Re: [PATCH RESEND] x86/boot: Replace simple_strtoull in parse_gb_huge_pages

[Thorsten Blum]

On 1. Mar 2026, at 11:44, Borislav Petkov wrote:
> On Mon, Feb 02, 2026 at 06:32:20PM +0100, Thorsten Blum wrote:
>> Replace simple_strtoull() with the recommended boot_kstrtoul() for
>> parsing the 'hugepages=' boot parameter. Unlike simple_strtoull(), which
>> returns an unsigned long long, boot_kstrtoul() converts the string
>> directly to an unsigned long and avoids implicit casting.
> 
> "The respective kstrtol(), kstrtoll(), kstrtoul(), and kstrtoull() functions
> tend to be the correct replacements, though note that those require the string
> to be NUL or newline terminated."
> 
> Where are we making sure of that?

next_arg() provides NUL-terminated substrings, but 'val' could be NULL
when '=' is missing in the boot parameter, but that would also break
memparse() and simple_strtoull().

Should I fix this for both 'hugepagesz' and 'hugepages' in this patch?
Something like this:

diff --git a/arch/x86/boot/compressed/kaslr.c b/arch/x86/boot/compressed/kaslr.c
index 3b0948ad449f..b98b574dd937 100644
--- a/arch/x86/boot/compressed/kaslr.c
+++ b/arch/x86/boot/compressed/kaslr.c
@@ -202,9 +202,15 @@ static unsigned long max_gb_huge_pages;
 static void parse_gb_huge_pages(char *param, char *val)
 {
 	static bool gbpage_sz;
-	char *p;
 
 	if (!strcmp(param, "hugepagesz")) {
+		char *p;
+
+		if (!val) {
+			warn("Missing value in hugepagesz= boot parameter\n");
+			return;
+		}
+
 		p = val;
 		if (memparse(p, &p) != PUD_SIZE) {
 			gbpage_sz = false;
@@ -218,8 +224,13 @@ static void parse_gb_huge_pages(char *param, char *val)
 	}
 
 	if (!strcmp(param, "hugepages") && gbpage_sz) {
-		p = val;
-		max_gb_huge_pages = simple_strtoull(p, &p, 0);
+		if (!val) {
+			warn("Missing value in hugepages= boot parameter\n");
+			return;
+		}
+
+		if (boot_kstrtoul(val, 0, &max_gb_huge_pages))
+			warn("Failed to parse hugepages= boot parameter\n");
 		return;
 	}
 }