Re: [PATCH -next 2/3] xen: balloon: Replaced simple_strtoull() with kstrtoull()
From: Dan Carpenter
Date: Thu May 27 2021 - 10:39:44 EST
On Thu, May 27, 2021 at 02:10:21PM +0000, David Laight wrote:
> From: Chen Huang
> > Sent: 26 May 2021 10:20
> >
> > The simple_strtoull() function is deprecated in some situation, since
> > it does not check for the range overflow, use kstrtoull() instead.
> >
> ...
> > - target_bytes = simple_strtoull(buf, &endchar, 0) * 1024;
> > + ret = kstrtoull(buf, 0, &target_bytes);
> > + if (ret)
> > + return ret;
> > + target_bytes *= 1024;
>
> I'd have thought it was more important to check *endchar
> than overflow.
That's one of the differences between simple_strtoull() and kstrtoull().
The simple_strtoull() will accept a string like "123ABC", but kstrtoull()
will only accept NUL terminated numbers or a newline followed by a NUL
terminator. Which is fine in this context because users will be doing
"echo 1234 > /sys/foo".
> If you are worried about overflow you need a range check
> before the multiply.
This is probably a case where if the users cause an integer overflow
then they get what they deserve.
regards,
dan carpenter