From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752468AbbCYG3j (ORCPT <rfc822;w@1wt.eu>);
	Wed, 25 Mar 2015 02:29:39 -0400
Received: from cassarossa.samfundet.no ([193.35.52.29]:60211 "EHLO
	cassarossa.samfundet.no" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750738AbbCYG3h (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 25 Mar 2015 02:29:37 -0400
Date: Wed, 25 Mar 2015 07:29:33 +0100
From: Hans-Christian Egtvedt <egtvedt@samfundet.no>
To: Andrey Ryabinin <a.ryabinin@samsung.com>
Cc: Haavard Skinnemoen <hskinnemoen@gmail.com>, linux-kernel@vger.kernel.org,
        Kees Cook <keescook@chromium.org>, Yury Gribov <y.gribov@samsung.com>
Subject: Re: [PATCH] avr32: fix integer overflow in ELF_ET_DYN_BASE
Message-ID: <20150325062933.GC3771@samfundet.no>
References: <1427211084-24839-1-git-send-email-a.ryabinin@samsung.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1427211084-24839-1-git-send-email-a.ryabinin@samsung.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Around Tue 24 Mar 2015 18:31:22 +0300 or thereabout, Andrey Ryabinin wrote:
> Almost all arches define ELF_ET_DYN_BASE as 2/3 of TASK_SIZE.
> Though it seems that some architectures do this in a wrong way.
> The problem is that 2*TASK_SIZE may overflow 32-bits so
> the real ELF_ET_DYN_BASE becomes wrong.
> Fix this overflow by dividing TASK_SIZE prior to multiplying:
> 	 (TASK_SIZE / 3 * 2)

Thank you for fixing (-:

> Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
>

Acked-by: Hans-Christian Egtvedt <egtvedt@samfundet.no>

Added to for-linus branch in
git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32.git
queued for Linux 4.1.

> ---
>  arch/avr32/include/asm/elf.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/arch/avr32/include/asm/elf.h b/arch/avr32/include/asm/elf.h
> index d232888..0388ece 100644
> --- a/arch/avr32/include/asm/elf.h
> +++ b/arch/avr32/include/asm/elf.h
> @@ -84,7 +84,7 @@ typedef struct user_fpu_struct elf_fpregset_t;
>     the loader.  We need to make sure that it is out of the way of the program
>     that it will "exec", and that there is sufficient room for the brk.  */
>  
> -#define ELF_ET_DYN_BASE         (2 * TASK_SIZE / 3)
> +#define ELF_ET_DYN_BASE         (TASK_SIZE / 3 * 2)
>  
>  
>  /* This yields a mask that user programs can use to figure out what
-- 
Best regards,
Hans-Christian Egtvedt