Re: [PATCH 1/7] ext4: avoid overflow when setting values via sysfs

Re: [PATCH 1/7] ext4: avoid overflow when setting values via sysfs

[Alexey Dobriyan]

Baokun Li wrote:

> @@ -463,6 +463,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
>  		ret = kstrtoul(skip_spaces(buf), 0, &t);
>  		if (ret)
>  			return ret;
> +		if (t != (unsigned int)t)
> +			return -EINVAL;

kstrto*() interface has variants for all standard types.
It should be changed to kstrtou32() or kstrtouint();

If you check if kstrto*() result fits into another type,
you're probably doing it wrong.

>  		if (a->attr_ptr == ptr_ext4_super_block_offset)
>  			*((__le32 *) ptr) = cpu_to_le32(t);

Re: [PATCH 1/7] ext4: avoid overflow when setting values via sysfs

[Baokun Li]

On 2024/1/27 17:44, Alexey Dobriyan wrote:
> Baokun Li wrote:
>
>> @@ -463,6 +463,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
>>   		ret = kstrtoul(skip_spaces(buf), 0, &t);
>>   		if (ret)
>>   			return ret;
>> +		if (t != (unsigned int)t)
>> +			return -EINVAL;
> kstrto*() interface has variants for all standard types.
> It should be changed to kstrtou32() or kstrtouint();
>
> If you check if kstrto*() result fits into another type,
> you're probably doing it wrong.
Thanks for your comments!

The reason for not using those helper functions directly is as follows:

1）Those functions are also based on kstrtoull() wrappers, and if we
use kstrtou32() or kstrtouint(), we'd need to declare u32 t or int t,
which would leave us with a lot of declared but unused variables,
and an unsigned long t would be enough to cover our scenario.

2）Moreover, the actual range of a uint type sysfs interface may not
be 0-UINT_MAX, but 0-INT_MAX or 0-s_clusters_per_group, and we
need to limit the range of the variable according to the actual
meaning of the variable.

3）In addition, by declaring only an unsigned long type and then
uniformly parsing it with kstrtoul() and then restricting the range
of the variable according to the actual meaning of the variable,
we can reduce a lot of repetitive code.
>>   		if (a->attr_ptr == ptr_ext4_super_block_offset)
>>   			*((__le32 *) ptr) = cpu_to_le32(t);
-- 
With Best Regards,
Baokun Li
.

[PATCH 0/7] ext4: avoid sysfs variables overflow causing BUG_ON/SOOB

[Baokun Li]

Hello everyone,

This patchset is intended to avoid variables that can be modified via sysfs
from overflowing when stored or used and thus causing various problems.

"kvm-xfstests -c ext4/all -g auto" has been executed with no new failures.

Baokun Li (7):
  ext4: avoid overflow when setting values via sysfs
  ext4: refactor out ext4_generic_attr_store()
  ext4: refactor out ext4_generic_attr_show()
  ext4: add positive int attr pointer to avoid sysfs variables overflow
  ext4: fix slab-out-of-bounds in
    ext4_mb_find_good_group_avg_frag_lists()
  ext4: set type of ac_groups_linear_remaining to __u32 to avoid
    overflow
  ext4: set the type of max_zeroout to unsigned int to avoid overflow

 fs/ext4/extents.c |   6 +-
 fs/ext4/mballoc.c |   2 +
 fs/ext4/mballoc.h |   2 +-
 fs/ext4/sysfs.c   | 159 +++++++++++++++++++++++++---------------------
 4 files changed, 92 insertions(+), 77 deletions(-)

-- 
2.31.1

[PATCH 1/7] ext4: avoid overflow when setting values via sysfs

[Baokun Li]

When setting values of type unsigned int through sysfs, we use kstrtoul()
to parse it and then truncate part of it as the final set value, when the
set value is greater than UINT_MAX, the set value will not match what we
see because of the truncation. As follows:

  $ echo 4294967296 > /sys/fs/ext4/sda/mb_max_linear_groups
  $ cat /sys/fs/ext4/sda/mb_max_linear_groups
    0

So when the value set is outside the variable type range, -EINVAL is
returned to avoid the inconsistency described above. In addition, a
judgment is added to avoid setting s_resv_clusters less than 0.

Signed-off-by: Baokun Li <libaokun1@huawei.com>
---
 fs/ext4/sysfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
index 6d332dff79dd..3671a8aaf4af 100644
--- a/fs/ext4/sysfs.c
+++ b/fs/ext4/sysfs.c
@@ -104,7 +104,7 @@ static ssize_t reserved_clusters_store(struct ext4_sb_info *sbi,
 	int ret;
 
 	ret = kstrtoull(skip_spaces(buf), 0, &val);
-	if (ret || val >= clusters)
+	if (ret || val >= clusters || (s64)val < 0)
 		return -EINVAL;
 
 	atomic64_set(&sbi->s_resv_clusters, val);
@@ -463,6 +463,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
 		ret = kstrtoul(skip_spaces(buf), 0, &t);
 		if (ret)
 			return ret;
+		if (t != (unsigned int)t)
+			return -EINVAL;
 		if (a->attr_ptr == ptr_ext4_super_block_offset)
 			*((__le32 *) ptr) = cpu_to_le32(t);
 		else
-- 
2.31.1

Re: [PATCH 1/7] ext4: avoid overflow when setting values via sysfs

[Zhang Yi]

On 2024/1/26 16:57, Baokun Li wrote:
> When setting values of type unsigned int through sysfs, we use kstrtoul()
> to parse it and then truncate part of it as the final set value, when the
> set value is greater than UINT_MAX, the set value will not match what we
> see because of the truncation. As follows:
> 
>   $ echo 4294967296 > /sys/fs/ext4/sda/mb_max_linear_groups
>   $ cat /sys/fs/ext4/sda/mb_max_linear_groups
>     0
> 
> So when the value set is outside the variable type range, -EINVAL is
> returned to avoid the inconsistency described above. In addition, a
> judgment is added to avoid setting s_resv_clusters less than 0.
> 
> Signed-off-by: Baokun Li <libaokun1@huawei.com>

Thanks for the patch. Looks good to me.

Reviewed-by: Zhang Yi <yi.zhang@huawei.com>

> ---
>  fs/ext4/sysfs.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
> index 6d332dff79dd..3671a8aaf4af 100644
> --- a/fs/ext4/sysfs.c
> +++ b/fs/ext4/sysfs.c
> @@ -104,7 +104,7 @@ static ssize_t reserved_clusters_store(struct ext4_sb_info *sbi,
>  	int ret;
>  
>  	ret = kstrtoull(skip_spaces(buf), 0, &val);
> -	if (ret || val >= clusters)
> +	if (ret || val >= clusters || (s64)val < 0)
>  		return -EINVAL;
>  
>  	atomic64_set(&sbi->s_resv_clusters, val);
> @@ -463,6 +463,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
>  		ret = kstrtoul(skip_spaces(buf), 0, &t);
>  		if (ret)
>  			return ret;
> +		if (t != (unsigned int)t)
> +			return -EINVAL;
>  		if (a->attr_ptr == ptr_ext4_super_block_offset)
>  			*((__le32 *) ptr) = cpu_to_le32(t);
>  		else
> 

Re: [PATCH 1/7] ext4: avoid overflow when setting values via sysfs

[Jan Kara]

On Fri 26-01-24 16:57:10, Baokun Li wrote:
> When setting values of type unsigned int through sysfs, we use kstrtoul()
> to parse it and then truncate part of it as the final set value, when the
> set value is greater than UINT_MAX, the set value will not match what we
> see because of the truncation. As follows:
> 
>   $ echo 4294967296 > /sys/fs/ext4/sda/mb_max_linear_groups
>   $ cat /sys/fs/ext4/sda/mb_max_linear_groups
>     0
> 
> So when the value set is outside the variable type range, -EINVAL is
> returned to avoid the inconsistency described above. In addition, a
> judgment is added to avoid setting s_resv_clusters less than 0.
> 
> Signed-off-by: Baokun Li <libaokun1@huawei.com>
> ---
>  fs/ext4/sysfs.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
> index 6d332dff79dd..3671a8aaf4af 100644
> --- a/fs/ext4/sysfs.c
> +++ b/fs/ext4/sysfs.c
> @@ -104,7 +104,7 @@ static ssize_t reserved_clusters_store(struct ext4_sb_info *sbi,
>  	int ret;
>  
>  	ret = kstrtoull(skip_spaces(buf), 0, &val);
> -	if (ret || val >= clusters)
> +	if (ret || val >= clusters || (s64)val < 0)
>  		return -EINVAL;

This looks a bit pointless, doesn't it? 'val' is u64, clusters is u64. We
know that val < clusters so how could (s64)val be < 0?

