| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aW-YP7wCEvRJzyfR@smile.fi.intel.com> Date: Tue, 20 Jan 2026 16:59:11 +0200 From: Andy Shevchenko <andriy.shevchenko@...el.com> To: Dmitry Antipov <dmantipov@...dex.ru> Cc: Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <kees@...nel.org>, Carlos Maiolino <cem@...nel.org>, Christoph Hellwig <hch@...radead.org>, linux-xfs@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH v4 3/3] xfs: adjust handling of a few numerical mount options On Tue, Jan 20, 2026 at 05:12:29PM +0300, Dmitry Antipov wrote: > Prefer recently introduced 'memvalue()' over an ad-hoc 'suffix_kstrtoint()' > and 'suffix_kstrtoull()' to parse and basically validate the values passed > via 'logbsize', 'allocsize', and 'max_atomic_write' mount options, and > reject non-power-of-two values passed via the first and second one early > in 'xfs_fs_parse_param()' rather than in 'xfs_fs_validate_params()'. ... > - if (kstrtoint(value, base, &_res)) > - ret = -EINVAL; > - kfree(value); > - *res = _res << shift_left_factor; > - return ret; _res is int, if negative the above is UB in accordance with C standard. So, if ever this code runs to the shifting left negative numbers it goes to a slippery slope (I think it works as intended, but...). That said, I assume this code was never designed to get a negative value to the _res. With all this, I do not see the point of having a new API. Also, where are the test cases for it? -- With Best Regards, Andy Shevchenko
Powered by blists - more mailing lists