From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC11632937A for ; Thu, 2 Jul 2026 18:03:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.51 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783015417; cv=none; b=M72eOq+wpsWjozyHATJj3X+PPiPD+cnGn4bpU4SKkBKsbvwm3ARAX+SQf1ItlGT8XiNW/1pZJSNSk8ovyqpcvpailHUszWpeplpKHGcOVwktUtvgBA85MCRqPlr/YLCZYtXZmQOzukWckVqMamxG9d0nIeVgUA2z8lTf6dHWxds= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783015417; c=relaxed/simple; bh=wD4JSS/WZ/xleRkWlY9SFVvBA1oXaETQMYsCPskFJRk=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=ecNAea3h85Uilc7sAdmtEE4C8GxPptExcux6MtKS3Hb2f1MHpqphNzQq3VX4yqh1+PmuHfiwnCUuyMZa1RXn57U04NwDpktEBys3S8gzi5C3gx0XulwbhlZWhixyPPUjs3ZO3FUX2ChKVTh6kSgVj3UpG1i3J3C3achbGPVvN78= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=mJJTd9+A; arc=none smtp.client-ip=209.85.221.51 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mJJTd9+A" Received: by mail-wr1-f51.google.com with SMTP id ffacd0b85a97d-4720f3bf164so450395f8f.1 for ; Thu, 02 Jul 2026 11:03:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1783015414; x=1783620214; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=YWDPGIrkysUZcB5KX/lDr2Zh6IIr3sLybVKTPzg5/DA=; b=mJJTd9+ApzIdA4lZ6TlMRPO4f6HSy6HiAERo5NntMoWQxQdPWG9orDxDbYH076eCBX lm2CfVwmBYuAYiK4UJO3KWanvaQ8tBYVDYlLoWVf05WyhsfX4PdDxfaAsc7fKNlPpbsz htIavyaSAzUjwBgMeO053AtYGmpiovM27aIz3+aTXQrlfHida3VwKBUWwkWACejrFWDB sYgpL8HoJA/IG8E8/Cfvm77z2MpXk19D0MvP/qakyiXnzIEOmdeuaV5X29uoHuUUPP2e 9ARpvZqP8o+f88rUlloWpOicAHcIxFJqcagPQXVwvYd7uSjUE7mtzJ9l7BfzXi/aSGyh 7rgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783015414; x=1783620214; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=YWDPGIrkysUZcB5KX/lDr2Zh6IIr3sLybVKTPzg5/DA=; b=JJ8M7tlfR9FJXh7jS4wOJC8tYfI7J59l0vD24wBKm2a6LYgJHAfv3RAVWqvmNVgtZp BBGHUFJo3fxh0VEUnR+nNZvr2SM9MJ+TvGny5SFX6n195UnVSVZQu7DYmW0J3f3Jwm5X r/SfxDwmnwxG4+qB4R1JM7F7kwnBiKdENSsuhwYe4VSMJ0iea5AGrAvt7UzEu7BHENm9 2VAoRiDOY7SqUJkAv44WE92utCw8g8G0vFzulHF69cFuo39vpGHBCZq6LlbCiu1ASmGS zFGBxGOXocZchAxMv6hWeFL9mGD02r/tv7XxqJr/CP5HEOzWhUuw/meulcgOWjT+kKZz KUfw== X-Forwarded-Encrypted: i=1; AFNElJ8Lgn+rXTFYUr1ObO4aH/9Oky20dzG13DH+Rcoo3E+A4DmvPiopJOUfq+ZoWuc0jGefv/3Bwx4ZfhsOHlg=@vger.kernel.org X-Gm-Message-State: AOJu0YxWSy1lWZDvpeA1wKX63IBfnejXD6ay5o0j0Glv8jW3BqRIjQ0W 39SppGImqDfWNDjku2Zz41ujmoqqhfAqUwn7uN3a4HCq4k/nHdyrEuQ= X-Gm-Gg: AfdE7cnhQiwcGr5fhIqNYRB+xdNUKwHftdwlPFOAw1HeKJWtClWBvbofDAf0kJQfGuq sexXYH/2HDXAwgdYe6YrI9sD3MJcMr+VKKQjxRwcp6dk+NDfLxJdptvpKYDAAG5vH3798gtdik8 mXTG4LbIsHasnXozQh33M7a1GuNA92bYjmxqVqW/JrpJaFmQlUES9RNz9zh67LzTxFflH4VhPQt DRczBHD2S5Z9h2i5OgEgQ7Xdz4cRL0JwZg+828qDEj9ElJMmTGBjoO85A1XizyzlCH6VhQDF6h7 OfDmm3LZZQNiAwPpCu3FJUv9EbpSyh+RBbBbBgzzmj63oe0itpGedTWVPkLm6lFKjFdvjmVcARc 0yxeaRYcRU4JQlz/kAybKbdFeHjmnBTV2MR5eoAoQblI3Xk/5OxGZXpNiKjl3PT6ZaXLG5z37Md 1f3bYIb6xnkDHj X-Received: by 2002:a05:600c:5294:b0:493:ca5d:b9b3 with SMTP id 5b1f17b1804b1-493ca5db9c3mr7271085e9.12.1783015413866; Thu, 02 Jul 2026 11:03:33 -0700 (PDT) Received: from p183 ([178.172.147.121]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-477db8a4b73sm10949565f8f.15.2026.07.02.11.03.