diff mbox series

[2/2] trace: kdb: Replace simple_strtoul with kstrtoul in kdb_ftdump

Message ID GV1PR10MB6563DC208657E86715361E94E8B4A@GV1PR10MB6563.EURPRD10.PROD.OUTLOOK.COM (mailing list archive)
State Changes Requested
Headers show
Series Replace the use of simple_strtol/ul functions with kstrto | expand

Commit Message

Yuran Pereira Nov. 20, 2023, 12:09 a.m. UTC 
The function simple_strtoul performs no error checking in scenarios
where the input value overflows the intended output variable.
This results in this function successfully returning, even when the
output does not match the input string (aka the function returns
successfully even when the result is wrong).

Or as it was mentioned [1], "...simple_strtol(), simple_strtoll(),
simple_strtoul(), and simple_strtoull() functions explicitly ignore
overflows, which may lead to unexpected results in callers."
Hence, the use of those functions is discouraged.

This patch replaces all uses of the simple_strtoul with the safer
alternatives kstrtoint and kstrtol.

[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull

Signed-off-by: Yuran Pereira <yuran.pereira@hotmail.com>
---
 kernel/trace/trace_kdb.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

Comments

Doug Anderson Dec. 5, 2023, 9:41 p.m. UTC | #1 
Hi,

On Sun, Nov 19, 2023 at 4:10 PM Yuran Pereira <yuran.pereira@hotmail.com> wrote:
>
> The function simple_strtoul performs no error checking in scenarios
> where the input value overflows the intended output variable.
> This results in this function successfully returning, even when the
> output does not match the input string (aka the function returns
> successfully even when the result is wrong).
>
> Or as it was mentioned [1], "...simple_strtol(), simple_strtoll(),
> simple_strtoul(), and simple_strtoull() functions explicitly ignore
> overflows, which may lead to unexpected results in callers."
> Hence, the use of those functions is discouraged.
>
> This patch replaces all uses of the simple_strtoul with the safer
> alternatives kstrtoint and kstrtol.
>
> [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull
>
> Signed-off-by: Yuran Pereira <yuran.pereira@hotmail.com>
> ---
>  kernel/trace/trace_kdb.c | 14 ++++++--------
>  1 file changed, 6 insertions(+), 8 deletions(-)
>
> diff --git a/kernel/trace/trace_kdb.c b/kernel/trace/trace_kdb.c
> index 59857a1ee44c..3891f885e4a6 100644
> --- a/kernel/trace/trace_kdb.c
> +++ b/kernel/trace/trace_kdb.c
> @@ -96,23 +96,21 @@ static int kdb_ftdump(int argc, const char **argv)
>  {
>         int skip_entries = 0;
>         long cpu_file;
> -       char *cp;
> +       int err;
>         int cnt;
>         int cpu;
>
>         if (argc > 2)
>                 return KDB_ARGCOUNT;
>
> -       if (argc) {
> -               skip_entries = simple_strtol(argv[1], &cp, 0);
> -               if (*cp)
> +       if (argc)
> +               if (kstrtoint(argv[1], 0, &skip_entries))
>                         skip_entries = 0;
> -       }

Similar nit about braces as in patch #1. tl;dr is change the above to:

if (argc && kstrtoint(argv[1], 0, &skip_entries))
  skip_entries = 0;


>
>         if (argc == 2) {
> -               cpu_file = simple_strtol(argv[2], &cp, 0);
> -               if (*cp || cpu_file >= NR_CPUS || cpu_file < 0 ||
> -                   !cpu_online(cpu_file))
> +               err = kstrtol(argv[2], 0, &cpu_file);
> +               if (err || cpu_file >= NR_CPUS || cpu_file < 0 ||
> +                               !cpu_online(cpu_file))

nit: why did you change the indentation for "!cpu_online(cpu_file))"?
It seemed better before.

With nits fixed:

Reviewed-by: Douglas Anderson <dianders@chromium.org>
Daniel Thompson Dec. 6, 2023, 11:37 a.m. UTC | #2 
On Tue, Dec 05, 2023 at 01:41:57PM -0800, Doug Anderson wrote:
> Hi,
>
> On Sun, Nov 19, 2023 at 4:10 PM Yuran Pereira <yuran.pereira@hotmail.com> wrote:
> >
> > The function simple_strtoul performs no error checking in scenarios
> > where the input value overflows the intended output variable.
> > This results in this function successfully returning, even when the
> > output does not match the input string (aka the function returns
> > successfully even when the result is wrong).
> >
> > Or as it was mentioned [1], "...simple_strtol(), simple_strtoll(),
> > simple_strtoul(), and simple_strtoull() functions explicitly ignore
> > overflows, which may lead to unexpected results in callers."
> > Hence, the use of those functions is discouraged.
> >
> > This patch replaces all uses of the simple_strtoul with the safer
> > alternatives kstrtoint and kstrtol.
> >
> > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull
> >
> > Signed-off-by: Yuran Pereira <yuran.pereira@hotmail.com>
> > ---
> >  kernel/trace/trace_kdb.c | 14 ++++++--------
> >  1 file changed, 6 insertions(+), 8 deletions(-)
> >
> > diff --git a/kernel/trace/trace_kdb.c b/kernel/trace/trace_kdb.c
> > index 59857a1ee44c..3891f885e4a6 100644
> > --- a/kernel/trace/trace_kdb.c
> > +++ b/kernel/trace/trace_kdb.c
> > @@ -96,23 +96,21 @@ static int kdb_ftdump(int argc, const char **argv)
> >  {
> >         int skip_entries = 0;
> >         long cpu_file;
> > -       char *cp;
> > +       int err;
> >         int cnt;
> >         int cpu;
> >
> >         if (argc > 2)
> >                 return KDB_ARGCOUNT;
> >
> > -       if (argc) {
> > -               skip_entries = simple_strtol(argv[1], &cp, 0);
> > -               if (*cp)
> > +       if (argc)
> > +               if (kstrtoint(argv[1], 0, &skip_entries))
> >                         skip_entries = 0;
> > -       }
>
> Similar nit about braces as in patch #1. tl;dr is change the above to:
>
> if (argc && kstrtoint(argv[1], 0, &skip_entries))
>   skip_entries = 0;

