lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260120191655.GDaW_Up2ZOv5AHhbq7@fat_crate.local>
Date: Tue, 20 Jan 2026 20:16:55 +0100
From: Borislav Petkov <bp@...en8.de>
To: "H. Peter Anvin" <hpa@...or.com>,
	David Desobry <david.desobry@...malgen.com>
Cc: tglx@...nel.org, mingo@...hat.com, dave.hansen@...ux.intel.com,
	x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/lib: Fix num_digits() signed overflow for INT_MIN

On Tue, Jan 20, 2026 at 10:17:09AM -0800, H. Peter Anvin wrote:
> Seriously, though. As Linus likes to point out, there is a huge difference
> between "this is stupid" and "you are stupid."

Yap.

> I have said "this is stupid" about my own code more times than I can count.
> For good reason. 

Same here.

> To be honest, I didn't even need to see the comment to know that that was
> probably my code in the first place. I recognized my own style at a glance;
> in particular the kind of code I tend to write specifically for the purpose
> of small as opposed to fast code. I remember writing this code while waiting
> for a table in a restaurant :) but I don't remember the context.

You sent it and I productized it into a patch by saying:

    Change num_digits() to hpa's division-avoiding, cell-phone-typed
    version which he went at great lengths and pains to submit on a
    Saturday evening.

> Anyway, I do not mind anyone calling my code stupid, especially if it
> actually is. It may or may not have been stupid in the first place, or the
> context might have changed, but it doesn't really matter — replacing stupid
> code is how we improve Linux :)

Absolutely. We do that all the time and it used to work back then. Hell, it
works fine for CPU numbers but if someone wants to give it INT_MIN... we
didn't care about that. We needed it for this gunk:

  a17bce4d1dce ("x86/boot: Further compress CPUs bootup message")

Which reminds me:

@David, are you staring at the code or are you using this function somewhere
and hitting this corner case?

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