All of lore.kernel.org
 help / color / mirror / Atom feed
* [failures] revert-lib-fix-_parse_integer_limit-to-handle-overflow.patch removed from -mm tree
@ 2026-07-05  3:25 Andrew Morton
  0 siblings, 0 replies; only message in thread
From: Andrew Morton @ 2026-07-05  3:25 UTC (permalink / raw)
  To: mm-commits, dmantipov, andriy.shevchenko, adobriyan, akpm


The quilt patch titled
     Subject: Revert "lib: fix _parse_integer_limit() to handle overflow"
has been removed from the -mm tree.  Its filename was
     revert-lib-fix-_parse_integer_limit-to-handle-overflow.patch

This patch was dropped because it had testing failures

------------------------------------------------------
From: Alexey Dobriyan <adobriyan@gmail.com>
Subject: Revert "lib: fix _parse_integer_limit() to handle overflow"
Date: Thu, 2 Jul 2026 21:06:38 +0300

This reverts commit 6e30111dbb40 ("lib: fix _parse_integer_limit() to
handle overflow").

1) this patch breaks scanf() which uses _parse_integer_limit()
   internally, and is supposed to get overflowed result
   (however incorrect it may be)

2) using check_mul_overflow() and check_add_overflow() as written
   doesn't add any overflow protection because it is under branch
   where such overflow can't happen if radix is kept <=16,

3) kernel-doc comment legitimize the function while exactly
   the opposite should be done. Not a fan.

Link: https://lore.kernel.org/20260702180638.39196-1-adobriyan@gmail.com
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andriy Shevchenko <andriy.shevchenko@intel.com>
Cc: Dmitry Antipov <dmantipov@yandex.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 lib/kstrtox.c |   37 +++++++++++++++----------------------
 1 file changed, 15 insertions(+), 22 deletions(-)

--- a/lib/kstrtox.c~revert-lib-fix-_parse_integer_limit-to-handle-overflow
+++ a/lib/kstrtox.c
@@ -39,30 +39,25 @@ const char *_parse_integer_fixup_radix(c
 	return s;
 }
 
-/**
- * _parse_integer_limit - Convert integer string representation to an integer
- * @s: Integer string representation
- * @base: Radix
- * @p: Where to store result
- * @max_chars: Maximum amount of characters to convert
+/*
+ * Convert non-negative integer string representation in explicitly given radix
+ * to an integer. A maximum of max_chars characters will be converted.
  *
- * Convert non-negative integer string representation in explicitly given
- * radix to an integer. If overflow occurs, value at @p is set to ULLONG_MAX.
+ * Return number of characters consumed maybe or-ed with overflow bit.
+ * If overflow occurs, result integer (incorrect) is still returned.
  *
- * This function is the workhorse of other string conversion functions and it
- * is discouraged to use it explicitly. Consider kstrto*() family instead.
- *
- * Return: Number of characters consumed, maybe ORed with overflow bit
+ * Don't you dare use this function.
  */
 noinline
 unsigned int _parse_integer_limit(const char *s, unsigned int base, unsigned long long *p,
 				  size_t max_chars)
 {
-	unsigned int rv, overflow = 0;
 	unsigned long long res;
+	unsigned int rv;
 
 	res = 0;
-	for (rv = 0; rv < max_chars; rv++, s++) {
+	rv = 0;
+	while (max_chars--) {
 		unsigned int c = *s;
 		unsigned int lc = _tolower(c);
 		unsigned int val;
@@ -81,17 +76,15 @@ unsigned int _parse_integer_limit(const
 		 * it in the max base we support (16)
 		 */
 		if (unlikely(res & (~0ull << 60))) {
-			if (check_mul_overflow(res, base, &res) ||
-			    check_add_overflow(res, val, &res)) {
-				res = ULLONG_MAX;
-				overflow = KSTRTOX_OVERFLOW;
-			}
-		} else {
-			res = res * base + val;
+			if (res > div_u64(ULLONG_MAX - val, base))
+				rv |= KSTRTOX_OVERFLOW;
 		}
+		res = res * base + val;
+		rv++;
+		s++;
 	}
 	*p = res;
-	return rv | overflow;
+	return rv;
 }
 
 noinline
_

Patches currently in -mm which might be from adobriyan@gmail.com are



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-07-05  3:25 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-05  3:25 [failures] revert-lib-fix-_parse_integer_limit-to-handle-overflow.patch removed from -mm tree Andrew Morton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.