Received: by 2002:a05:7412:ba23:b0:fa:4c10:6cad with SMTP id jp35csp618602rdb;
        Thu, 18 Jan 2024 13:30:30 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFfX4GN1iaMz9Of4yrDLm9Xjxu4v3OjBlHOG3paAQhl1fywQ+tCtO7T9Vwjeiee/ILeo7Mo
X-Received: by 2002:a05:6830:2645:b0:6dd:e195:ff8a with SMTP id f5-20020a056830264500b006dde195ff8amr1358778otu.68.1705613430414;
        Thu, 18 Jan 2024 13:30:30 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705613430; cv=pass;
        d=google.com; s=arc-20160816;
        b=IdlXh4uOFpKhsPVd1PrTCLcbG+P7GXNNDaDfE8cScmh1W74uOD8LCIkZy0EjbEzppz
         IBdu+s5pjuh7q6mdG/TPZe4FvizBKowFRI9xpc97xT4KdQfRmefDcoFJcFCtNfTN0506
         9tNlOGzGL79YVGK/KPwWDXNz6hFTIIH4VE8RWvVU+xnXfnhH7qJG/Mc6UcyVMLdRSNoK
         uwIhzT7rq33Ir+/g4tyEFJj0WuLX9o4/vZHdZMr4OZZbs0CX+36ucjvBLNcMTad1UM8i
         2S8UwuvCcIfd/OPqLaTUcQOvOpLbRqzy9tkHfZRUiipdqNj8F0dwjPWph4e2GIwXmBJs
         NjiQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:references:to
         :content-language:subject:user-agent:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:message-id:dkim-signature;
        bh=hGDDDdy4DJSwqpdxi3VKxYASFTzt0obR4RNDFTT72ow=;
        fh=OaeWfznxMA9ploJoaNIYX3YJrBKVsRlCgCyqUxFpE9k=;
        b=pVtAuHFPAl+yc5FTNhNwkt3125KzmuAeRhyqdeJVqU6hi6bhCOIOZcFY9UMBfVSkCb
         TEFZYOgFESMLYTHDH5jElb8mlsbdbaDztXCnBoIhtcTJxR5unE5FMcO27YDzu5AeQZFB
         YfYAV4axmpthEx8k6HlTNSe9nLr5d0AOj6+1inHEHTJZRUHMGqY+IyogFsoYL6nYSMsJ
         r05Wwtxf0yMv7r3wpMg3K3U4tGR/Zx57m9nDWREt5isKbjMTc9w0C7rmGmgOX041jTiE
         Cm9RDyTy9PFmHB89HBUKpFvi9h/IqP2tLEwBhL6hLTtLv1YvjbwEuOPzheWJUSCNYSk2
         FJ4Q==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=wgJncUnU;
       arc=pass (i=1 dkim=pass dkdomain=infradead.org);
       spf=pass (google.com: domain of linux-kernel+bounces-30442-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30442-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-30442-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id qs3-20020a05620a394300b00783322de747si15932878qkn.339.2024.01.18.13.30.30
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 18 Jan 2024 13:30:30 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-30442-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@infradead.org header.s=bombadil.20210309 header.b=wgJncUnU;
       arc=pass (i=1 dkim=pass dkdomain=infradead.org);
       spf=pass (google.com: domain of linux-kernel+bounces-30442-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-30442-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id E12D91C25050
	for <linux.lists.archive@gmail.com>; Thu, 18 Jan 2024 17:52:49 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 2B5302D611;
	Thu, 18 Jan 2024 17:52:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="wgJncUnU"
Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 090392C68C;
	Thu, 18 Jan 2024 17:52:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.133
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1705600359; cv=none; b=TeP3dQn9Gg/LNfgCrGrzbr2hM6WjWIzw7ZUcLQwcfSfDLwk9OiCOlZ1M4YcTcsSGwUPNToOjfB2agXhNWy2vh7a6jtEgKeh7/fLxJZOhycyfwJ79siZD3fj+Tj1CfORTU6amuDIr/j2AUw7Qg3vWkxmbyBZQtYd/lKMlyOS6GjE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1705600359; c=relaxed/simple;
	bh=KKJJ6HPqG21gZ+Co1uAQr5O3IGs7SkQEmxmkOZnVKfM=;
	h=Message-ID:Date:MIME-Version:Subject:To:References:From:
	 In-Reply-To:Content-Type; b=YdvnfZFeivYgw7PqKkP8r1OJSvv1e9rPt4vsW3kMvjz+K/49Up3F0mxVJXOlE5tp4Yvjp6PNz9uJCOEICo6D75j9CBKHKXdTZJM24glfF/ZzHxkPcw5qSpsbV3aiUqZvxvnqfFB/ib029BXQ4R7/Z/bCWrYEKpPd2CsItzK2V6s=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=wgJncUnU; arc=none smtp.client-ip=198.137.202.133
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=bombadil.20210309; h=Content-Transfer-Encoding:
	Content-Type:In-Reply-To:From:References:To:Subject:MIME-Version:Date:
	Message-ID:Sender:Reply-To:Cc:Content-ID:Content-Description;
	bh=hGDDDdy4DJSwqpdxi3VKxYASFTzt0obR4RNDFTT72ow=; b=wgJncUnUfmNMXiR5xRJWIIeNXg
	wBOu88qbaJDezs/zSYlfZcTUWlXhv3nv3I1fvX7tVAlpiBHzZrhSE/CbZNqoVSak1UAIFgZLvKs9k
	d5oHh5hCeaIDuYlmrI5QaNjFvgiXnwViG4baMr+s/FmA98LNXq+C8YZ0KEpmhhU976FVX+oXBjuLW
	yBqqIkLVvDNrdwWfqX1vr+UBI+oypanwcmpmfdz4cqSJDn88M2GjXrAyEFiDj0kciwzzFafjG+2jk
	RDFFFCf6Sx0vfG5Jfu0Bl2m7EfkuxdYWhJQmTKxQs4YdFLn23iKb4DdnM3YTj7hp7lgUEd0/1PTHH
	1/KpAwUg==;
Received: from [50.53.46.231] (helo=[192.168.254.15])
	by bombadil.infradead.org with esmtpsa (Exim 4.96 #2 (Red Hat Linux))
	id 1rQWZ8-003R80-0C;
	Thu, 18 Jan 2024 17:52:34 +0000
Message-ID: <d91d9c20-3b17-40e4-96d0-49daecf6558e@infradead.org>
Date: Thu, 18 Jan 2024 09:52:33 -0800
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v4 2/4] kstrtox: introduce a safer version of memparse()
Content-Language: en-US
To: Qu Wenruo <quwenruo.btrfs@gmx.com>, Qu Wenruo <wqu@suse.com>,
 linux-btrfs@vger.kernel.org, linux-kernel@vger.kernel.org,
 akpm@linux-foundation.org, christophe.jaillet@wanadoo.fr,
 andriy.shevchenko@linux.intel.com, David.Laight@ACULAB.COM, ddiss@suse.de,
 geert@linux-m68k.org
References: <cover.1704422015.git.wqu@suse.com>
 <f972b96cad42e49235d90b863038a080acc0059e.1704422015.git.wqu@suse.com>
 <64def21a-2727-455b-9e35-e2a56d2f1625@infradead.org>
 <848c719c-daa2-403a-b7eb-f172b4236dc1@gmx.com>
From: Randy Dunlap <rdunlap@infradead.org>
In-Reply-To: <848c719c-daa2-403a-b7eb-f172b4236dc1@gmx.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Hi,

