." > > It should mention the (theoretical?) possibility of getting negative value, > if vsnprintf() returns negative value. > The kernel's vsnprintf _will never_ return a negative value. There is way too much code which relies on that. It also has to work from any context, so we'll never do any memory allocation or anything else that could possibly force us to error out, and even if we encounter some impossible situation, we do not return a negative value, but just stop the output where we are. So yes, micro-optimizing [v]scnprintf() is completely valid, but I've never bothered to send the patch because the use case for scnprintf() is primarily the ret += scnprintf(buf + ret, size - ret, ...); pattern, with ret starting out at 0 and size being some non-zero number. When given a non-zero size, scnprintf() is guaranteed to return something _strictly less_ than that value; that invariant guarantees that the size-ret expression never becomes 0. So if scnprintf() is properly used, I can't think of any situation where size will be 0, hence I see that patch as correct-but-mostly-pointless. Rasmus
On Mon, Jan 31, 2022 at 12:02:29PM +0100, Rasmus Villemoes wrote: > On 31/01/2022 11.34, Andy Shevchenko wrote: > > On Mon, Jan 31, 2022 at 12:30:33PM +0200, Andy Shevchenko wrote: > >> On Mon, Jan 31, 2022 at 12:25:09PM +0200, Andy Shevchenko wrote: > >>> On Sun, Jan 30, 2022 at 12:49:37PM -0800, David Rientjes wrote: > >>>> On Sat, 29 Jan 2022, Waiman Long wrote: > >>>> > >>>>> For *scnprintf(), vsnprintf() is always called even if the input size is > >>>>> 0. That is a waste of time, so just return 0 in this case. > >>> > >>> Why do you think it's not legit? > >> > >> I have to elaborate. > >> > >> For *nprintf() the size=0 is quite useful to have. > >> For *cnprintf() the size=0 makes less sense, but, if we read `man snprintf()`: > >> > >> The functions snprintf() and vsnprintf() do not write more than size bytes > >> (including the terminating null byte ('\0')). If the output was truncated due > >> to this limit, then the return value is the number of characters (excluding > >> the terminating null byte) which would have been written to the final string > >> if enough space had been available. Thus, a return value of size or more > >> means that the output was truncated. (See also below under NOTES.) > >> > >> If an output error is encountered, a negative value is returned. > >> > >> Note the last sentence there. You need to answer to it in the commit message > >> why your change is okay and it will show that you thought through all possible > >> scenarios. > > > > Also it seems currently the kernel documentation is not aligned with the code > > > > "If @size is == 0 the function returns 0." > > > > It should mention the (theoretical?) possibility of getting negative value, > > if vsnprintf() returns negative value. > > > > The kernel's vsnprintf _will never_ return a negative value. There is > way too much code which relies on that. It also has to work from any > context, so we'll never do any memory allocation or anything else that > could possibly force us to error out, and even if we encounter some > impossible situation, we do not return a negative value, but just stop > the output where we are. Yep, I see the code. My comments more or less are related to the (better) commit message which may include what you just said. > So yes, micro-optimizing [v]scnprintf() is completely valid, but I've > never bothered to send the patch because the use case for scnprintf() is > primarily the > > ret += scnprintf(buf + ret, size - ret, ...); > > pattern, with ret starting out at 0 and size being some non-zero number. > When given a non-zero size, scnprintf() is guaranteed to return > something _strictly less_ than that value; that invariant guarantees > that the size-ret expression never becomes 0. So if scnprintf() is > properly used, I can't think of any situation where size will be 0, > hence I see that patch as correct-but-mostly-pointless. Good remark and again commit message probably should elaborate this as well.
On Sat, Jan 29, 2022 at 03:53:13PM -0500, Waiman Long wrote: > For *scnprintf(), vsnprintf() is always called even if the input size is > 0. That is a waste of time, so just return 0 in this case. > > Signed-off-by: Waiman Long <longman@redhat.com> > --- > lib/vsprintf.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > index 3b8129dd374c..a65df546fb06 100644 > --- a/lib/vsprintf.c > +++ b/lib/vsprintf.c > @@ -2895,13 +2895,15 @@ int vscnprintf(char *buf, size_t size, const char *fmt, va_list args) > { > int i; > > + if (!size) > + return 0; > + > i = vsnprintf(buf, size, fmt, args); > > if (likely(i < size)) > return i; > - if (size != 0) > - return size - 1; > - return 0; > + > + return size - 1; > } > EXPORT_SYMBOL(vscnprintf); Acked-by: Roman Gushchin <guro@fb.com> Thanks!
On 1/31/22 05:34, Andy Shevchenko wrote: > On Mon, Jan 31, 2022 at 12:30:33PM +0200, Andy Shevchenko wrote: >> On Mon, Jan 31, 2022 at 12:25:09PM +0200, Andy Shevchenko wrote: >>> On Sun, Jan 30, 2022 at 12:49:37PM -0800, David Rientjes wrote: >>>> On Sat, 29 Jan 2022, Waiman Long wrote: >>>> >>>>> For *scnprintf(), vsnprintf() is always called even if the input size is >>>>> 0. That is a waste of time, so just return 0 in this case. >>> Why do you think it's not legit? >> I have to elaborate. >> >> For *nprintf() the size=0 is quite useful to have. >> For *cnprintf() the size=0 makes less sense, but, if we read `man snprintf()`: >> >> The functions snprintf() and vsnprintf() do not write more than size bytes >> (including the terminating null byte ('\0')). If the output was truncated due >> to this limit, then the return value is the number of characters (excluding >> the terminating null byte) which would have been written to the final string >> if enough space had been available. Thus, a return value of size or more >> means that the output was truncated. (See also below under NOTES.) >> >> If an output error is encountered, a negative value is returned. >> >> Note the last sentence there. You need to answer to it in the commit message >> why your change is okay and it will show that you thought through all possible >> scenarios. > Also it seems currently the kernel documentation is not aligned with the code > > "If @size is == 0 the function returns 0." > > It should mention the (theoretical?) possibility of getting negative value, > if vsnprintf() returns negative value. AFAICS, the kernel's vsnprintf() function will not return -1. So in that sense it is not fully POSIX compliant. Since vscnprintf() function always returns 0 when size is 0, there is no point in finding out exactly how much bytes the buffer needs to hold the formatted text as this information will not be returned back to the caller anyway. I will update to indicate the vsnprintf() does not return -1. Thanks, Longmn
On 31/01/2022 19.48, Waiman Long wrote: > On 1/31/22 05:34, Andy Shevchenko wrote: >> Also it seems currently the kernel documentation is not aligned with >> the code >> >> "If @size is == 0 the function returns 0." >> >> It should mention the (theoretical?) possibility of getting negative >> value, >> if vsnprintf() returns negative value. > > AFAICS, the kernel's vsnprintf() function will not return -1. Even if it did, the "i < size" comparison in vscnprintf() is "int v size_t", so integer promotion says that even if i were negative, that comparison would be false, so we wouldn't forward that negative value anyway. > So in that > sense it is not fully POSIX compliant. Of course it's not, but not because it doesn't return -1. POSIX just says to return that in case of an error, and as a matter of QoI, the kernel's implementation simply can't (and must not) fail. There are other cases where we don't follow POSIX/C, e.g. in some corner cases around field length and precision (documented in test_printf.c), and the non-support of %n (and floating point and handling of wchar_t*), and the whole %p<> extension etc. Rasmus
On 2/1/22 02:12, Rasmus Villemoes wrote: > On 31/01/2022 19.48, Waiman Long wrote: >> On 1/31/22 05:34, Andy Shevchenko wrote: >>> Also it seems currently the kernel documentation is not aligned with >>> the code >>> >>> "If @size is == 0 the function returns 0." >>> >>> It should mention the (theoretical?) possibility of getting negative >>> value, >>> if vsnprintf() returns negative value. >> AFAICS, the kernel's vsnprintf() function will not return -1. > Even if it did, the "i < size" comparison in vscnprintf() is "int v > size_t", so integer promotion says that even if i were negative, that > comparison would be false, so we wouldn't forward that negative value > anyway. > >> So in that >> sense it is not fully POSIX compliant. > Of course it's not, but not because it doesn't return -1. POSIX just > says to return that in case of an error, and as a matter of QoI, the > kernel's implementation simply can't (and must not) fail. There are > other cases where we don't follow POSIX/C, e.g. in some corner cases > around field length and precision (documented in test_printf.c), and the > non-support of %n (and floating point and handling of wchar_t*), and the > whole %p<> extension etc. > > Rasmus > Thanks for the clarification. Cheers, Longman
diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 3b8129dd374c..a65df546fb06 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -2895,13 +2895,15 @@ int vscnprintf(char *buf, size_t size, const char *fmt, va_list args) { int i; + if (!size) + return 0; + i = vsnprintf(buf, size, fmt, args); if (likely(i < size)) return i; - if (size != 0) - return size - 1; - return 0; + + return size - 1; } EXPORT_SYMBOL(vscnprintf);
For *scnprintf(), vsnprintf() is always called even if the input size is 0. That is a waste of time, so just return 0 in this case. Signed-off-by: Waiman Long <longman@redhat.com> --- lib/vsprintf.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)