From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Zheng Yejian <zhengyejian1@huawei.com>,
Hanjun Guo <guohanjun@huawei.com>,
Randy Dunlap <rdunlap@infradead.org>,
Vlastimil Babka <vbabka@suse.cz>,
Zhang Jinhao <zhangjinhao2@huawei.com>,
Andrew Morton <akpm@linux-foundation.org>,
Sasha Levin <sashal@kernel.org>,
tangmeng@uniontech.com, willy@infradead.org
Subject: [PATCH AUTOSEL 6.1 17/22] acct: fix potential integer overflow in encode_comp_t()
Date: Sat, 17 Dec 2022 10:27:18 -0500 [thread overview]
Message-ID: <20221217152727.98061-17-sashal@kernel.org> (raw)
In-Reply-To: <20221217152727.98061-1-sashal@kernel.org>
From: Zheng Yejian <zhengyejian1@huawei.com>
[ Upstream commit c5f31c655bcc01b6da53b836ac951c1556245305 ]
The integer overflow is descripted with following codes:
> 317 static comp_t encode_comp_t(u64 value)
> 318 {
> 319 int exp, rnd;
......
> 341 exp <<= MANTSIZE;
> 342 exp += value;
> 343 return exp;
> 344 }
Currently comp_t is defined as type of '__u16', but the variable 'exp' is
type of 'int', so overflow would happen when variable 'exp' in line 343 is
greater than 65535.
Link: https://lkml.kernel.org/r/20210515140631.369106-3-zhengyejian1@huawei.com
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Cc: Hanjun Guo <guohanjun@huawei.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Zhang Jinhao <zhangjinhao2@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/acct.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/kernel/acct.c b/kernel/acct.c
index 62200d799b9b..034a26daabb2 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -350,6 +350,8 @@ static comp_t encode_comp_t(unsigned long value)
exp++;
}
+ if (exp > (((comp_t) ~0U) >> MANTSIZE))
+ return (comp_t) ~0U;
/*
* Clean it up and polish it off.
*/
--
2.35.1
next prev parent reply other threads:[~2022-12-17 15:30 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-17 15:27 [PATCH AUTOSEL 6.1 01/22] fs: jfs: fix shift-out-of-bounds in dbAllocAG Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 02/22] udf: Avoid double brelse() in udf_rename() Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 03/22] jfs: Fix fortify moan in symlink Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 04/22] fs: jfs: fix shift-out-of-bounds in dbDiscardAG Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 05/22] ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 06/22] ACPI: EC: Add quirk for the HP Pavilion Gaming 15-cx0041ur Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 07/22] ACPICA: Fix error code path in acpi_ds_call_control_method() Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 08/22] thermal/core: Ensure that thermal device is registered in thermal_zone_get_temp Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 09/22] ACPI: video: Change GIGABYTE GB-BXBT-2807 quirk to force_none Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 10/22] ACPI: video: Change Sony Vaio VPCEH3U1E quirk to force_native Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 11/22] ACPI: video: Add force_vendor quirk for Sony Vaio PCG-FRV35 Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 12/22] ACPI: video: Add force_native quirk for Sony Vaio VPCY11S1E Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 13/22] proc/vmcore: fix potential memory leak in vmcore_init() Sasha Levin
2022-12-17 15:27 ` Sasha Levin
2022-12-18 0:32 ` Andrew Morton
2022-12-18 0:32 ` Andrew Morton
2022-12-18 11:28 ` Sasha Levin
2022-12-18 11:28 ` Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 14/22] nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() Sasha Levin
2022-12-17 15:27 ` Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 15/22] nilfs2: fix shift-out-of-bounds due to too large exponent of block size Sasha Levin
2022-12-17 15:27 ` Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 16/22] ACPI / PCI: fix LPIC IRQ model default PCI IRQ polarity Sasha Levin
2022-12-17 15:27 ` Sasha Levin [this message]
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 18/22] x86/apic: Handle no CONFIG_X86_X2APIC on systems with x2APIC enabled by BIOS Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 19/22] ACPI: x86: Add skip i2c clients quirk for Lenovo Yoga Tab 3 Pro (YT3-X90F) Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 20/22] btrfs: do not panic if we can't allocate a prealloc extent state Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 21/22] ACPI: x86: Add skip i2c clients quirk for Medion Lifetab S10346 Sasha Levin
2022-12-17 15:27 ` [PATCH AUTOSEL 6.1 22/22] hfs: fix OOB Read in __hfs_brec_find Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221217152727.98061-17-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=guohanjun@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tangmeng@uniontech.com \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
--cc=zhangjinhao2@huawei.com \
--cc=zhengyejian1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.