* + lib-fix-memparse-to-handle-overflow.patch added to mm-nonmm-unstable branch
@ 2026-04-03 17:10 Andrew Morton
0 siblings, 0 replies; 2+ messages in thread
From: Andrew Morton @ 2026-04-03 17:10 UTC (permalink / raw)
To: mm-commits, dmantipov, akpm
The patch titled
Subject: lib: fix memparse() to handle overflow
has been added to the -mm mm-nonmm-unstable branch. Its filename is
lib-fix-memparse-to-handle-overflow.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/lib-fix-memparse-to-handle-overflow.patch
This patch will later appear in the mm-nonmm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via various
branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there most days
------------------------------------------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
Subject: lib: fix memparse() to handle overflow
Date: Fri, 3 Apr 2026 13:33:34 +0300
Since '_parse_integer_limit()' (and so 'simple_strtoull()') is now capable
to handle overflow, adjust 'memparse()' to handle overflow (denoted by
ULLONG_MAX) returned from 'simple_strtoull()'. Also use
'check_shl_overflow()' to catch an overflow possibly caused by processing
size suffix and denote it with ULLONG_MAX as well.
Link: https://lkml.kernel.org/r/20260403103338.1122415-3-dmantipov@yandex.ru
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com>
Cc: Albert Ou <aou@eecs.berkeley.edu>
Cc: Alexandre Ghiti <alex@ghiti.fr>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: "Darrick J. Wong" <djwong@kernel.org>
Cc: Kees Cook <kees@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <pjw@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
lib/cmdline.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
--- a/lib/cmdline.c~lib-fix-memparse-to-handle-overflow
+++ a/lib/cmdline.c
@@ -150,39 +150,46 @@ EXPORT_SYMBOL(get_options);
unsigned long long memparse(const char *ptr, char **retptr)
{
char *endptr; /* local pointer to end of parsed string */
-
unsigned long long ret = simple_strtoull(ptr, &endptr, 0);
+ unsigned int shl = 0;
+ /* Consume valid suffix even in case of overflow. */
switch (*endptr) {
case 'E':
case 'e':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'P':
case 'p':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'T':
case 't':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'G':
case 'g':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'M':
case 'm':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'K':
case 'k':
- ret <<= 10;
- endptr++;
+ shl += 10;
fallthrough;
default:
break;
}
+ if (shl && likely(ptr != endptr)) {
+ /* Have valid suffix with preceding number. */
+ if (unlikely(check_shl_overflow(ret, shl, &ret)))
+ ret = ULLONG_MAX;
+ endptr++;
+ }
+
if (retptr)
*retptr = endptr;
_
Patches currently in -mm which might be from dmantipov@yandex.ru are
lib-fix-_parse_integer_limit-to-handle-overflow.patch
lib-fix-memparse-to-handle-overflow.patch
lib-add-more-string-to-64-bit-integer-conversion-overflow-tests.patch
lib-cmdline_kunit-add-test-case-for-memparse.patch
lib-cmdline-adjust-a-few-comments-to-fix-kernel-doc-wreturn-warnings.patch
riscv-export-symbols-needed-for-riscv32-efi-stub.patch
^ permalink raw reply [flat|nested] 2+ messages in thread* + lib-fix-memparse-to-handle-overflow.patch added to mm-nonmm-unstable branch
@ 2026-02-20 21:34 Andrew Morton
0 siblings, 0 replies; 2+ messages in thread
From: Andrew Morton @ 2026-02-20 21:34 UTC (permalink / raw)
To: mm-commits, kees, djwong, andriy.shevchenko, dmantipov, akpm
The patch titled
Subject: lib: fix memparse() to handle overflow
has been added to the -mm mm-nonmm-unstable branch. Its filename is
lib-fix-memparse-to-handle-overflow.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/lib-fix-memparse-to-handle-overflow.patch
This patch will later appear in the mm-nonmm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via various
branches at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there most days
------------------------------------------------------
From: Dmitry Antipov <dmantipov@yandex.ru>
Subject: lib: fix memparse() to handle overflow
Date: Thu, 12 Feb 2026 19:44:10 +0300
Since '_parse_integer_limit()' (and so 'simple_strtoull()') is now capable
to handle overflow, adjust 'memparse()' to handle overflow (denoted by
ULLONG_MAX) returned from 'simple_strtoull()'. Also use
'check_shl_overflow()' to catch an overflow possibly caused by processing
size suffix and denote it with ULLONG_MAX as well.
Link: https://lkml.kernel.org/r/20260212164413.889625-3-dmantipov@yandex.ru
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com>
Cc: "Darrick J. Wong" <djwong@kernel.org>
Cc: Kees Cook <kees@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---
lib/cmdline.c | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
--- a/lib/cmdline.c~lib-fix-memparse-to-handle-overflow
+++ a/lib/cmdline.c
@@ -150,39 +150,46 @@ EXPORT_SYMBOL(get_options);
unsigned long long memparse(const char *ptr, char **retptr)
{
char *endptr; /* local pointer to end of parsed string */
-
unsigned long long ret = simple_strtoull(ptr, &endptr, 0);
+ unsigned int shl = 0;
+ /* Consume valid suffix even in case of overflow. */
switch (*endptr) {
case 'E':
case 'e':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'P':
case 'p':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'T':
case 't':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'G':
case 'g':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'M':
case 'm':
- ret <<= 10;
+ shl += 10;
fallthrough;
case 'K':
case 'k':
- ret <<= 10;
- endptr++;
+ shl += 10;
fallthrough;
default:
break;
}
+ if (shl && likely(ptr != endptr)) {
+ /* Have valid suffix with preceding number. */
+ if (unlikely(check_shl_overflow(ret, shl, &ret)))
+ ret = ULLONG_MAX;
+ endptr++;
+ }
+
if (retptr)
*retptr = endptr;
_
Patches currently in -mm which might be from dmantipov@yandex.ru are
lib-fix-_parse_integer_limit-to-handle-overflow.patch
lib-fix-memparse-to-handle-overflow.patch
lib-add-more-string-to-64-bit-integer-conversion-overflow-tests.patch
lib-cmdline_kunit-add-test-case-for-memparse.patch
lib-cmdline-adjust-a-few-comments-to-fix-kernel-doc-wreturn-warnings.patch
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-04-03 17:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-03 17:10 + lib-fix-memparse-to-handle-overflow.patch added to mm-nonmm-unstable branch Andrew Morton
-- strict thread matches above, loose matches on Subject: below --
2026-02-20 21:34 Andrew Morton
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox