1.\"- 2.\" Copyright (c) 2000 Poul-Henning Kamp and Dag-Erling Smørgrav 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.Dd October 3, 2023 27.Dt SBUF 9 28.Os 29.Sh NAME 30.Nm sbuf , 31.Nm sbuf_new , 32.Nm sbuf_new_auto , 33.Nm sbuf_new_for_sysctl , 34.Nm sbuf_clear , 35.Nm sbuf_get_flags , 36.Nm sbuf_set_flags , 37.Nm sbuf_clear_flags , 38.Nm sbuf_setpos , 39.Nm sbuf_bcat , 40.Nm sbuf_bcopyin , 41.Nm sbuf_bcpy , 42.Nm sbuf_cat , 43.Nm sbuf_copyin , 44.Nm sbuf_cpy , 45.Nm sbuf_nl_terminate , 46.Nm sbuf_printf , 47.Nm sbuf_vprintf , 48.Nm sbuf_putc , 49.Nm sbuf_set_drain , 50.Nm sbuf_trim , 51.Nm sbuf_error , 52.Nm sbuf_finish , 53.Nm sbuf_data , 54.Nm sbuf_len , 55.Nm sbuf_done , 56.Nm sbuf_delete , 57.Nm sbuf_start_section , 58.Nm sbuf_end_section , 59.Nm sbuf_hexdump , 60.Nm sbuf_printf_drain , 61.Nm sbuf_putbuf 62.Nd safe string composition 63.Sh LIBRARY 64.Lb libsbuf 65.Sh SYNOPSIS 66.In sys/types.h 67.In sys/sbuf.h 68.Ft typedef int 69.Fo (sbuf_drain_func) 70.Fa "void *arg" 71.Fa "const char *data" 72.Fa "int len" 73.Fc 74.Pp 75.Ft struct sbuf * 76.Fo sbuf_new 77.Fa "struct sbuf *s" 78.Fa "char *buf" 79.Fa "int length" 80.Fa "int flags" 81.Fc 82.Ft struct sbuf * 83.Fo sbuf_new_auto 84.Fa "void" 85.Fc 86.Ft void 87.Fo sbuf_clear 88.Fa "struct sbuf *s" 89.Fc 90.Ft int 91.Fo sbuf_get_flags 92.Fa "struct sbuf *s" 93.Fc 94.Ft void 95.Fo sbuf_set_flags 96.Fa "struct sbuf *s" 97.Fa "int flags" 98.Fc 99.Ft void 100.Fo sbuf_clear_flags 101.Fa "struct sbuf *s" 102.Fa "int flags" 103.Fc 104.Ft int 105.Fo sbuf_setpos 106.Fa "struct sbuf *s" 107.Fa "int pos" 108.Fc 109.Ft int 110.Fo sbuf_bcat 111.Fa "struct sbuf *s" 112.Fa "const void *buf" 113.Fa "size_t len" 114.Fc 115.Ft int 116.Fo sbuf_bcpy 117.Fa "struct sbuf *s" 118.Fa "const void *buf" 119.Fa "size_t len" 120.Fc 121.Ft int 122.Fo sbuf_cat 123.Fa "struct sbuf *s" 124.Fa "const char *str" 125.Fc 126.Ft int 127.Fo sbuf_cpy 128.Fa "struct sbuf *s" 129.Fa "const char *str" 130.Fc 131.Ft int 132.Fn sbuf_nl_terminate "struct sbuf *" 133.Ft int 134.Fo sbuf_printf 135.Fa "struct sbuf *s" 136.Fa "const char *fmt" "..." 137.Fc 138.Ft int 139.Fo sbuf_vprintf 140.Fa "struct sbuf *s" 141.Fa "const char *fmt" 142.Fa "va_list ap" 143.Fc 144.Ft int 145.Fo sbuf_putc 146.Fa "struct sbuf *s" 147.Fa "int c" 148.Fc 149.Ft void 150.Fo sbuf_set_drain 151.Fa "struct sbuf *s" 152.Fa "sbuf_drain_func *func" 153.Fa "void *arg" 154.Fc 155.Ft int 156.Fo sbuf_trim 157.Fa "struct sbuf *s" 158.Fc 159.Ft int 160.Fo sbuf_error 161.Fa "struct sbuf *s" 162.Fc 163.Ft int 164.Fo sbuf_finish 165.Fa "struct sbuf *s" 166.Fc 167.Ft char * 168.Fo sbuf_data 169.Fa "struct sbuf *s" 170.Fc 171.Ft ssize_t 172.Fo sbuf_len 173.Fa "struct sbuf *s" 174.Fc 175.Ft int 176.Fo sbuf_done 177.Fa "struct sbuf *s" 178.Fc 179.Ft void 180.Fo sbuf_delete 181.Fa "struct sbuf *s" 182.Fc 183.Ft void 184.Fo sbuf_start_section 185.Fa "struct sbuf *s" 186.Fa "ssize_t *old_lenp" 187.Fc 188.Ft ssize_t 189.Fo sbuf_end_section 190.Fa "struct sbuf *s" 191.Fa "ssize_t old_len" 192.Fa "size_t pad" 193.Fa "int c" 194.Fc 195.Ft void 196.Fo sbuf_hexdump 197.Fa "struct sbuf *sb" 198.Fa "void *ptr" 199.Fa "int length" 200.Fa "const char *hdr" 201.Fa "int flags" 202.Fc 203.Ft int 204.Fo sbuf_printf_drain 205.Fa "void *arg" 206.Fa "const char *data" 207.Fa "int len" 208.Fc 209.Ft void 210.Fo sbuf_putbuf 211.Fa "struct sbuf *s" 212.Fc 213.Fd #ifdef _KERNEL 214.In sys/types.h 215.In sys/sbuf.h 216.Ft int 217.Fo sbuf_bcopyin 218.Fa "struct sbuf *s" 219.Fa "const void *uaddr" 220.Fa "size_t len" 221.Fc 222.Ft int 223.Fo sbuf_copyin 224.Fa "struct sbuf *s" 225.Fa "const void *uaddr" 226.Fa "size_t len" 227.Fc 228.In sys/sysctl.h 229.Ft struct sbuf * 230.Fo sbuf_new_for_sysctl 231.Fa "struct sbuf *s" 232.Fa "char *buf" 233.Fa "int length" 234.Fa "struct sysctl_req *req" 235.Fc 236.Fd #endif /* _KERNEL */ 237.Sh DESCRIPTION 238The 239.Nm 240family of functions allows one to safely allocate, compose and 241release strings in kernel or user space. 242.Pp 243Instead of arrays of characters, these functions operate on structures 244called 245.Fa sbufs , 246defined in 247.In sys/sbuf.h . 248.Pp 249Any errors encountered during the allocation or composition of the 250string will be latched in the data structure, 251making a single error test at the end of the composition 252sufficient to determine success or failure of the entire process. 253.Pp 254The 255.Fn sbuf_new 256function initializes the 257.Fa sbuf 258pointed to by its first argument. 259If that pointer is 260.Dv NULL , 261.Fn sbuf_new 262allocates a 263.Vt struct sbuf 264using 265.Xr malloc 9 . 266The 267.Fa buf 268argument is a pointer to a buffer in which to store the actual string; 269if it is 270.Dv NULL , 271.Fn sbuf_new 272will allocate one using 273.Xr malloc 9 . 274The 275.Fa length 276is the initial size of the storage buffer. 277The fourth argument, 278.Fa flags , 279may be comprised of the following flags: 280.Bl -tag -width ".Dv SBUF_AUTOEXTEND" 281.It Dv SBUF_FIXEDLEN 282The storage buffer is fixed at its initial size. 283Attempting to extend the sbuf beyond this size results in an overflow condition. 284.It Dv SBUF_AUTOEXTEND 285This indicates that the storage buffer may be extended as necessary, so long 286as resources allow, to hold additional data. 287.It Dv SBUF_INCLUDENUL 288This causes the final nulterm byte to be counted in the length of the data. 289.It Dv SBUF_DRAINTOEOR 290Treat top-level sections started with 291.Fn sbuf_start_section 292as a record boundary marker that will be used during drain operations to avoid 293records being split. 294If a record grows sufficiently large such that it fills the 295.Fa sbuf 296and therefore cannot be drained without being split, an error of 297.Er EDEADLK 298is set. 299.It Dv SBUF_NOWAIT 300Indicates that attempts to extend the storage buffer should fail in low memory 301conditions, like 302.Xr malloc 9 303.Dv M_NOWAIT . 304.El 305.Pp 306Note that if 307.Fa buf 308is not 309.Dv NULL , 310it must point to an array of at least 311.Fa length 312characters. 313The result of accessing that array directly while it is in use by the 314sbuf is undefined. 315.Pp 316The 317.Fn sbuf_new_auto 318function is a shortcut for creating a completely dynamic 319.Nm . 320It is the equivalent of calling 321.Fn sbuf_new 322with values 323.Dv NULL , 324.Dv NULL , 325.Dv 0 , 326and 327.Dv SBUF_AUTOEXTEND . 328.Pp 329The 330.Fn sbuf_new_for_sysctl 331function will set up an sbuf with a drain function to use 332.Fn SYSCTL_OUT 333when the internal buffer fills. 334Note that if the various functions which append to an sbuf are used while 335a non-sleepable lock is held, the user buffer should be wired using 336.Fn sysctl_wire_old_buffer . 337.Pp 338The 339.Fn sbuf_delete 340function clears the 341.Fa sbuf 342and frees any memory allocated for it. 343There must be a call to 344.Fn sbuf_delete 345for every call to 346.Fn sbuf_new . 