From: Andy Shevchenko <andriy.shevchenko@intel.com>
To: Dmitry Antipov <dmantipov@yandex.ru>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Kees Cook <kees@kernel.org>,
"Darrick J . Wong" <djwong@kernel.org>,
linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v5 1/5] lib: fix _parse_integer_limit() to handle overflow
Date: Wed, 4 Feb 2026 16:31:21 +0200 [thread overview]
Message-ID: <aYNYOaiSfXFFe6Jc@smile.fi.intel.com> (raw)
In-Reply-To: <20260204135717.941256-2-dmantipov@yandex.ru>
On Wed, Feb 04, 2026 at 04:57:13PM +0300, Dmitry Antipov wrote:
> In '_parse_integer_limit()', adjust native integer arithmetic
> with near-to-overflow branch where 'check_mul_overflow()' and
> 'check_add_overflow()' are used to check whether an intermediate
> result goes out of range, and denote such a case with ULLONG_MAX,
> thus making the function more similar to standard C library's
> 'strtoull()'. Adjust comment to kernel-doc style as well.
...
> /*
> - * Check for overflow only if we are within range of
> - * it in the max base we support (16)
> + * Accumulate result if no overflow detected.
> + * Otherwise just consume valid characters.
> */
> - if (unlikely(res & (~0ull << 60))) {
> - if (res > div_u64(ULLONG_MAX - val, base))
> - rv |= KSTRTOX_OVERFLOW;
> + if (likely(res != ULLONG_MAX)) {
> + if (unlikely(res & (~0ull << 60))) {
> + /* We're close to possible overflow. */
> + if (check_mul_overflow(res, base, &tmp) ||
> + check_add_overflow(tmp, val, &res)) {
> + res = ULLONG_MAX;
> + rv |= KSTRTOX_OVERFLOW;
> + }
> + } else {
> + res = res * base + val;
> + }
> }
> - res = res * base + val;
> rv++;
> s++;
In case you would need a v6, we can leave some of the lines untouched if we
switch to for-loop instead of while, but it might make the for-loop quite long.
I'm okay with the current version, up to you to experiment and choose.
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2026-02-04 14:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-04 13:57 [PATCH v5 0/5] lib and lib/cmdline enhancements Dmitry Antipov
2026-02-04 13:57 ` [PATCH v5 1/5] lib: fix _parse_integer_limit() to handle overflow Dmitry Antipov
2026-02-04 14:31 ` Andy Shevchenko [this message]
2026-02-05 9:04 ` Dmitry Antipov
2026-02-05 16:03 ` Andy Shevchenko
2026-02-05 22:15 ` David Laight
2026-02-06 7:42 ` Andy Shevchenko
2026-02-06 9:53 ` Dmitry Antipov
2026-02-06 10:11 ` Andy Shevchenko
2026-02-04 13:57 ` [PATCH v5 2/5] lib: fix memparse() " Dmitry Antipov
2026-02-04 14:42 ` Andy Shevchenko
2026-02-05 9:17 ` Dmitry Antipov
2026-02-05 16:05 ` Andy Shevchenko
2026-02-04 13:57 ` [PATCH v5 3/5] lib: add more string to 64-bit integer conversion overflow tests Dmitry Antipov
2026-02-04 13:57 ` [PATCH v5 4/5] lib/cmdline_kunit: add test case for memparse() Dmitry Antipov
2026-02-04 13:57 ` [PATCH v5 5/5] lib/cmdline: adjust a few comments to fix kernel-doc -Wreturn warnings Dmitry Antipov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYNYOaiSfXFFe6Jc@smile.fi.intel.com \
--to=andriy.shevchenko@intel.com \
--cc=akpm@linux-foundation.org \
--cc=djwong@kernel.org \
--cc=dmantipov@yandex.ru \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox