From: Andy Shevchenko <andriy.shevchenko@intel.com>
To: Dmitry Antipov <dmantipov@yandex.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <kees@kernel.org>,
"Darrick J . Wong" <djwong@kernel.org>,
linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6 1/5] lib: fix _parse_integer_limit() to handle overflow
Date: Tue, 10 Feb 2026 09:36:33 +0200 [thread overview]
Message-ID: <aYrgASJXAyoholbF@smile.fi.intel.com> (raw)
In-Reply-To: <20260209164757.433932-2-dmantipov@yandex.ru>
On Mon, Feb 09, 2026 at 07:47:53PM +0300, Dmitry Antipov wrote:
> In '_parse_integer_limit()', adjust native integer arithmetic
> with near-to-overflow branch where 'check_mul_overflow()' and
> 'check_add_overflow()' are used to check whether an intermediate
> result goes out of range, and denote such a case with ULLONG_MAX,
> thus making the function more similar to standard C library's
> 'strtoull()'. Adjust comment to kernel-doc style as well.
...
> - unsigned long long res;
> + unsigned long long res = 0;
>
> - res = 0;
We can leave this untouched.
...
> - while (max_chars--) {
> + for (rv = 0; max_chars--; rv++, s++) {
I don't see how max_chars is used. With that said, I would rather see the usual
way of expressing the condition in the for-loop:
for (rv = 0; rv < max_chars; rv++, s++) {
...
> + if (likely(res != ULLONG_MAX)) {
Have you seen David's question about these checks?
Maybe I missed your answer...
> + if (unlikely(res & (~0ull << 60))) {
> + /* We're close to possible overflow. */
> + unsigned long long tmp;
> +
> + if (check_mul_overflow(res, base, &tmp) ||
> + check_add_overflow(tmp, val, &res)) {
> + res = ULLONG_MAX;
> + rv |= KSTRTOX_OVERFLOW;
> + }
> + } else {
> + res = res * base + val;
> + }
> }
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2026-02-10 7:36 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-09 16:47 [PATCH v6 0/5] lib and lib/cmdline enhancements Dmitry Antipov
2026-02-09 16:47 ` [PATCH v6 1/5] lib: fix _parse_integer_limit() to handle overflow Dmitry Antipov
2026-02-10 7:36 ` Andy Shevchenko [this message]
2026-02-12 11:13 ` Dmitry Antipov
[not found] ` <20260212120030.2f15caaa@pumpkin>
2026-02-12 13:25 ` David Laight
2026-02-12 13:37 ` Andy Shevchenko
2026-02-09 16:47 ` [PATCH v6 2/5] lib: fix memparse() " Dmitry Antipov
2026-02-10 7:51 ` Andy Shevchenko
2026-02-12 11:21 ` Dmitry Antipov
2026-02-09 16:47 ` [PATCH v6 3/5] lib: add more string to 64-bit integer conversion overflow tests Dmitry Antipov
2026-02-09 16:47 ` [PATCH v6 4/5] lib/cmdline_kunit: add test case for memparse() Dmitry Antipov
2026-02-09 16:47 ` [PATCH v6 5/5] lib/cmdline: adjust a few comments to fix kernel-doc -Wreturn warnings Dmitry Antipov
2026-02-10 7:53 ` [PATCH v6 0/5] lib and lib/cmdline enhancements Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYrgASJXAyoholbF@smile.fi.intel.com \
--to=andriy.shevchenko@intel.com \
--cc=akpm@linux-foundation.org \
--cc=djwong@kernel.org \
--cc=dmantipov@yandex.ru \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox