From: Andy Shevchenko <andriy.shevchenko@intel.com>
To: Dmitry Antipov <dmantipov@yandex.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <kees@kernel.org>,
"Darrick J . Wong" <djwong@kernel.org>,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH v3 1/3] lib: fix _parse_integer_limit() to handle overflow
Date: Mon, 26 Jan 2026 18:39:13 +0200 [thread overview]
Message-ID: <aXeYsUlxibMuYflx@smile.fi.intel.com> (raw)
In-Reply-To: <20260126162059.357467-2-dmantipov@yandex.ru>
On Mon, Jan 26, 2026 at 07:20:57PM +0300, Dmitry Antipov wrote:
> In '_parse_integer_limit()', replace native integer arithmetic with
> 'check_mul_overflow()' and 'check_add_overflow()' to check whether
> an intermediate result goes out of range, and denote such a case
> with ULLONG_MAX, thus making the function more similar to standard
> C library's 'strtoull()'. Adjust comment to kernel-doc style as well.
...
> - if (unlikely(res & (~0ull << 60))) {
> - if (res > div_u64(ULLONG_MAX - val, base))
Interestingly, but the original check was made to improve performance. We don't
need to worry about overflow unless we close to it. It also has a hint to the
compiler to take branch as a slow path.
> + if (res != ULLONG_MAX) {
> + /*
> + * tmp = res * base;
> + * if (overflow)
> + * res = ULLONG_MAX;
> + * else {
> + * res = tmp + val;
> + * if (overflow)
> + * res = ULLONG_MAX;
> + * }
> + */
This looks like a left over. Use plain English to explain what's going on
here. But I think this should be only done for the last a couple of iterations
only.
> + if (check_mul_overflow(res, base, &tmp) ||
> + check_add_overflow(tmp, val, &res)) {
> + res = ULLONG_MAX;
> rv |= KSTRTOX_OVERFLOW;
> + }
> }
> - res = res * base + val;
> rv++;
> s++;
> }
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2026-01-26 16:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-26 16:20 [PATCH v3 0/3] lib and lib/cmdline enhancements Dmitry Antipov
2026-01-26 16:20 ` [PATCH v3 1/3] lib: fix _parse_integer_limit() to handle overflow Dmitry Antipov
2026-01-26 16:39 ` Andy Shevchenko [this message]
2026-01-26 16:20 ` [PATCH v3 2/3] lib/cmdline_kunit: add test case for memparse() Dmitry Antipov
2026-01-26 16:41 ` Andy Shevchenko
2026-01-26 16:20 ` [PATCH v3 3/3] lib/cmdline: adjust a few comments to fix kernel-doc -Wreturn warnings Dmitry Antipov
2026-01-26 16:43 ` [PATCH v3 0/3] lib and lib/cmdline enhancements Andy Shevchenko
2026-01-26 16:44 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aXeYsUlxibMuYflx@smile.fi.intel.com \
--to=andriy.shevchenko@intel.com \
--cc=akpm@linux-foundation.org \
--cc=djwong@kernel.org \
--cc=dmantipov@yandex.ru \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox