| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210526150947.3751728-1-colin.king@canonical.com>
Date: Wed, 26 May 2021 16:09:47 +0100
From: Colin King <colin.king@...onical.com>
To: Jérôme Glisse <jglisse@...hat.com>,
Alistair Popple <apopple@...dia.com>,
Ralph Campbell <rcampbell@...dia.com>,
Stephen Rothwell <sfr@...b.auug.org.au>,
Andrew Morton <akpm@...ux-foundation.org>,
Jason Gunthorpe <jgg@...pe.ca>, linux-mm@...ck.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH][next] mm: selftests: fix potential integer overflow on shift of a int
From: Colin Ian King <colin.king@...onical.com>
The left shift of the int mapped is evaluated using 32 bit arithmetic
and then assigned to an unsigned long. In the case where mapped is
0x80000 when PAGE_SHIFT is 12 will lead to the upper bits being
sign extended in the unsigned long. Larger values can lead to an
int overflow. Avoid this by casting mapped to unsigned long before
shifting.
Addresses-Coverity: ("Uninitentional integer overflow")
Fixes: 8b2a105c3794 ("mm: selftests for exclusive device memory")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
lib/test_hmm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/test_hmm.c b/lib/test_hmm.c
index 74d69f87691e..b54657701b3a 100644
--- a/lib/test_hmm.c
+++ b/lib/test_hmm.c
@@ -749,7 +749,7 @@ static int dmirror_exclusive(struct dmirror *dmirror,
}
}
- if (addr + (mapped << PAGE_SHIFT) < next) {
+ if (addr + ((unsigned int)mapped << PAGE_SHIFT) < next) {
mmap_read_unlock(mm);
mmput(mm);
return -EBUSY;
--
2.31.1
Powered by blists - more mailing lists