Re: [PATCH][next] mm: selftests: fix potential integer overflow on shift of a int

From: Jason Gunthorpe
Date: Wed May 26 2021 - 12:49:43 EST

Next message: Jonathan Cameron: "Re: [PATCH 0/2] doc: add a couple fixups for IIO ABI files"
Previous message: kernel test robot: "Re: [PATCH v8 4/4] arm64: dts: mt8192: add spmi node"
In reply to: Colin King: "[PATCH][next] mm: selftests: fix potential integer overflow on shift of a int"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 26, 2021 at 04:09:47PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
>
> The left shift of the int mapped is evaluated using 32 bit arithmetic
> and then assigned to an unsigned long. In the case where mapped is
> 0x80000 when PAGE_SHIFT is 12 will lead to the upper bits being
> sign extended in the unsigned long. Larger values can lead to an
> int overflow. Avoid this by casting mapped to unsigned long before
> shifting.
>
> Addresses-Coverity: ("Uninitentional integer overflow")
> Fixes: 8b2a105c3794 ("mm: selftests for exclusive device memory")
> Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
> lib/test_hmm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/test_hmm.c b/lib/test_hmm.c
> index 74d69f87691e..b54657701b3a 100644
> +++ b/lib/test_hmm.c
> @@ -749,7 +749,7 @@ static int dmirror_exclusive(struct dmirror *dmirror,
> }
> }
>
> - if (addr + (mapped << PAGE_SHIFT) < next) {
> + if (addr + ((unsigned int)mapped << PAGE_SHIFT) < next) {

Just fix the type for mapped. It started out as an unsigned long in
dmirror_atomic_map() and wrongly became an int here

Jason

Next message: Jonathan Cameron: "Re: [PATCH 0/2] doc: add a couple fixups for IIO ABI files"
Previous message: kernel test robot: "Re: [PATCH v8 4/4] arm64: dts: mt8192: add spmi node"
In reply to: Colin King: "[PATCH][next] mm: selftests: fix potential integer overflow on shift of a int"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]