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Jul 2026 11:03:33 -0700 (PDT) From: Alexey Dobriyan To: akpm@linux-foundation.org Cc: adobriyan@gmail.com, dmantipov@yandex.ru, andriy.shevchenko@intel.com, linux-kernel@vger.kernel.org Subject: [PATCH 1/1] Revert "lib: fix _parse_integer_limit() to handle overflow" Date: Thu, 2 Jul 2026 21:06:38 +0300 Message-ID: <20260702180638.39196-1-adobriyan@gmail.com> X-Mailer: git-send-email 2.54.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This reverts commit 6e30111dbb4075e3c26c230417b32bc4a1c66831 . 1) this patch breaks scanf() which uses _parse_integer_limit() internally, and is supposed to get overflowed result (however incorrect it may be) 2) using check_mul_overflow() and check_add_overflow() as written doesn't add any overflow protection because it is under branch where such overflow can't happen if radix is kept <=16, 3) kernel-doc comment legitimize the function while exactly the opposite should be done. Not a fan. Signed-off-by: Alexey Dobriyan --- lib/kstrtox.c | 37 +++++++++++++++---------------------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/lib/kstrtox.c b/lib/kstrtox.c index edc4eb7c1bca..97be2a39f537 100644 --- a/lib/kstrtox.c +++ b/lib/kstrtox.c @@ -39,30 +39,25 @@ const char *_parse_integer_fixup_radix(const char *s, unsigned int *base) return s; } -/** - * _parse_integer_limit - Convert integer string representation to an integer - * @s: Integer string representation - * @base: Radix - * @p: Where to store result - * @max_chars: Maximum amount of characters to convert - * - * Convert non-negative integer string representation in explicitly given - * radix to an integer. If overflow occurs, value at @p is set to ULLONG_MAX. +/* + * Convert non-negative integer string representation in explicitly given radix + * to an integer. A maximum of max_chars characters will be converted. * - * This function is the workhorse of other string conversion functions and it - * is discouraged to use it explicitly. Consider kstrto*() family instead. + * Return number of characters consumed maybe or-ed with overflow bit. + * If overflow occurs, result integer (incorrect) is still returned. * - * Return: Number of characters consumed, maybe ORed with overflow bit + * Don't you dare use this function. */ noinline unsigned int _parse_integer_limit(const char *s, unsigned int base, unsigned long long *p, size_t max_chars) { - unsigned int rv, overflow = 0; unsigned long long res; + unsigned int rv; res = 0; - for (rv = 0; rv < max_chars; rv++, s++) { + rv = 0; + while (max_chars--) { unsigned int c = *s; unsigned int lc = _tolower(c); unsigned int val; @@ -81,17 +76,15 @@ unsigned int _parse_integer_limit(const char *s, unsigned int base, unsigned lon * it in the max base we support (16) */ if (unlikely(res & (~0ull << 60))) { - if (check_mul_overflow(res, base, &res) || - check_add_overflow(res, val, &res)) { - res = ULLONG_MAX; - overflow = KSTRTOX_OVERFLOW; - } - } else { - res = res * base + val; + if (res > div_u64(ULLONG_MAX - val, base)) + rv |= KSTRTOX_OVERFLOW; } + res = res * base + val; + rv++; + s++; } *p = res; - return rv | overflow; + return rv; } noinline -- 2.54.0