> @@ -463,6 +463,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
>  		ret = kstrtoul(skip_spaces(buf), 0, &t);
>  		if (ret)
>  			return ret;
> +		if (t != (unsigned int)t)
> +			return -EINVAL;
>  		if (a->attr_ptr == ptr_ext4_super_block_offset)
>  			*((__le32 *) ptr) = cpu_to_le32(t);
>  		else

I kind of agree with Alexey that using kstrtouint() here instead would look
nicer. And it isn't like you have to define many new variables. You just
need unsigned long for attr_pointer_ul and unsigned int for
attr_pointer_ui.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 1/7] ext4: avoid overflow when setting values via sysfs

[Baokun Li]

On 2024/2/14 0:05, Jan Kara wrote:
> On Fri 26-01-24 16:57:10, Baokun Li wrote:
>> When setting values of type unsigned int through sysfs, we use kstrtoul()
>> to parse it and then truncate part of it as the final set value, when the
>> set value is greater than UINT_MAX, the set value will not match what we
>> see because of the truncation. As follows:
>>
>>    $ echo 4294967296 > /sys/fs/ext4/sda/mb_max_linear_groups
>>    $ cat /sys/fs/ext4/sda/mb_max_linear_groups
>>      0
>>
>> So when the value set is outside the variable type range, -EINVAL is
>> returned to avoid the inconsistency described above. In addition, a
>> judgment is added to avoid setting s_resv_clusters less than 0.
>>
>> Signed-off-by: Baokun Li <libaokun1@huawei.com>
>> ---
>>   fs/ext4/sysfs.c | 4 +++-
>>   1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
>> index 6d332dff79dd..3671a8aaf4af 100644
>> --- a/fs/ext4/sysfs.c
>> +++ b/fs/ext4/sysfs.c
>> @@ -104,7 +104,7 @@ static ssize_t reserved_clusters_store(struct ext4_sb_info *sbi,
>>   	int ret;
>>   
>>   	ret = kstrtoull(skip_spaces(buf), 0, &val);
>> -	if (ret || val >= clusters)
>> +	if (ret || val >= clusters || (s64)val < 0)
>>   		return -EINVAL;
> This looks a bit pointless, doesn't it? 'val' is u64, clusters is u64. We
> know that val < clusters so how could (s64)val be < 0?
When clusters is bigger than LLONG_MAX, (s64)val may be less than 0.
Of course we don't have such a large storage device yet, so it's only
theoretically possible to overflow here. But the previous patches in this
patch set were intended to ensure that the values set via sysfs did not
exceed the range of the variable type, so I've modified that here as well.
>
>> @@ -463,6 +463,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
>>   		ret = kstrtoul(skip_spaces(buf), 0, &t);
>>   		if (ret)
>>   			return ret;
>> +		if (t != (unsigned int)t)
>> +			return -EINVAL;
>>   		if (a->attr_ptr == ptr_ext4_super_block_offset)
>>   			*((__le32 *) ptr) = cpu_to_le32(t);
>>   		else
> I kind of agree with Alexey that using kstrtouint() here instead would look
> nicer. And it isn't like you have to define many new variables. You just
> need unsigned long for attr_pointer_ul and unsigned int for
> attr_pointer_ui.
>
> 								Honza
If we use both kstrtouint() and kstrtoul(), then we need to add
kstrtouint() or kstrtoul() to each case, which would be a lot of
duplicate code as follows:

static ssize_t ext4_generic_attr_store(struct ext4_attr *a,
                                        struct ext4_sb_info *sbi,
                                        const char *buf, size_t len)
{
         int ret;
         unsigned int t;
         unsigned long lt;
         void *ptr = calc_ptr(a, sbi);

         if (!ptr)
                 return 0;