Surely that should be:

if (...)
	return KDB_BADINT;

There seems little point switching to a "safer" API if we just ignore the
errors it provides us.


Daniel.
Doug Anderson Dec. 6, 2023, 3:17 p.m. UTC | #3 
Hi,

On Wed, Dec 6, 2023 at 3:38 AM Daniel Thompson
<daniel.thompson@linaro.org> wrote:
>
> On Tue, Dec 05, 2023 at 01:41:57PM -0800, Doug Anderson wrote:
> > Hi,
> >
> > On Sun, Nov 19, 2023 at 4:10 PM Yuran Pereira <yuran.pereira@hotmail.com> wrote:
> > >
> > > The function simple_strtoul performs no error checking in scenarios
> > > where the input value overflows the intended output variable.
> > > This results in this function successfully returning, even when the
> > > output does not match the input string (aka the function returns
> > > successfully even when the result is wrong).
> > >
> > > Or as it was mentioned [1], "...simple_strtol(), simple_strtoll(),
> > > simple_strtoul(), and simple_strtoull() functions explicitly ignore
> > > overflows, which may lead to unexpected results in callers."
> > > Hence, the use of those functions is discouraged.
> > >
> > > This patch replaces all uses of the simple_strtoul with the safer
> > > alternatives kstrtoint and kstrtol.
> > >
> > > [1] https://www.kernel.org/doc/html/latest/process/deprecated.html#simple-strtol-simple-strtoll-simple-strtoul-simple-strtoull
> > >
> > > Signed-off-by: Yuran Pereira <yuran.pereira@hotmail.com>
> > > ---
> > >  kernel/trace/trace_kdb.c | 14 ++++++--------
> > >  1 file changed, 6 insertions(+), 8 deletions(-)
> > >
> > > diff --git a/kernel/trace/trace_kdb.c b/kernel/trace/trace_kdb.c
> > > index 59857a1ee44c..3891f885e4a6 100644
> > > --- a/kernel/trace/trace_kdb.c
> > > +++ b/kernel/trace/trace_kdb.c
> > > @@ -96,23 +96,21 @@ static int kdb_ftdump(int argc, const char **argv)
> > >  {
> > >         int skip_entries = 0;
> > >         long cpu_file;
> > > -       char *cp;
> > > +       int err;
> > >         int cnt;
> > >         int cpu;
> > >
> > >         if (argc > 2)
> > >                 return KDB_ARGCOUNT;
> > >
> > > -       if (argc) {
> > > -               skip_entries = simple_strtol(argv[1], &cp, 0);
> > > -               if (*cp)
> > > +       if (argc)
> > > +               if (kstrtoint(argv[1], 0, &skip_entries))
> > >                         skip_entries = 0;
> > > -       }
> >
> > Similar nit about braces as in patch #1. tl;dr is change the above to:
> >
> > if (argc && kstrtoint(argv[1], 0, &skip_entries))
> >   skip_entries = 0;
>
> Surely that should be:
>
> if (...)
>         return KDB_BADINT;
>
> There seems little point switching to a "safer" API if we just ignore the
> errors it provides us.

Ah, sure. I have no objections to that. Note that would have also been
possible with the old code, which did still do awkward error checking,
so I assumed that it was a conscious decision. ...but I'm definitely
happier with the error being reported instead of glossed over.

-Doug
diff mbox series

Patch

diff --git a/kernel/trace/trace_kdb.c b/kernel/trace/trace_kdb.c
index 59857a1ee44c..3891f885e4a6 100644
--- a/kernel/trace/trace_kdb.c
+++ b/kernel/trace/trace_kdb.c
@@ -96,23 +96,21 @@  static int kdb_ftdump(int argc, const char **argv)
 {
 	int skip_entries = 0;
 	long cpu_file;
-	char *cp;
+	int err;
 	int cnt;
 	int cpu;
 
 	if (argc > 2)
 		return KDB_ARGCOUNT;
 
-	if (argc) {
-		skip_entries = simple_strtol(argv[1], &cp, 0);
-		if (*cp)
+	if (argc)
+		if (kstrtoint(argv[1], 0, &skip_entries))
 			skip_entries = 0;
-	}
 
 	if (argc == 2) {
-		cpu_file = simple_strtol(argv[2], &cp, 0);
-		if (*cp || cpu_file >= NR_CPUS || cpu_file < 0 ||
-		    !cpu_online(cpu_file))
+		err = kstrtol(argv[2], 0, &cpu_file);
+		if (err || cpu_file >= NR_CPUS || cpu_file < 0 ||
+				!cpu_online(cpu_file))
 			return KDB_BADINT;
 	} else {
 		cpu_file = RING_BUFFER_ALL_CPUS;