347Any attempt to access the sbuf after it has been deleted will fail. 348.Pp 349The 350.Fn sbuf_clear 351function invalidates the contents of the 352.Fa sbuf 353and resets its position to zero. 354.Pp 355The 356.Fn sbuf_get_flags 357function returns the current user flags. 358The 359.Fn sbuf_set_flags 360and 361.Fn sbuf_clear_flags 362functions set or clear one or more user flags, respectively. 363The user flags are described under the 364.Fn sbuf_new 365function. 366.Pp 367The 368.Fn sbuf_setpos 369function sets the 370.Fa sbuf Ns 's 371end position to 372.Fa pos , 373which is a value between zero and the current position in the buffer. 374It can only truncate the sbuf to the new position. 375.Pp 376The 377.Fn sbuf_bcat 378function appends the first 379.Fa len 380bytes from the buffer 381.Fa buf 382to the 383.Fa sbuf . 384.Pp 385The 386.Fn sbuf_bcopyin 387function copies 388.Fa len 389bytes from the specified userland address into the 390.Fa sbuf . 391.Pp 392The 393.Fn sbuf_bcpy 394function replaces the contents of the 395.Fa sbuf 396with the first 397.Fa len 398bytes from the buffer 399.Fa buf . 400.Pp 401The 402.Fn sbuf_cat 403function appends the NUL-terminated string 404.Fa str 405to the 406.Fa sbuf 407at the current position. 408.Pp 409The 410.Fn sbuf_set_drain 411function sets a drain function 412.Fa func 413for the 414.Fa sbuf , 415and records a pointer 416.Fa arg 417to be passed to the drain on callback. 418The drain function cannot be changed while 419.Fa sbuf_len 420is non-zero. 421.Pp 422The registered drain function 423.Vt sbuf_drain_func 424will be called with the argument 425.Fa arg 426provided to 427.Fn sbuf_set_drain , 428a pointer 429.Fa data 430to a byte string that is the contents of the sbuf, and the length 431.Fa len 432of the data. 433If the drain function exists, it will be called when the sbuf internal 434buffer is full, or on behalf of 435.Fn sbuf_finish . 436The drain function may drain some or all of the data, but must drain 437at least 1 byte. 438The return value from the drain function, if positive, indicates how 439many bytes were drained. 440If negative, the return value indicates the negative error code which 441will be returned from this or a later call to 442.Fn sbuf_finish . 443If the returned drained length is 0, an error of 444.Er EDEADLK 445is set. 446To do unbuffered draining, initialize the sbuf with a two-byte buffer. 447The drain will be called for every byte added to the sbuf. 448The 449.Fn sbuf_bcopyin , 450.Fn sbuf_bcpy , 451.Fn sbuf_clear , 452.Fn sbuf_copyin , 453.Fn sbuf_cpy , 454.Fn sbuf_trim , 455.Fn sbuf_data , 456and 457.Fn sbuf_len 458functions cannot be used on an sbuf with a drain. 459.Pp 460The 461.Fn sbuf_copyin 462function copies a NUL-terminated string from the specified userland 463address into the 464.Fa sbuf . 465If the 466.Fa len 467argument is non-zero, no more than 468.Fa len 469characters (not counting the terminating NUL) are copied; otherwise 470the entire string, or as much of it as can fit in the 471.Fa sbuf , 472is copied. 473.Pp 474The 475.Fn sbuf_cpy 476function replaces the contents of the 477.Fa sbuf 478with those of the NUL-terminated string 479.Fa str . 480This is equivalent to calling 481.Fn sbuf_cat 482with a fresh 483.Fa sbuf 484or one which position has been reset to zero with 485.Fn sbuf_clear 486or 487.Fn sbuf_setpos . 488.Pp 489The 490.Fn sbuf_nl_terminate 491function appends a trailing newline character, if the current line is non-empty 492and not already terminated by a newline character. 