From: Petr Mladek <pmladek@suse.com>
To: rodrigo.alencar@analog.com
Cc: linux-kernel@vger.kernel.org, linux-iio@vger.kernel.org,
devicetree@vger.kernel.org, linux-doc@vger.kernel.org,
Jonathan Cameron <jic23@kernel.org>,
David Lechner <dlechner@baylibre.com>,
Andy Shevchenko <andy@kernel.org>,
Lars-Peter Clausen <lars@metafoo.de>,
Michael Hennerich <Michael.Hennerich@analog.com>,
Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>,
Conor Dooley <conor+dt@kernel.org>,
Jonathan Corbet <corbet@lwn.net>,
Andrew Morton <akpm@linux-foundation.org>,
Steven Rostedt <rostedt@goodmis.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Shuah Khan <skhan@linuxfoundation.org>
Subject: Re: [PATCH v9 2/9] lib: vsprintf: export simple_strntoull() in a safe prototype
Date: Fri, 27 Mar 2026 09:45:17 +0100 [thread overview]
Message-ID: <acZDneLrIPOmU5ci@pathway.suse.cz> (raw)
In-Reply-To: <20260320-adf41513-iio-driver-v9-2-132f0d076374@analog.com>
On Fri 2026-03-20 16:27:27, Rodrigo Alencar via B4 Relay wrote:
> From: Rodrigo Alencar <rodrigo.alencar@analog.com>
>
> Expose simple_strntoull(), by addressing its FIXME, i.e. its prototype is
> slightly changed so that -ERANGE or -EINVAL can be evaluated by the user.
> Flow of the function is not changed and error value is returned in the
> end. Unsafe internal wrapper is created to reduce amount of changes.
>
> --- a/include/linux/kstrtox.h
> +++ b/include/linux/kstrtox.h
> @@ -148,4 +148,8 @@ extern long simple_strtol(const char *,char **,unsigned int);
> extern unsigned long long simple_strtoull(const char *,char **,unsigned int);
> extern long long simple_strtoll(const char *,char **,unsigned int);
>
> +extern ssize_t __must_check simple_strntoull(const char *startp, const char **endp,
> + unsigned int base, size_t max_chars,
> + unsigned long long *res);
Sigh, naming is hard. I personally find it a bit confusing that the
name is too similar to the unsafe API.
IMHO, the semantic of the new API is closer to kstrtoull().
It just limits the size, so I would call it kstrntoull().
Also I would use int as the return parameter, see below.
> #endif /* _LINUX_KSTRTOX_H */
> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
> index 800b8ac49f53..6fb880f4013b 100644
> --- a/lib/vsprintf.c
> +++ b/lib/vsprintf.c
> @@ -75,25 +75,66 @@ enum hash_pointers_policy {
> };
> static enum hash_pointers_policy hash_pointers_mode __initdata;
>
> +/**
> + * simple_strntoull - convert a string to an unsigned long long with a character limit
> + *
> + * @startp: The start of the string
> + * @endp: A pointer to the end of the parsed string will be placed here
I would write:
* @endp: A pointer to the end of the parsed string (output)
> + * @base: The number base to use
> + * @max_chars: The maximum number of characters to parse
> + * @res: Where to write the result of the conversion on success
Nit: I would omit "on success" *res value is set to 0 on failure.
Instead, I would write:
* @res: Result of the conversion (output)
> + *
> + * Returns amount of processed characters on success, -ERANGE on overflow and
> + * -EINVAL on parsing error.
> + */
> noinline
> -static unsigned long long simple_strntoull(const char *startp, char **endp, unsigned int base, size_t max_chars)
> +ssize_t simple_strntoull(const char *startp, const char **endp,
> + unsigned int base, size_t max_chars,
> + unsigned long long *res)
It might be enoungh to use "int" for the return value. The number
of proceed characters is pretty limited by definition. And it
would be similar to vsnprintf(), kstrtoull(), ...
I guess that you wanted to match the "size_t max_chars" parameter.
It makes some sense as well.
Please, use "int" especially if we agreed to call the new API
kstrntoull().
