| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240410091358.16289-2-darinzon@amazon.com>
Date: Wed, 10 Apr 2024 09:13:55 +0000
From: <darinzon@...zon.com>
To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>,
<netdev@...r.kernel.org>
CC: David Arinzon <darinzon@...zon.com>, "Woodhouse, David" <dwmw@...zon.com>,
"Machulsky, Zorik" <zorik@...zon.com>, "Matushevsky, Alexander"
<matua@...zon.com>, Saeed Bshara <saeedb@...zon.com>, "Wilson, Matt"
<msw@...zon.com>, "Liguori, Anthony" <aliguori@...zon.com>, "Bshara, Nafea"
<nafea@...zon.com>, "Belgazal, Netanel" <netanel@...zon.com>, "Saidi, Ali"
<alisaidi@...zon.com>, "Herrenschmidt, Benjamin" <benh@...zon.com>,
"Kiyanovski, Arthur" <akiyano@...zon.com>, "Dagan, Noam" <ndagan@...zon.com>,
"Agroskin, Shay" <shayagr@...zon.com>, "Itzko, Shahar" <itzko@...zon.com>,
"Abboud, Osama" <osamaabb@...zon.com>, "Ostrovsky, Evgeny"
<evostrov@...zon.com>, "Tabachnik, Ofir" <ofirt@...zon.com>, Netanel Belgazal
<netanel@...apurnalabs.com>, Sameeh Jubran <sameehj@...zon.com>
Subject: [PATCH v1 net 1/4] net: ena: Fix potential sign extension issue
From: David Arinzon <darinzon@...zon.com>
Small unsigned types are promoted to larger signed types in
the case of multiplication, the result of which may overflow.
In case the result of such a multiplication has its MSB
turned on, it will be sign extended with '1's.
This changes the multiplication result.
Code example of the phenomenon:
-------------------------------
u16 x, y;
size_t z1, z2;
x = y = 0xffff;
printk("x=%x y=%x\n",x,y);
z1 = x*y;
z2 = (size_t)x*y;
printk("z1=%lx z2=%lx\n", z1, z2);
Output:
-------
x=ffff y=ffff
z1=fffffffffffe0001 z2=fffe0001
The expected result of ffff*ffff is fffe0001, and without the
explicit casting to avoid the unwanted sign extension we got
fffffffffffe0001.
This commit adds an explicit casting to avoid the sign extension
issue.
Fixes: 689b2bdaaa14 ("net: ena: add functions for handling Low Latency Queues in ena_com")
Signed-off-by: Arthur Kiyanovski <akiyano@...zon.com>
Signed-off-by: David Arinzon <darinzon@...zon.com>
---
drivers/net/ethernet/amazon/ena/ena_com.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/amazon/ena/ena_com.c b/drivers/net/ethernet/amazon/ena/ena_com.c
index 9e9e4a03..2d8a66ea 100644
--- a/drivers/net/ethernet/amazon/ena/ena_com.c
+++ b/drivers/net/ethernet/amazon/ena/ena_com.c
@@ -351,7 +351,7 @@ static int ena_com_init_io_sq(struct ena_com_dev *ena_dev,
ENA_COM_BOUNCE_BUFFER_CNTRL_CNT;
io_sq->bounce_buf_ctrl.next_to_use = 0;
- size = io_sq->bounce_buf_ctrl.buffer_size *
+ size = (size_t)io_sq->bounce_buf_ctrl.buffer_size *
io_sq->bounce_buf_ctrl.buffers_num;
dev_node = dev_to_node(ena_dev->dmadev);
--
2.40.1
Powered by blists - more mailing lists