Re: [PATCH] firmware_loader: prevent integer overflow in firmware_loading_timeout()

From: Sergey Shtylyov
Date: Fri Jul 25 2025 - 16:06:07 EST

Next message: Bjorn Helgaas: "Re: [PATCH] PCI: fix out-of-bounds stack access"
Previous message: Barnabás Czémán: "[PATCH v2] rpmsg: qcom_smd: Fix fallback to qcom,ipc parse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/5/25 4:39 AM, Luis Chamberlain wrote:

[...]
>> In firmware_loading_timeout(), *int* result of __firmware_loading_timeout()
>> multiplied by HZ might overflow before being implicitly cast to *long* when
>> being returned. Rewrite the function using check_mul_overflow() and capping
>> the result at LONG_MAX on actual overflow...
>>
>> Found by Linux Verification Center (linuxtesting.org) with the Svace static
>> analysis tool.
>>
>> Signed-off-by: Sergey Shtylyov <s.shtylyov@xxxxxx>
>> Cc: stable@xxxxxxxxxxxxxxx
>
> Reviewed-by: Luis Chamberlain <mcgrof@xxxxxxxxxx>

And? :-)
I assume this patch has to go thru the driver-core.git repo managed by Greg KH,
and Greg seems to ignore at least my USB patches... :-/ so I guess this patch has
no chance of hitting Linus' tree as well?

> Luis

MBR, Sergey

Next message: Bjorn Helgaas: "Re: [PATCH] PCI: fix out-of-bounds stack access"
Previous message: Barnabás Czémán: "[PATCH v2] rpmsg: qcom_smd: Fix fallback to qcom,ipc parse"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]