From: Thorsten Blum <thorsten.blum@linux.dev>
Date: Mon, 15 Sep 2025 22:12:45 +0000 (+0200)
Subject: crypto: fips - replace simple_strtol with kstrtoint to improve fips_enable
X-Git-Tag: v6.19-rc1~185^2~67
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=33eea63ff9c6abf26236dcad41165d3cc499d905;p=thirdparty%2Fkernel%2Flinux.git

crypto: fips - replace simple_strtol with kstrtoint to improve fips_enable

Replace simple_strtol() with the recommended kstrtoint() for parsing the
'fips=' boot parameter. Unlike simple_strtol(), which returns a long,
kstrtoint() converts the string directly to an integer and avoids
implicit casting.

Check the return value of kstrtoint() and reject invalid values. This
adds error handling while preserving existing behavior for valid values,
and removes use of the deprecated simple_strtol() helper.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

diff --git a/crypto/fips.c b/crypto/fips.c
index e88a604cb42b5..65d2bc070a263 100644
--- a/crypto/fips.c
+++ b/crypto/fips.c
@@ -24,7 +24,10 @@ EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
 /* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
 static int fips_enable(char *str)
 {
-	fips_enabled = !!simple_strtol(str, NULL, 0);
+	if (kstrtoint(str, 0, &fips_enabled))
+		return 0;
+
+	fips_enabled = !!fips_enabled;
 	pr_info("fips mode: %s\n", str_enabled_disabled(fips_enabled));
 	return 1;
 }