From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Colin Ian King <colin.king@canonical.com>, Thomas Gleixner <tglx@linutronix.de>, Borislav Petkov <bp@alien8.de>, "H . Peter Anvin" <hpa@zytor.com>, kernel-janitors@vger.kernel.org, Sasha Levin <sashal@kernel.org> Subject: [PATCH AUTOSEL 4.19 08/26] x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz Date: Tue, 2 Jul 2019 22:16:07 -0400 [thread overview] Message-ID: <20190703021625.18116-8-sashal@kernel.org> (raw) In-Reply-To: <20190703021625.18116-1-sashal@kernel.org> From: Colin Ian King <colin.king@canonical.com> [ Upstream commit ea136a112d89bade596314a1ae49f748902f4727 ] The left shift of unsigned int cpu_khz will overflow for large values of cpu_khz, so cast it to a long long before shifting it to avoid overvlow. For example, this can happen when cpu_khz is 4194305, i.e. ~4.2 GHz. Addresses-Coverity: ("Unintentional integer overflow") Fixes: 8c3ba8d04924 ("x86, apic: ack all pending irqs when crashed/on kexec") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Borislav Petkov <bp@alien8.de> Cc: "H . Peter Anvin" <hpa@zytor.com> Cc: kernel-janitors@vger.kernel.org Link: https://lkml.kernel.org/r/20190619181446.13635-1-colin.king@canonical.com Signed-off-by: Sasha Levin <sashal@kernel.org> --- arch/x86/kernel/apic/apic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 84132eddb5a8..2646234380cc 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1452,7 +1452,8 @@ static void apic_pending_intr_clear(void) if (queued) { if (boot_cpu_has(X86_FEATURE_TSC) && cpu_khz) { ntsc = rdtsc(); - max_loops = (cpu_khz << 10) - (ntsc - tsc); + max_loops = (long long)cpu_khz << 10; + max_loops -= ntsc - tsc; } else { max_loops--; } -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org> To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Colin Ian King <colin.king@canonical.com>, Thomas Gleixner <tglx@linutronix.de>, Borislav Petkov <bp@alien8.de>, "H . Peter Anvin" <hpa@zytor.com>, kernel-janitors@vger.kernel.org, Sasha Levin <sashal@kernel.org> Subject: [PATCH AUTOSEL 4.19 08/26] x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz Date: Wed, 03 Jul 2019 02:16:07 +0000 [thread overview] Message-ID: <20190703021625.18116-8-sashal@kernel.org> (raw) In-Reply-To: <20190703021625.18116-1-sashal@kernel.org> From: Colin Ian King <colin.king@canonical.com> [ Upstream commit ea136a112d89bade596314a1ae49f748902f4727 ] The left shift of unsigned int cpu_khz will overflow for large values of cpu_khz, so cast it to a long long before shifting it to avoid overvlow. For example, this can happen when cpu_khz is 4194305, i.e. ~4.2 GHz. Addresses-Coverity: ("Unintentional integer overflow") Fixes: 8c3ba8d04924 ("x86, apic: ack all pending irqs when crashed/on kexec") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Borislav Petkov <bp@alien8.de> Cc: "H . Peter Anvin" <hpa@zytor.com> Cc: kernel-janitors@vger.kernel.org Link: https://lkml.kernel.org/r/20190619181446.13635-1-colin.king@canonical.com Signed-off-by: Sasha Levin <sashal@kernel.org> --- arch/x86/kernel/apic/apic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 84132eddb5a8..2646234380cc 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -1452,7 +1452,8 @@ static void apic_pending_intr_clear(void) if (queued) { if (boot_cpu_has(X86_FEATURE_TSC) && cpu_khz) { ntsc = rdtsc(); - max_loops = (cpu_khz << 10) - (ntsc - tsc); + max_loops = (long long)cpu_khz << 10; + max_loops -= ntsc - tsc; } else { max_loops--; } -- 2.20.1
next prev parent reply other threads:[~2019-07-03 2:18 UTC|newest] Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-07-03 2:16 [PATCH AUTOSEL 4.19 01/26] irqchip/gic-v3-its: Fix command queue pointer comparison bug Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 02/26] clk: ti: clkctrl: Fix returning uninitialized data Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 03/26] efi/bgrt: Drop BGRT status field reserved bits check Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 04/26] perf/core: Fix perf_sample_regs_user() mm check Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 05/26] ARM: dts: gemini Fix up DNS-313 compatible string Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 06/26] ARM: omap2: remove incorrect __init annotation Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 07/26] afs: Fix uninitialised spinlock afs_volume::cb_break_lock Sasha Levin 2019-07-03 2:16 ` Sasha Levin [this message] 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 08/26] x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 09/26] be2net: fix link failure after ethtool offline test Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 10/26] ppp: mppe: Add softdep to arc4 Sasha Levin 2019-07-03 2:16 ` Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 11/26] net: stmmac: fixed new system time seconds value calculation Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 12/26] net: stmmac: set IC bit when transmitting frames with HW timestamp Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 13/26] sis900: fix TX completion Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 14/26] ARM: dts: imx6ul: fix PWM[1-4] interrupts Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 15/26] qmi_wwan: Fix out-of-bounds read Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 16/26] pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 17/26] dm table: don't copy from a NULL pointer in realloc_argv() Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 18/26] dm verity: use message limit for data block corruption message Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 19/26] x86/boot/64: Fix crash if kernel image crosses page table boundary Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 20/26] x86/boot/64: Add missing fixup_pointer() for next_early_pgt access Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 21/26] HID: chicony: add another quirk for PixArt mouse Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 22/26] HID: multitouch: Add pointstick support for ALPS Touchpad Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 23/26] pinctrl: mediatek: Ignore interrupts that are wake only during resume Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 24/26] cpu/hotplug: Fix out-of-bounds read when setting fail state Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 25/26] pinctrl: mediatek: Update cur_mask in mask/mask ops Sasha Levin 2019-07-03 2:16 ` [PATCH AUTOSEL 4.19 26/26] linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL Sasha Levin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190703021625.18116-8-sashal@kernel.org \ --to=sashal@kernel.org \ --cc=bp@alien8.de \ --cc=colin.king@canonical.com \ --cc=hpa@zytor.com \ --cc=kernel-janitors@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=stable@vger.kernel.org \ --cc=tglx@linutronix.de \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.