From: Christian Brauner <christian@brauner.io>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: keescook@chromium.org, linux-kernel@vger.kernel.org,
ebiederm@xmission.com, mcgrof@kernel.org,
akpm@linux-foundation.org, joe.lawrence@redhat.com,
longman@redhat.com
Subject: Re: [PATCH 1/2] sysctl: add overflow detection to proc_get_long()
Date: Sun, 14 Oct 2018 20:53:46 +0200 [thread overview]
Message-ID: <20181014185345.o6uokigiytqugg6v@brauner.io> (raw)
In-Reply-To: <20181014171855.GW32577@ZenIV.linux.org.uk>
On Sun, Oct 14, 2018 at 06:18:55PM +0100, Al Viro wrote:
> On Sun, Oct 14, 2018 at 03:25:09PM +0200, Christian Brauner wrote:
>
> > +static unsigned long sysctl_strtoul_lenient(const char *cp, char **endp,
> > + unsigned int base, bool *overflow)
> > +{
> > + unsigned long long result;
> > + unsigned int rv;
> > +
> > + cp = _parse_integer_fixup_radix(cp, &base);
> > + rv = _parse_integer(cp, base, &result);
> > + if ((rv & KSTRTOX_OVERFLOW) ||
> > + (result != (unsigned long long)(unsigned long)result))
> > + *overflow = true;
> > + else
> > + *overflow = false;
>
> Yecchh... First of all, the cast back to unsigned long long is completely
> pointless. What's more,
Sorry, seriously asking: why? This was meant to handle the case where
sizeof(unsigned long long) != sizeof(unsigned long) and I just looked at
_kstrtoul() which does the same:
int _kstrtoul(const char *s, unsigned int base, unsigned long *res)
{
unsigned long long tmp;
int rv;
rv = kstrtoull(s, base, &tmp);
if (rv < 0)
return rv;
if (tmp != (unsigned long long)(unsigned long)tmp)
return -ERANGE;
*res = tmp;
return 0;
}
Sorry, if I'm being dense here.
> if (expr)
> foo = true;
> else
> foo = flase;
> is a fairly unidiomatic way to spell foo = expr;
>
> And... is there anything that would really care if this "overflow" thing had
> been replaced by simply returning ~0UL on such? That would appear to be
> a lot more natural API...
Yes, I thought about this but I really didn't want to risk breaking
anything that relies on the weird old behavior. We can change it to that
and assume that anything that doesn't explicitly set a maximum value
wants to be capped at ULONG_MAX. Fine with me.
next prev parent reply other threads:[~2018-10-14 18:53 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-14 13:25 [PATCH 0/2] sysctl: cap file-max value at ULONG_MAX Christian Brauner
2018-10-14 13:25 ` [PATCH 1/2] sysctl: add overflow detection to proc_get_long() Christian Brauner
2018-10-14 17:18 ` Al Viro
2018-10-14 18:53 ` Christian Brauner [this message]
2018-10-15 0:03 ` Al Viro
2018-10-15 4:47 ` Christian Brauner
2018-10-14 13:25 ` [PATCH 2/2] sysctl: handle overflow for file-max Christian Brauner
2018-10-14 22:13 [PATCH 1/2] sysctl: add overflow detection to proc_get_long() Alexey Dobriyan
2018-10-14 22:43 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181014185345.o6uokigiytqugg6v@brauner.io \
--to=christian@brauner.io \
--cc=akpm@linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=joe.lawrence@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mcgrof@kernel.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).