From: Dan Carpenter <dan.carpenter@oracle.com>
To: Colin King <colin.king@canonical.com>
Cc: "Bjorn Helgaas" <bhelgaas@google.com>,
"Christian König" <christian.koenig@amd.com>,
"Stephen Bates" <sbates@raithlin.com>,
"Logan Gunthorpe" <logang@deltatee.com>,
"Alex Williamson" <alex.williamson@redhat.com>,
linux-pci@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] PCI: fix a potential uninitentional integer overflow issue
Date: Wed, 7 Oct 2020 15:33:45 +0300 [thread overview]
Message-ID: <20201007123045.GS4282@kadam> (raw)
In-Reply-To: <20201007114615.19966-1-colin.king@canonical.com>
On Wed, Oct 07, 2020 at 12:46:15PM +0100, Colin King wrote:
> From: Colin Ian King <colin.king@canonical.com>
>
> The shift of 1 by align_order is evaluated using 32 bit arithmetic
> and the result is assigned to a resource_size_t type variable that
> is a 64 bit unsigned integer on 64 bit platforms. Fix an overflow
> before widening issue by using the BIT_ULL macro to perform the
> shift.
>
> Addresses-Coverity: ("Uninitentional integer overflow")
> Fixes: 07d8d7e57c28 ("PCI: Make specifying PCI devices in kernel parameters reusable")
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> ---
> drivers/pci/pci.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> index 6d4d5a2f923d..1a5844d7af35 100644
> --- a/drivers/pci/pci.c
> +++ b/drivers/pci/pci.c
> @@ -6209,7 +6209,7 @@ static resource_size_t pci_specified_resource_alignment(struct pci_dev *dev,
> if (align_order == -1)
> align = PAGE_SIZE;
> else
> - align = 1 << align_order;
> + align = BIT_ULL(align_order);
"align_order" comes from sscanf() so Smatch thinks it's not trusted.
Anything above 63 is undefined behavior. There should be a bounds check
on this but I don't know what the valid values of "align" are.
regards,
dan carpenter
next prev parent reply other threads:[~2020-10-07 12:34 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-07 11:46 [PATCH] PCI: fix a potential uninitentional integer overflow issue Colin King
2020-10-07 12:33 ` Dan Carpenter [this message]
2020-11-05 22:24 ` Bjorn Helgaas
2020-11-06 8:04 ` Dan Carpenter
2020-11-10 20:54 ` Bjorn Helgaas
2020-11-10 22:00 ` Colin Ian King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201007123045.GS4282@kadam \
--to=dan.carpenter@oracle.com \
--cc=alex.williamson@redhat.com \
--cc=bhelgaas@google.com \
--cc=christian.koenig@amd.com \
--cc=colin.king@canonical.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=logang@deltatee.com \
--cc=sbates@raithlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).