lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 30 Jun 2020 15:55:58 +0100
From:   Colin King <colin.king@...onical.com>
To:     Andreas Noever <andreas.noever@...il.com>,
        Michael Jamet <michael.jamet@...el.com>,
        Mika Westerberg <mika.westerberg@...ux.intel.com>,
        Yehezkel Bernat <YehezkelShB@...il.com>,
        linux-usb@...r.kernel.org
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH][next] thunderbolt: ensure left shift of 512 does not overflow a 32 bit int

From: Colin Ian King <colin.king@...onical.com>

The 32 bit int value 512 is being left shifted and then used in a context
that expects the expression to be a larger unsigned long. There may be
a potential integer overflow, so make 512 a UL before shift to avoid
any such issues.

Addresses-Coverity: ("Uninintentional integer overflow")
Fixes: 3b1d8d577ca8 ("thunderbolt: Implement USB3 bandwidth negotiation routines")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
 drivers/thunderbolt/usb4.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c
index d1a554fd09ae..ed609075cf66 100644
--- a/drivers/thunderbolt/usb4.c
+++ b/drivers/thunderbolt/usb4.c
@@ -909,7 +909,7 @@ static unsigned int usb3_bw_to_mbps(u32 bw, u8 scale)
 {
 	unsigned long uframes;
 
-	uframes = bw * 512 << scale;
+	uframes = bw * 512UL << scale;
 	return DIV_ROUND_CLOSEST(uframes * 8000, 1000 * 1000);
 }
 
@@ -919,7 +919,7 @@ static u32 mbps_to_usb3_bw(unsigned int mbps, u8 scale)
 
 	/* 1 uframe is 1/8 ms (125 us) -> 1 / 8000 s */
 	uframes = ((unsigned long)mbps * 1000 *  1000) / 8000;
-	return DIV_ROUND_UP(uframes, 512 << scale);
+	return DIV_ROUND_UP(uframes, 512UL << scale);
 }
 
 static int usb4_usb3_port_read_allocated_bandwidth(struct tb_port *port,
-- 
2.27.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