lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed,  3 Jul 2024 03:35:12 +0900
From: Ryusuke Konishi <konishi.ryusuke@...il.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-nilfs@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro

According to the C standard 3.4.3p3, the result of signed integer
overflow is undefined.  The macro nilfs_cnt32_ge(), which compares two
sequence numbers, uses signed integer subtraction that can overflow,
and therefore the result of the calculation may differ from what is
expected due to undefined behavior in different environments.

Similar to an earlier change to the jiffies-related comparison macros
in commit 5a581b367b5d ("jiffies: Avoid undefined behavior from signed
overflow"), avoid this potential issue by changing the definition of
the macro to perform the subtraction as unsigned integers, then cast
the result to a signed integer for comparison.

Link: https://lkml.kernel.org/r/20130727225828.GA11864@linux.vnet.ibm.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@...il.com>
Fixes: 9ff05123e3bf ("nilfs2: segment constructor")
---
Andrew, please add this to the queue for the next cycle.

This fixes a potential issue with undefined behavior on signed integer
overflow.

Thanks,
Ryusuke Konishi

 fs/nilfs2/segment.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c
index 36e0bb38e1aa..0ca3110d6386 100644
--- a/fs/nilfs2/segment.c
+++ b/fs/nilfs2/segment.c
@@ -136,7 +136,7 @@ static void nilfs_dispose_list(struct the_nilfs *, struct list_head *, int);
 
 #define nilfs_cnt32_ge(a, b)   \
 	(typecheck(__u32, a) && typecheck(__u32, b) && \
-	 ((__s32)(a) - (__s32)(b) >= 0))
+	 ((__s32)((a) - (b)) >= 0))
 
 static int nilfs_prepare_segment_lock(struct super_block *sb,
 				      struct nilfs_transaction_info *ti)
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