> {
> const char *cp;
> - unsigned long long result = 0ULL;
> size_t prefix_chars;
> unsigned int rv;
> + ssize_t ret;
>
> cp = _parse_integer_fixup_radix(startp, &base);
> prefix_chars = cp - startp;
> if (prefix_chars < max_chars) {
> - rv = _parse_integer_limit(cp, base, &result, max_chars - prefix_chars);
> - /* FIXME */
> + rv = _parse_integer_limit(cp, base, res, max_chars - prefix_chars);
> + if (rv & KSTRTOX_OVERFLOW)
> + ret = -ERANGE;
> + else if (rv == 0)
> + ret = -EINVAL;
> + else
> + ret = rv + prefix_chars;
> cp += (rv & ~KSTRTOX_OVERFLOW);
> } else {
> /* Field too short for prefix + digit, skip over without converting */
> cp = startp + max_chars;
> + ret = -EINVAL;
> + *res = 0ULL;
> }
>
> + if (endp)
> + *endp = cp;
> +
> + return ret;
> +}
> +EXPORT_SYMBOL(simple_strntoull);
> +
> +/* unsafe_strntoull ignores simple_strntoull() return value and endp const qualifier */
> +inline
> +static unsigned long long unsafe_strntoull(const char *startp, char **endp,
> + unsigned int base, size_t max_chars)
> +{
> + unsigned long long result;
> + const char *cp;
> +
> +#pragma GCC diagnostic push
> +#pragma GCC diagnostic ignored "-Wunused-result"
> + simple_strntoull(startp, &cp, base, max_chars, &result);
> +#pragma GCC diagnostic pop
> +
> if (endp)
> *endp = (char *)cp;
IMHO, we do not need local "cp". We could simply pass the endp
to the new simple_strntoull. Or do I miss anything?
Best Regards,
Petr
next prev parent reply other threads:[~2026-03-27 8:45 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-20 16:27 [PATCH v9 0/9] ADF41513/ADF41510 PLL frequency synthesizers Rodrigo Alencar via B4 Relay
2026-03-20 16:27 ` [PATCH v9 1/9] dt-bindings: iio: frequency: add adf41513 Rodrigo Alencar via B4 Relay
2026-03-20 16:27 ` [PATCH v9 2/9] lib: vsprintf: export simple_strntoull() in a safe prototype Rodrigo Alencar via B4 Relay
2026-03-27 8:45 ` Petr Mladek [this message]
2026-03-27 9:17 ` Andy Shevchenko
2026-03-27 10:11 ` Rodrigo Alencar
2026-03-27 10:21 ` Andy Shevchenko
2026-03-27 15:17 ` Rodrigo Alencar
2026-03-27 10:44 ` David Laight
2026-03-27 10:57 ` Andy Shevchenko
2026-03-27 13:28 ` David Laight
2026-03-27 9:24 ` Rodrigo Alencar
2026-03-20 16:27 ` [PATCH v9 3/9] iio: core: add fixed point parsing with 64-bit parts Rodrigo Alencar via B4 Relay
2026-03-20 16:27 ` [PATCH v9 4/9] iio: test: add kunit test for fixed-point parsing Rodrigo Alencar via B4 Relay
2026-03-20 16:27 ` [PATCH v9 5/9] iio: frequency: adf41513: driver implementation Rodrigo Alencar via B4 Relay
2026-03-20 16:27 ` [PATCH v9 6/9] iio: frequency: adf41513: handle LE synchronization feature Rodrigo Alencar via B4 Relay
2026-03-20 16:27 ` [PATCH v9 7/9] iio: frequency: adf41513: features on frequency change Rodrigo Alencar via B4 Relay
2026-03-20 16:27 ` [PATCH v9 8/9] docs: iio: add documentation for adf41513 driver Rodrigo Alencar via B4 Relay
2026-03-20 16:27 ` [PATCH v9 9/9] Documentation: ABI: testing: add common ABI file for iio/frequency Rodrigo Alencar via B4 Relay
2026-03-22 11:33 ` [PATCH v9 0/9] ADF41513/ADF41510 PLL frequency synthesizers Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acZDneLrIPOmU5ci@pathway.suse.cz \
--to=pmladek@suse.com \
--cc=Michael.Hennerich@analog.com \
--cc=akpm@linux-foundation.org \
--cc=andriy.shevchenko@linux.intel.com \
--cc=andy@kernel.org \
--cc=conor+dt@kernel.org \
--cc=corbet@lwn.net \
--cc=devicetree@vger.kernel.org \
--cc=dlechner@baylibre.com \
--cc=jic23@kernel.org \
--cc=krzk+dt@kernel.org \
--cc=lars@metafoo.de \
--cc=linux-doc@vger.kernel.org \
--cc=linux-iio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=robh@kernel.org \
--cc=rodrigo.alencar@analog.com \
--cc=rostedt@goodmis.org \
--cc=senozhatsky@chromium.org \
--cc=skhan@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox