| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Mar 2021 17:49:20 +0800
From: Yang Li <yang.lee@...ux.alibaba.com>
To: tony.luck@...el.com
Cc: bp@...en8.de, tglx@...utronix.de, mingo@...hat.com, x86@...nel.org,
hpa@...or.com, linux-edac@...r.kernel.org,
linux-kernel@...r.kernel.org, Yang Li <yang.lee@...ux.alibaba.com>
Subject: [PATCH] x86/mce/dev-mcelog: Fix potential memory access error
Using set_bit() to set a bit in an integer is not a good idea, since
the function expects an unsigned long as argument, which can be 64bit
wide.
Coverity reports this problem as
High:Out-of-bounds access(INCOMPATIBLE_CAST)
CWE119: Out-of-bounds access to a scalar
Pointer "&mcelog->flags" points to an object whose effective type is
"unsigned int" (32 bits, unsigned) but is dereferenced as a wider
"unsigned long" (64 bits, unsigned). This may lead to memory corruption.
/home/heyuan.shy/git-repo/linux/arch/x86/kernel/cpu/mce/dev-mcelog.c:
dev_mce_log
Just use BIT instead.
Reported-by: Abaci Robot <abaci@...ux.alibaba.com>
Signed-off-by: Yang Li <yang.lee@...ux.alibaba.com>
---
arch/x86/kernel/cpu/mce/dev-mcelog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/mce/dev-mcelog.c b/arch/x86/kernel/cpu/mce/dev-mcelog.c
index 100fbee..fd7b1b4 100644
--- a/arch/x86/kernel/cpu/mce/dev-mcelog.c
+++ b/arch/x86/kernel/cpu/mce/dev-mcelog.c
@@ -51,7 +51,7 @@ static int dev_mce_log(struct notifier_block *nb, unsigned long val,
* earlier errors are the more interesting ones:
*/
if (entry >= mcelog->len) {
- set_bit(MCE_OVERFLOW, (unsigned long *)&mcelog->flags);
+ mcelog->flags |= BIT(MCE_OVERFLOW);
goto unlock;
}
--
1.8.3.1
Powered by blists - more mailing lists