493.Pp 494The 495.Fn sbuf_printf 496function formats its arguments according to the format string pointed 497to by 498.Fa fmt 499and appends the resulting string to the 500.Fa sbuf 501at the current position. 502.Pp 503The 504.Fn sbuf_vprintf 505function behaves the same as 506.Fn sbuf_printf 507except that the arguments are obtained from the variable-length argument list 508.Fa ap . 509.Pp 510The 511.Fn sbuf_putc 512function appends the character 513.Fa c 514to the 515.Fa sbuf 516at the current position. 517.Pp 518The 519.Fn sbuf_trim 520function removes trailing whitespace from the 521.Fa sbuf . 522.Pp 523The 524.Fn sbuf_error 525function returns any error value that the 526.Fa sbuf 527may have accumulated, either from the drain function, or 528.Er ENOMEM 529if the 530.Fa sbuf 531overflowed. 532This function is generally not needed and instead the error code from 533.Fn sbuf_finish 534is the preferred way to discover whether an sbuf had an error. 535.Pp 536The 537.Fn sbuf_finish 538function will call the attached drain function if one exists until all 539the data in the 540.Fa sbuf 541is flushed. 542If there is no attached drain, 543.Fn sbuf_finish 544NUL-terminates the 545.Fa sbuf . 546In either case it marks the 547.Fa sbuf 548as finished, which means that it may no longer be modified using 549.Fn sbuf_setpos , 550.Fn sbuf_cat , 551.Fn sbuf_cpy , 552.Fn sbuf_printf 553or 554.Fn sbuf_putc , 555until 556.Fn sbuf_clear 557is used to reset the sbuf. 558.Pp 559The 560.Fn sbuf_data 561function returns the actual string; 562.Fn sbuf_data 563only works on a finished 564.Fa sbuf . 565The 566.Fn sbuf_len 567function returns the length of the string. 568For an 569.Fa sbuf 570with an attached drain, 571.Fn sbuf_len 572returns the length of the un-drained data. 573.Fn sbuf_done 574returns non-zero if the 575.Fa sbuf 576is finished. 577.Pp 578The 579.Fn sbuf_start_section 580and 581.Fn sbuf_end_section 582functions may be used for automatic section alignment. 583The arguments 584.Fa pad 585and 586.Fa c 587specify the padding size and a character used for padding. 588The arguments 589.Fa old_lenp 590and 591.Fa old_len 592are to save and restore the current section length when nested sections 593are used. 594For the top level section 595.Dv NULL 596and \-1 can be specified for 597.Fa old_lenp 598and 599.Fa old_len 600respectively. 601.Pp 602The 603.Fn sbuf_hexdump 604function prints an array of bytes to the supplied sbuf, along with an ASCII 605representation of the bytes if possible. 606See the 607.Xr hexdump 3 608man page for more details on the interface. 609.Pp 610The 611.Fn sbuf_printf_drain 612function is a drain function that will call printf, or log to the console. 613The argument 614.Fa arg 615must be either 616.Dv NULL , 617or a valid pointer to a 618.Vt size_t . 619If 620.Fa arg 621is not 622.Dv NULL , 623the total bytes drained will be added to the value pointed to by 624.Fa arg . 625.Pp 626The 627.Fn sbuf_putbuf 628function printfs the sbuf to stdout if in userland, and to the console 629and log if in the kernel. 630The 631.Fa sbuf 632must be finished before calling 633.Fn sbuf_putbuf . 634It does not drain the buffer or update any pointers. 