lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <efbd346a9bb672782ac67453e622f01b5212d38d.1438780176.git.Allen.Hubbe@emc.com>
Date:	Wed,  5 Aug 2015 09:23:04 -0400
From:	Allen Hubbe <Allen.Hubbe@....com>
To:	Dan Williams <dan.j.williams@...el.com>,
	Dave Jiang <dave.jiang@...el.com>
Cc:	dmaengine@...r.kernel.com, linux-kernel@...r.kernel.org,
	Allen Hubbe <Allen.Hubbe@....com>
Subject: [PATCH] ioatdma: fix overflow of u16 in ring_reshape

If the allocation order is 16, then the u16 index will overflow and wrap
to zero instead of being equal or greater than 1 << 16.  The loop
condition will always be true, and the loop will run until all the
memory resources are depleted.

Change the type of index 'i' to u32, so that it is large enough to store
a value equal or greater than 1 << 16.

Signed-off-by: Allen Hubbe <Allen.Hubbe@....com>
---
 drivers/dma/ioat/dma_v2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/dma/ioat/dma_v2.c b/drivers/dma/ioat/dma_v2.c
index 69c7dfcad023..13fbd9d5b5b9 100644
--- a/drivers/dma/ioat/dma_v2.c
+++ b/drivers/dma/ioat/dma_v2.c
@@ -588,7 +588,7 @@ bool reshape_ring(struct ioat2_dma_chan *ioat, int order)
 	const u16 active = ioat2_ring_active(ioat);
 	const u32 new_size = 1 << order;
 	struct ioat_ring_ent **ring;
-	u16 i;
+	u32 i;
 
 	if (order > ioat_get_max_alloc_order())
 		return false;
-- 
2.5.0.rc1

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