From: Andy Shevchenko <andriy.shevchenko@intel.com>
To: Dmitry Antipov <dmantipov@yandex.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <kees@kernel.org>,
"Darrick J . Wong" <djwong@kernel.org>,
linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 1/5] lib: fix _parse_integer_limit() to handle overflow
Date: Tue, 10 Feb 2026 09:36:33 +0200 [thread overview]
Message-ID: <aYrgASJXAyoholbF@smile.fi.intel.com> (raw)
In-Reply-To: <20260209164757.433932-2-dmantipov@yandex.ru>
On Mon, Feb 09, 2026 at 07:47:53PM +0300, Dmitry Antipov wrote:
> In '_parse_integer_limit()', adjust native integer arithmetic
> with near-to-overflow branch where 'check_mul_overflow()' and
> 'check_add_overflow()' are used to check whether an intermediate
> result goes out of range, and denote such a case with ULLONG_MAX,
> thus making the function more similar to standard C library's
> 'strtoull()'. Adjust comment to kernel-doc style as well.
...
> - unsigned long long res;
> + unsigned long long res = 0;
>
> - res = 0;
We can leave this untouched.
...
> - while (max_chars--) {
> + for (rv = 0; max_chars--; rv++, s++) {
I don't see how max_chars is used. With that said, I would rather see the usual
way of expressing the condition in the for-loop:
for (rv = 0; rv < max_chars; rv++, s++) {
...
> + if (likely(res != ULLONG_MAX)) {
Have you seen David's question about these checks?
Maybe I missed your answer...
> + if (unlikely(res & (~0ull << 60))) {
> + /* We're close to possible overflow. */
> + unsigned long long tmp;
> +
> + if (check_mul_overflow(res, base, &tmp) ||
> + check_add_overflow(tmp, val, &res)) {
> + res = ULLONG_MAX;
> + rv |= KSTRTOX_OVERFLOW;
> + }
> + } else {
> + res = res * base + val;
> + }
> }
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2026-02-10 7:36 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-09 16:47 [PATCH v6 0/5] lib and lib/cmdline enhancements Dmitry Antipov
2026-02-09 16:47 ` [PATCH v6 1/5] lib: fix _parse_integer_limit() to handle overflow Dmitry Antipov
2026-02-10 7:36 ` Andy Shevchenko [this message]
2026-02-12 11:13 ` Dmitry Antipov
[not found] ` <20260212120030.2f15caaa@pumpkin>
2026-02-12 13:25 ` David Laight
2026-02-12 13:37 ` Andy Shevchenko
2026-02-09 16:47 ` [PATCH v6 2/5] lib: fix memparse() " Dmitry Antipov
2026-02-10 7:51 ` Andy Shevchenko
2026-02-12 11:21 ` Dmitry Antipov
2026-02-09 16:47 ` [PATCH v6 3/5] lib: add more string to 64-bit integer conversion overflow tests Dmitry Antipov
2026-02-09 16:47 ` [PATCH v6 4/5] lib/cmdline_kunit: add test case for memparse() Dmitry Antipov
2026-02-09 16:47 ` [PATCH v6 5/5] lib/cmdline: adjust a few comments to fix kernel-doc -Wreturn warnings Dmitry Antipov
2026-02-10 7:53 ` [PATCH v6 0/5] lib and lib/cmdline enhancements Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYrgASJXAyoholbF@smile.fi.intel.com \
--to=andriy.shevchenko@intel.com \
--cc=akpm@linux-foundation.org \
--cc=djwong@kernel.org \
--cc=dmantipov@yandex.ru \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.