635.Sh NOTES 636If an operation caused an 637.Fa sbuf 638to overflow, most subsequent operations on it will fail until the 639.Fa sbuf 640is finished using 641.Fn sbuf_finish 642or reset using 643.Fn sbuf_clear , 644or its position is reset to a value between 0 and one less than the 645size of its storage buffer using 646.Fn sbuf_setpos , 647or it is reinitialized to a sufficiently short string using 648.Fn sbuf_cpy . 649.Pp 650Drains in user-space will not always function as indicated. 651While the drain function will be called immediately on overflow from 652the 653.Fa sbuf_putc , 654.Fa sbuf_bcat , 655.Fa sbuf_cat 656functions, 657.Fa sbuf_printf 658and 659.Fa sbuf_vprintf 660currently have no way to determine whether there will be an overflow 661until after it occurs, and cannot do a partial expansion of the format 662string. 663Thus when using libsbuf the buffer may be extended to allow completion 664of a single printf call, even though a drain is attached. 665.Sh RETURN VALUES 666The 667.Fn sbuf_new 668function returns 669.Dv NULL 670if it failed to allocate a storage buffer, and a pointer to the new 671.Fa sbuf 672otherwise. 673.Pp 674The 675.Fn sbuf_setpos 676function returns \-1 if 677.Fa pos 678was invalid, and zero otherwise. 679.Pp 680The 681.Fn sbuf_bcat , 682.Fn sbuf_cat , 683.Fn sbuf_cpy , 684.Fn sbuf_printf , 685.Fn sbuf_putc , 686and 687.Fn sbuf_trim 688functions 689all return \-1 if the buffer overflowed, and zero otherwise. 690.Pp 691The 692.Fn sbuf_error 693function returns a non-zero value if the buffer has an overflow or 694drain error, and zero otherwise. 695.Pp 696The 697.Fn sbuf_len 698function returns \-1 if the buffer overflowed. 699.Pp 700The 701.Fn sbuf_copyin 702function 703returns \-1 if copying string from userland failed, and number of bytes 704copied otherwise. 705.Pp 706The 707.Fn sbuf_end_section 708function returns the section length or \-1 if the buffer has an error. 709.Pp 710The 711.Fn sbuf_finish 9 712function (the kernel version) returns 713.Er ENOMEM 714if the sbuf overflowed before being finished, 715or returns the error code from the drain if one is attached. 716.Pp 717The 718.Fn sbuf_finish 3 719function (the userland version) 720will return zero for success and \-1 and set errno on error. 721.Sh EXAMPLES 722.Bd -literal -compact 723#include <sys/types.h> 724#include <sys/sbuf.h> 725 726struct sbuf *sb; 727 728sb = sbuf_new_auto(); 729sbuf_cat(sb, "Customers found:\en"); 730TAILQ_FOREACH(foo, &foolist, list) { 731 sbuf_printf(sb, " %4d %s\en", foo->index, foo->name); 732 sbuf_printf(sb, " Address: %s\en", foo->address); 733 sbuf_printf(sb, " Zip: %s\en", foo->zipcode); 734} 735if (sbuf_finish(sb) != 0) /* Check for any and all errors */ 736 err(1, "Could not generate message"); 737transmit_msg(sbuf_data(sb), sbuf_len(sb)); 738sbuf_delete(sb); 739.Ed 740.Sh SEE ALSO 741.Xr hexdump 3 , 742.Xr printf 3 , 743.Xr strcat 3 , 744.Xr strcpy 3 , 745.Xr copyin 9 , 746.Xr copyinstr 9 , 747.Xr printf 9 748.Sh HISTORY 749The 750.Nm 751family of functions first appeared in 752.Fx 4.4 . 753.Sh AUTHORS 754.An -nosplit 755The 756.Nm 757family of functions was designed by 758.An Poul-Henning Kamp Aq Mt phk@FreeBSD.org 759and implemented by 760.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org . 761Additional improvements were suggested by 762.An Justin T. Gibbs Aq Mt gibbs@FreeBSD.org . 763Auto-extend support added by 764.An Kelly Yancey Aq Mt kbyanc@FreeBSD.org . 765Drain functionality added by 766.An Matthew Fleming Aq Mt mdf@FreeBSD.org . 767.Pp 768This manual page was written by 769.An Dag-Erling Sm\(/orgrav Aq Mt des@FreeBSD.org . 770