From: Andy Shevchenko <andriy.shevchenko@intel.com>
To: Dmitry Antipov <dmantipov@yandex.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <kees@kernel.org>,
"Darrick J . Wong" <djwong@kernel.org>,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH v3 1/3] lib: fix _parse_integer_limit() to handle overflow
Date: Mon, 26 Jan 2026 18:39:13 +0200 [thread overview]
Message-ID: <aXeYsUlxibMuYflx@smile.fi.intel.com> (raw)
In-Reply-To: <20260126162059.357467-2-dmantipov@yandex.ru>
On Mon, Jan 26, 2026 at 07:20:57PM +0300, Dmitry Antipov wrote:
> In '_parse_integer_limit()', replace native integer arithmetic with
> 'check_mul_overflow()' and 'check_add_overflow()' to check whether
> an intermediate result goes out of range, and denote such a case
> with ULLONG_MAX, thus making the function more similar to standard
> C library's 'strtoull()'. Adjust comment to kernel-doc style as well.
...
> - if (unlikely(res & (~0ull << 60))) {
> - if (res > div_u64(ULLONG_MAX - val, base))
Interestingly, but the original check was made to improve performance. We don't
need to worry about overflow unless we close to it. It also has a hint to the
compiler to take branch as a slow path.
> + if (res != ULLONG_MAX) {
> + /*
> + * tmp = res * base;
> + * if (overflow)
> + * res = ULLONG_MAX;
> + * else {
> + * res = tmp + val;
> + * if (overflow)
> + * res = ULLONG_MAX;
> + * }
> + */
This looks like a left over. Use plain English to explain what's going on
here. But I think this should be only done for the last a couple of iterations
only.
> + if (check_mul_overflow(res, base, &tmp) ||
> + check_add_overflow(tmp, val, &res)) {
> + res = ULLONG_MAX;
> rv |= KSTRTOX_OVERFLOW;
> + }
> }
> - res = res * base + val;
> rv++;
> s++;
> }
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2026-01-26 16:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-26 16:20 [PATCH v3 0/3] lib and lib/cmdline enhancements Dmitry Antipov
2026-01-26 16:20 ` [PATCH v3 1/3] lib: fix _parse_integer_limit() to handle overflow Dmitry Antipov
2026-01-26 16:39 ` Andy Shevchenko [this message]
2026-01-26 16:20 ` [PATCH v3 2/3] lib/cmdline_kunit: add test case for memparse() Dmitry Antipov
2026-01-26 16:41 ` Andy Shevchenko
2026-01-26 16:20 ` [PATCH v3 3/3] lib/cmdline: adjust a few comments to fix kernel-doc -Wreturn warnings Dmitry Antipov
2026-01-26 16:43 ` [PATCH v3 0/3] lib and lib/cmdline enhancements Andy Shevchenko
2026-01-26 16:44 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aXeYsUlxibMuYflx@smile.fi.intel.com \
--to=andriy.shevchenko@intel.com \
--cc=akpm@linux-foundation.org \
--cc=djwong@kernel.org \
--cc=dmantipov@yandex.ru \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.