         switch (a->attr_id) {
         case attr_group_prealloc:
                 ret = kstrtouint(skip_spaces(buf), 0, &t);
                 if (ret)
                         return ret;
                 if (t > sbi->s_clusters_per_group)
                         return -EINVAL;
                 return len;
         case attr_pointer_pi:
                 ret = kstrtouint(skip_spaces(buf), 0, &t);
                 if (ret)
                         return ret;
                 if ((int)t < 0)
                         return -EINVAL;
                 return len;
         case attr_pointer_ui:
                 ret = kstrtouint(skip_spaces(buf), 0, &t);
                 if (ret)
                         return ret;
                 if (t != (unsigned int)t)
                         return -EINVAL;
                 if (a->attr_ptr == ptr_ext4_super_block_offset)
                         *((__le32 *) ptr) = cpu_to_le32(t);
                 else
                         *((unsigned int *) ptr) = t;
                 return len;
         case attr_pointer_ul:
                 ret = kstrtoul(skip_spaces(buf), 0, &lt);
                 if (ret)
                         return ret;
                 *((unsigned long *) ptr) = lt;
                 return len;
         }
         return 0;

}

Also, both kstrtouint() and kstrtoul() are based on the kstrtoull()
implementation, so it feels better to opencode kstrtoul() and
kstrtouint() to reduce duplicate code.
Why is it better to distinguish uint and ulong cases here?

Thanks for your review!
Happy Chinese New Year!
-- 
With Best Regards,
Baokun Li
.

Re: [PATCH 1/7] ext4: avoid overflow when setting values via sysfs

[Jan Kara]

On Sat 17-02-24 15:09:06, Baokun Li wrote:
> On 2024/2/14 0:05, Jan Kara wrote:
> > On Fri 26-01-24 16:57:10, Baokun Li wrote:
> > > When setting values of type unsigned int through sysfs, we use kstrtoul()
> > > to parse it and then truncate part of it as the final set value, when the
> > > set value is greater than UINT_MAX, the set value will not match what we
> > > see because of the truncation. As follows:
> > > 
> > >    $ echo 4294967296 > /sys/fs/ext4/sda/mb_max_linear_groups
> > >    $ cat /sys/fs/ext4/sda/mb_max_linear_groups
> > >      0
> > > 
> > > So when the value set is outside the variable type range, -EINVAL is
> > > returned to avoid the inconsistency described above. In addition, a
> > > judgment is added to avoid setting s_resv_clusters less than 0.
> > > 
> > > Signed-off-by: Baokun Li <libaokun1@huawei.com>
> > > ---
> > >   fs/ext4/sysfs.c | 4 +++-
> > >   1 file changed, 3 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
> > > index 6d332dff79dd..3671a8aaf4af 100644
> > > --- a/fs/ext4/sysfs.c
> > > +++ b/fs/ext4/sysfs.c
> > > @@ -104,7 +104,7 @@ static ssize_t reserved_clusters_store(struct ext4_sb_info *sbi,
> > >   	int ret;
> > >   	ret = kstrtoull(skip_spaces(buf), 0, &val);
> > > -	if (ret || val >= clusters)
> > > +	if (ret || val >= clusters || (s64)val < 0)
> > >   		return -EINVAL;
> > This looks a bit pointless, doesn't it? 'val' is u64, clusters is u64. We
> > know that val < clusters so how could (s64)val be < 0?
> When clusters is bigger than LLONG_MAX, (s64)val may be less than 0.
> Of course we don't have such a large storage device yet, so it's only
> theoretically possible to overflow here. But the previous patches in this
> patch set were intended to ensure that the values set via sysfs did not
> exceed the range of the variable type, so I've modified that here as well.

Well, my point was that the on disk format is limited to much less than
2^63 blocks. But I guess having the additional check does not matter.

> > > @@ -463,6 +463,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
> > >   		ret = kstrtoul(skip_spaces(buf), 0, &t);
> > >   		if (ret)
> > >   			return ret;
> > > +		if (t != (unsigned int)t)
> > > +			return -EINVAL;
> > >   		if (a->attr_ptr == ptr_ext4_super_block_offset)
> > >   			*((__le32 *) ptr) = cpu_to_le32(t);
> > >   		else
> > I kind of agree with Alexey that using kstrtouint() here instead would look
> > nicer. And it isn't like you have to define many new variables. You just
> > need unsigned long for attr_pointer_ul and unsigned int for
> > attr_pointer_ui.
>
> If we use both kstrtouint() and kstrtoul(), then we need to add
> kstrtouint() or kstrtoul() to each case, which would be a lot of
> duplicate code as follows:

Well, it is 5 more lines if I'm counting right :) (3x 3 lines of conversion
- 2x 2 lines of boundary checks). I kind of find it easier to oversee the
boundary checks when everything is together at each parameter. But frankly
this is a bit of nitpicking so if you feel strongly about this I won't
insist.

