| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Jul 2021 09:28:45 -0400
From: "Liang, Kan" <kan.liang@...ux.intel.com>
To: Colin King <colin.king@...onical.com>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...hat.com>,
Namhyung Kim <namhyung@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Borislav Petkov <bp@...en8.de>, x86@...nel.org,
"H . Peter Anvin" <hpa@...or.com>, linux-perf-users@...r.kernel.org
Cc: kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] perf/x86/intel/uncore: Fix integer overflow on 23
bit left shift of a u32
On 7/6/2021 7:45 AM, Colin King wrote:
> From: Colin Ian King <colin.king@...onical.com>
>
> The u32 variable pci_dword is being masked with 0x1fffffff and then left
> shifted 23 places. The shift is a u32 operation,so a value of 0x200 or
> more in pci_dword will overflow the u32 and only the bottow 32 bits
> are assigned to addr. I don't believe this was the original intent.
> Fix this by casting pci_dword to a resource_size_t to ensure no
> overflow occurs.
>
> Note that the mask and 12 bit left shift operation does not need this
> because the mask SNR_IMC_MMIO_MEM0_MASK and shift is always a 32 bit
> value.
>
> Fixes: ee49532b38dd ("perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge")
> Addresses-Coverity: ("Unintentional integer overflow")
Thanks for the fix.
Reviewed-by: Kan Liang <kan.liang@...ux.intel.com>
Thanks,
Kan
> Signed-off-by: Colin Ian King <colin.king@...onical.com>
> ---
> arch/x86/events/intel/uncore_snbep.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/events/intel/uncore_snbep.c b/arch/x86/events/intel/uncore_snbep.c
> index 48419dad3b17..7518143850df 100644
> --- a/arch/x86/events/intel/uncore_snbep.c
> +++ b/arch/x86/events/intel/uncore_snbep.c
> @@ -4827,7 +4827,7 @@ static int snr_uncore_mmio_map(struct intel_uncore_box *box,
> return -ENODEV;
>
> pci_read_config_dword(pdev, SNR_IMC_MMIO_BASE_OFFSET, &pci_dword);
> - addr = (pci_dword & SNR_IMC_MMIO_BASE_MASK) << 23;
> + addr = ((resource_size_t)pci_dword & SNR_IMC_MMIO_BASE_MASK) << 23;
>
> pci_read_config_dword(pdev, mem_offset, &pci_dword);
> addr |= (pci_dword & SNR_IMC_MMIO_MEM0_MASK) << 12;
>
Powered by blists - more mailing lists