| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5037fd77-ab7c-406c-b53f-d882a3585a44@omp.ru> Date: Fri, 25 Jul 2025 22:50:14 +0300 From: Sergey Shtylyov <s.shtylyov@....ru> To: Luis Chamberlain <mcgrof@...nel.org> CC: Russ Weight <russ.weight@...ux.dev>, Danilo Krummrich <dakr@...nel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] firmware_loader: prevent integer overflow in firmware_loading_timeout() On 7/5/25 4:39 AM, Luis Chamberlain wrote: [...] >> In firmware_loading_timeout(), *int* result of __firmware_loading_timeout() >> multiplied by HZ might overflow before being implicitly cast to *long* when >> being returned. Rewrite the function using check_mul_overflow() and capping >> the result at LONG_MAX on actual overflow... >> >> Found by Linux Verification Center (linuxtesting.org) with the Svace static >> analysis tool. >> >> Signed-off-by: Sergey Shtylyov <s.shtylyov@....ru> >> Cc: stable@...r.kernel.org > > Reviewed-by: Luis Chamberlain <mcgrof@...nel.org> And? :-) I assume this patch has to go thru the driver-core.git repo managed by Greg KH, and Greg seems to ignore at least my USB patches... :-/ so I guess this patch has no chance of hitting Linus' tree as well? > Luis MBR, Sergey
Powered by blists - more mailing lists