> static ssize_t ext4_generic_attr_store(struct ext4_attr *a,
>                                        struct ext4_sb_info *sbi,
>                                        const char *buf, size_t len)
> {
>         int ret;
>         unsigned int t;
>         unsigned long lt;
>         void *ptr = calc_ptr(a, sbi);
> 
>         if (!ptr)
>                 return 0;
> 
>         switch (a->attr_id) {
>         case attr_group_prealloc:
>                 ret = kstrtouint(skip_spaces(buf), 0, &t);
>                 if (ret)
>                         return ret;
>                 if (t > sbi->s_clusters_per_group)
>                         return -EINVAL;
>                 return len;
>         case attr_pointer_pi:
>                 ret = kstrtouint(skip_spaces(buf), 0, &t);
>                 if (ret)
>                         return ret;
>                 if ((int)t < 0)
>                         return -EINVAL;
>                 return len;
>         case attr_pointer_ui:
>                 ret = kstrtouint(skip_spaces(buf), 0, &t);
>                 if (ret)
>                         return ret;
>                 if (t != (unsigned int)t)
>                         return -EINVAL;
		  ^^^ this can go away

>                 if (a->attr_ptr == ptr_ext4_super_block_offset)
>                         *((__le32 *) ptr) = cpu_to_le32(t);
>                 else
>                         *((unsigned int *) ptr) = t;
>                 return len;
>         case attr_pointer_ul:
>                 ret = kstrtoul(skip_spaces(buf), 0, &lt);
>                 if (ret)
>                         return ret;
>                 *((unsigned long *) ptr) = lt;
>                 return len;
>         }
>         return 0;
> 
> }
> 
> Also, both kstrtouint() and kstrtoul() are based on the kstrtoull()
> implementation, so it feels better to opencode kstrtoul() and
> kstrtouint() to reduce duplicate code.
> Why is it better to distinguish uint and ulong cases here?

Hopefully explained above :)


								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Re: [PATCH 1/7] ext4: avoid overflow when setting values via sysfs

[Baokun Li]