On 1/14/24 21:27, Qu Wenruo wrote:
> 
> 
> On 2024/1/15 14:57, Randy Dunlap wrote:
> [...]
>>> @@ -113,6 +113,105 @@ static int _kstrtoull(const char *s, unsigned int base, unsigned long long *res)
>>>       return 0;
>>>   }
>>>
>>> +/**
>>> + * memparse_safe - convert a string to an unsigned long long, safer version of
>>> + * memparse()
>>> + *
>>> + * @s:        The start of the string. Must be null-terminated.
>>
>> Unless I misunderstand, this is the biggest problem that I see with
>> memparse_safe(): "Must be null-terminated".
>> memparse() does not have that requirement.
> 
> This is just an extra safety requirement.
> 
> In reality, memparse_safe() would end at the either the first
> unsupported suffix after the valid numeric string (including '\0'),
> or won't be updated if any error is hit (either no valid string at all,
> or some overflow happened).
> 
> For most if not all call sites, the string passed in is already
> null-terminated.
> 
>>
>> And how is @retptr updated if the string is null-terminated?
> 
> E.g "123456G\0", in this case if suffix "G" is allowed, then @retptr
> would be updated to '\0'.
> 
> Or another example "123456\0", @retptr would still be updated to '\0'.
> 
>>
>> If the "Must be null-terminated." is correct, it requires that every user/caller
>> first determine the end of the number (how? space and/or any special character
>> or any alphabetic character that is not in KMGTPE? Then save that ending char,
>> change it to NUL, call memparse_safe(), then restore the saved char?
> 
> There are already test cases like "86k \0" (note all strings in the test
> case is all null terminated), which would lead to a success parse, with
> @retptr updated to ' ' (if suffix K is specified) or 'k' (if suffix K is
> not specified).
> 
> So the behavior is still the same.
> It may be my expression too confusing.
> 
> Any recommendation for the comments?

Well, "Must be null-terminated." is incorrect, so explain better where
the numeric conversion ends.

Thanks.

> 
> Thanks,
> Qu
> 
>>
>> I'm hoping that the documentation is not correct...
>>
>>> + *        The base is determined automatically, if it starts with "0x"
>>> + *        the base is 16, if it starts with "0" the base is 8, otherwise
>>> + *        the base is 10.
>>> + *        After a valid number string, there can be at most one
>>> + *        case-insensitive suffix character, specified by the @suffixes
>>> + *        parameter.
>>> + *
>>> + * @suffixes:    The suffixes which should be handled. Use logical ORed
>>> + *        memparse_suffix enum to indicate the supported suffixes.
>>> + *        The suffixes are case-insensitive, all 2 ^ 10 based.
>>> + *        Supported ones are "KMGPTE".
>>> + *        If one suffix (one of "KMGPTE") is hit but that suffix is
>>> + *        not specified in the @suffxies parameter, it ends the parse
>>> + *        normally, with @retptr pointed to the (unsupported) suffix.
>>> + *        E.g. "68k" with suffxies "M" returns 68 decimal, @retptr
>>> + *        updated to 'k'.
>>> + *
>>> + * @res:    Where to write the result.
>>> + *
>>> + * @retptr:    (output) Optional pointer to the next char after parse completes.
>>> + *
>>> + * Returns:
>>> + * * %0 if any valid numeric string can be parsed, and @retptr is updated.
>>> + * * %-EINVAL if no valid number string can be found.
>>> + * * %-ERANGE if the number overflows.
>>> + * * For negative return values, @retptr is not updated.
>>> + */
>>> +noinline int memparse_safe(const char *s, enum memparse_suffix suffixes,
>>> +               unsigned long long *res, char **retptr)
>>> +{
>>
>> Thanks.
> 

-- 
#Randy