lib: Clarify the return value of strnlen_user()

strnlen_user() can return a number in a range 0 to count + sizeof(unsigned long) - 1. Clarify the comment at the top of the function so that users don't think the function returns at most count+1. Signed-off-by: Jan Kara <jack@suse.cz> [ Also added commentary about preferably not using this function ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

lib: Clarify the return value of strnlen_user()
strnlen_user() can return a number in a range 0 to count + sizeof(unsigned long) - 1. Clarify the comment at the top of the function so that users don't think the function returns at most count+1. Signed-off-by: Jan Kara <jack@suse.cz> [ Also added commentary about preferably not using this function ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
226a07ef · Jan Kara · Linus Torvalds · 8cd9234c · 226a07ef
Commit 226a07ef authored Jun 03, 2015 by Jan Kara Committed by Linus Torvalds Jun 03, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

lib/strnlen_user.c lib/strnlen_user.c +8 -1

No files found.
--- a/lib/strnlen_user.c
+++ b/lib/strnlen_user.c
@@ -90,8 +90,15 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count,
 * Get the size of a NUL-terminated string in user space.
 *
 * Returns the size of the string INCLUDING the terminating NUL.
- * If the string is too long, returns 'count+1'.
+ * If the string is too long, returns a number larger than @count. User
+ * has to check the return value against "> count".
 * On exception (or invalid count), returns 0.
+ *
+ * NOTE! You should basically never use this function. There is
+ * almost never any valid case for using the length of a user space
+ * string, since the string can be changed at any time by other
+ * threads. Use "strncpy_from_user()" instead to get a stable copy
+ * of the string.
 */
 long strnlen_user(const char __user *str, long count)
 {