On 2024/2/23 19:54, Jan Kara wrote:
> On Sat 17-02-24 15:09:06, Baokun Li wrote:
>> On 2024/2/14 0:05, Jan Kara wrote:
>>> On Fri 26-01-24 16:57:10, Baokun Li wrote:
>>>> When setting values of type unsigned int through sysfs, we use kstrtoul()
>>>> to parse it and then truncate part of it as the final set value, when the
>>>> set value is greater than UINT_MAX, the set value will not match what we
>>>> see because of the truncation. As follows:
>>>>
>>>>     $ echo 4294967296 > /sys/fs/ext4/sda/mb_max_linear_groups
>>>>     $ cat /sys/fs/ext4/sda/mb_max_linear_groups
>>>>       0
>>>>
>>>> So when the value set is outside the variable type range, -EINVAL is
>>>> returned to avoid the inconsistency described above. In addition, a
>>>> judgment is added to avoid setting s_resv_clusters less than 0.
>>>>
>>>> Signed-off-by: Baokun Li <libaokun1@huawei.com>
>>>> ---
>>>>    fs/ext4/sysfs.c | 4 +++-
>>>>    1 file changed, 3 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c
>>>> index 6d332dff79dd..3671a8aaf4af 100644
>>>> --- a/fs/ext4/sysfs.c
>>>> +++ b/fs/ext4/sysfs.c
>>>> @@ -104,7 +104,7 @@ static ssize_t reserved_clusters_store(struct ext4_sb_info *sbi,
>>>>    	int ret;
>>>>    	ret = kstrtoull(skip_spaces(buf), 0, &val);
>>>> -	if (ret || val >= clusters)
>>>> +	if (ret || val >= clusters || (s64)val < 0)
>>>>    		return -EINVAL;
>>> This looks a bit pointless, doesn't it? 'val' is u64, clusters is u64. We
>>> know that val < clusters so how could (s64)val be < 0?
>> When clusters is bigger than LLONG_MAX, (s64)val may be less than 0.
>> Of course we don't have such a large storage device yet, so it's only
>> theoretically possible to overflow here. But the previous patches in this
>> patch set were intended to ensure that the values set via sysfs did not
>> exceed the range of the variable type, so I've modified that here as well.
> Well, my point was that the on disk format is limited to much less than
> 2^63 blocks. But I guess having the additional check does not matter.
OK.
>>>> @@ -463,6 +463,8 @@ static ssize_t ext4_attr_store(struct kobject *kobj,
>>>>    		ret = kstrtoul(skip_spaces(buf), 0, &t);
>>>>    		if (ret)
>>>>    			return ret;
>>>> +		if (t != (unsigned int)t)
>>>> +			return -EINVAL;
>>>>    		if (a->attr_ptr == ptr_ext4_super_block_offset)
>>>>    			*((__le32 *) ptr) = cpu_to_le32(t);
>>>>    		else
>>> I kind of agree with Alexey that using kstrtouint() here instead would look
>>> nicer. And it isn't like you have to define many new variables. You just
>>> need unsigned long for attr_pointer_ul and unsigned int for
>>> attr_pointer_ui.
>> If we use both kstrtouint() and kstrtoul(), then we need to add
>> kstrtouint() or kstrtoul() to each case, which would be a lot of
>> duplicate code as follows:
> Well, it is 5 more lines if I'm counting right :) (3x 3 lines of conversion
> - 2x 2 lines of boundary checks). I kind of find it easier to oversee the
> boundary checks when everything is together at each parameter. But frankly
> this is a bit of nitpicking so if you feel strongly about this I won't
> insist.
Makes sense, there may be some implicit checks that look unintuitive
this way in the original patch. Now keep the string to number conversion
inside the switch does look better. Let me send v2.
>> static ssize_t ext4_generic_attr_store(struct ext4_attr *a,
>>                                         struct ext4_sb_info *sbi,
>>                                         const char *buf, size_t len)
>> {
>>          int ret;
>>          unsigned int t;
>>          unsigned long lt;
>>          void *ptr = calc_ptr(a, sbi);
>>
>>          if (!ptr)
>>                  return 0;
>>
>>          switch (a->attr_id) {
>>          case attr_group_prealloc:
>>                  ret = kstrtouint(skip_spaces(buf), 0, &t);
>>                  if (ret)
>>                          return ret;
>>                  if (t > sbi->s_clusters_per_group)
>>                          return -EINVAL;
>>                  return len;
>>          case attr_pointer_pi:
>>                  ret = kstrtouint(skip_spaces(buf), 0, &t);
>>                  if (ret)
>>                          return ret;
>>                  if ((int)t < 0)
>>                          return -EINVAL;
>>                  return len;
>>          case attr_pointer_ui:
>>                  ret = kstrtouint(skip_spaces(buf), 0, &t);
>>                  if (ret)
>>                          return ret;
>>                  if (t != (unsigned int)t)
>>                          return -EINVAL;
> 		  ^^^ this can go away
I forgot to delete this, thanks!
>>                  if (a->attr_ptr == ptr_ext4_super_block_offset)
>>                          *((__le32 *) ptr) = cpu_to_le32(t);
>>                  else
>>                          *((unsigned int *) ptr) = t;
>>                  return len;
>>          case attr_pointer_ul:
>>                  ret = kstrtoul(skip_spaces(buf), 0, &lt);
>>                  if (ret)
>>                          return ret;
>>                  *((unsigned long *) ptr) = lt;
>>                  return len;
>>          }
>>          return 0;
>>
>> }
>>
>> Also, both kstrtouint() and kstrtoul() are based on the kstrtoull()
>> implementation, so it feels better to opencode kstrtoul() and
>> kstrtouint() to reduce duplicate code.
>> Why is it better to distinguish uint and ulong cases here?
> Hopefully explained above :)
>
>
> 								Honza
Yes, now I understand what you're considering. 😊

Thank you for your explanation!
-- 
With Best Regards,
Baokun Li
.