+ acct-fix-potential-integer-overflow-in-encode_comp_t.patch added to mm-nonmm-unstable branch

All of lore.kernel.org
 help / color / mirror / Atom feed

* + acct-fix-potential-integer-overflow-in-encode_comp_t.patch added to mm-nonmm-unstable branch
@ 2022-11-15 19:50 Andrew Morton
  0 siblings, 0 replies; only message in thread
From: Andrew Morton @ 2022-11-15 19:50 UTC (permalink / raw)
  To: mm-commits, zhangjinhao2, vbabka, rdunlap, guohanjun,
	zhengyejian1, akpm


The patch titled
     Subject: acct: fix potential integer overflow in encode_comp_t()
has been added to the -mm mm-nonmm-unstable branch.  Its filename is
     acct-fix-potential-integer-overflow-in-encode_comp_t.patch

This patch will shortly appear at
     https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/acct-fix-potential-integer-overflow-in-encode_comp_t.patch

This patch will later appear in the mm-nonmm-unstable branch at
    git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days

------------------------------------------------------
From: Zheng Yejian <zhengyejian1@huawei.com>
Subject: acct: fix potential integer overflow in encode_comp_t()
Date: Sat, 15 May 2021 22:06:31 +0800

The integer overflow is descripted with following codes:
  > 317 static comp_t encode_comp_t(u64 value)
  > 318 {
  > 319         int exp, rnd;
    ......
  > 341         exp <<= MANTSIZE;
  > 342         exp += value;
  > 343         return exp;
  > 344 }

Currently comp_t is defined as type of '__u16', but the variable 'exp' is
type of 'int', so overflow would happen when variable 'exp' in line 343 is
greater than 65535.

Link: https://lkml.kernel.org/r/20210515140631.369106-3-zhengyejian1@huawei.com
Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com>
Cc: Hanjun Guo <guohanjun@huawei.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Zhang Jinhao <zhangjinhao2@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 kernel/acct.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/kernel/acct.c~acct-fix-potential-integer-overflow-in-encode_comp_t
+++ a/kernel/acct.c
@@ -350,6 +350,8 @@ static comp_t encode_comp_t(u64 value)
 		exp++;
 	}
 
+	if (exp > (((comp_t) ~0U) >> MANTSIZE))
+		return (comp_t) ~0U;
 	/*
 	 * Clean it up and polish it off.
 	 */
_

Patches currently in -mm which might be from zhengyejian1@huawei.com are

acct-fix-accuracy-loss-for-input-value-of-encode_comp_t.patch
acct-fix-potential-integer-overflow-in-encode_comp_t.patch


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-11-15 19:50 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-15 19:50 + acct-fix-potential-integer-overflow-in-encode_comp_t.patch added to mm-nonmm-unstable branch Andrew Morton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.