| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Dec 2020 14:19:38 -0800
From: Randy Dunlap <rdunlap@...radead.org>
To: Matthew Wilcox <willy@...radead.org>
Cc: linux-kernel@...r.kernel.org, Jens Axboe <axboe@...nel.dk>,
Andrew Morton <akpm@...ux-foundation.org>,
Toralf Förster <toralf.foerster@....de>,
linux-mm@...ck.org
Subject: Re: [RFC PATCH 1/2] log2: handle LARGE input to
__roundup_pow_of_two()
On 12/20/20 1:23 PM, Matthew Wilcox wrote:
> On Sun, Dec 20, 2020 at 01:10:37PM -0800, Randy Dunlap wrote:
>> UBSAN detected a 64-bit shift in log2.h:__roundup_pow_of_two():
>> UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
>> shift exponent 64 is too large for 64-bit type 'long unsigned int'
>>
>> This is during a call from mm/readahead.c:ondemand_readahead(),
>> get_init_ra_size(), where the 'size' parameter must have been
>> extremely large (or "negative").
>
> Actually, I think it was zero, which is the real bug that should be fixed.
>
Hm, OK, that would make more sense than some Huge value (other than -1).
Do you mean something like this?
---
---
mm/readahead.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- linux-5.10.1.orig/mm/readahead.c
+++ linux-5.10.1/mm/readahead.c
@@ -310,7 +310,11 @@ void force_page_cache_ra(struct readahea
*/
static unsigned long get_init_ra_size(unsigned long size, unsigned long max)
{
- unsigned long newsize = roundup_pow_of_two(size);
+ unsigned long newsize;
+
+ if (!size)
+ size = 32;
+ newsize = roundup_pow_of_two(size);
if (newsize <= max / 32)
newsize = newsize * 4;
Thanks.
Powered by blists - more mailing lists