| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Nov 2020 16:55:41 -0700
From: Logan Gunthorpe <logang@...tatee.com>
To: Colin King <colin.king@...onical.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Stephen Bates <sbates@...thlin.com>,
Alex Williamson <alex.williamson@...hat.com>,
Christian König <christian.koenig@....com>,
linux-pci@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][V2] PCI: Fix a potential uninitentional integer overflow
issue
On 2020-11-10 3:10 p.m., Colin King wrote:
> From: Colin Ian King <colin.king@...onical.com>
>
> The shift of 1 by align_order is evaluated using 32 bit arithmetic
> and the result is assigned to a resource_size_t type variable that
> is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> before widening issue by making the 1 a ULL.
>
> Addresses-Coverity: ("Unintentional integer overflow")
> Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
I think this should probably be
Fixes: 32a9a682bef2 ("PCI: allow assignment of memory resources with a
specified alignment")
That is the commit where the original bug was introduced. 644a544fd9bcd
then extends the code a little bit and 07d8d7e57c28 only refactors it
into a reusable function. If we want this in older stable kernels then
we will probably need to make different patches for the other two vintages.
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
Besides that, the change makes sense to me.
Reviewed-by: Logan Gunthorpe <logang@...tatee.com>
Thanks,
Logan
Powered by blists - more mailing lists