From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CED6C3DA6E for ; Sat, 17 Dec 2022 15:30:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229880AbiLQPaT (ORCPT ); Sat, 17 Dec 2022 10:30:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230086AbiLQP3K (ORCPT ); Sat, 17 Dec 2022 10:29:10 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 712451740C; Sat, 17 Dec 2022 07:28:00 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EBD4060C04; Sat, 17 Dec 2022 15:27:59 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5704EC433F0; Sat, 17 Dec 2022 15:27:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671290879; bh=GiT7CCcJHCT0wN/FYRSBDJwgEgqKON+84OSY5MfM6HA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jjDGP0Uh3i64gu3zsespVmTwqwSCl4vH03dQzK3Qfn+bKuPciojxHNdyNn6TB0Xnq Zk9P3+Wr4NWYT+OrB7pfcp9iprHI3h2EkEADNVc2/U6rES1U8r0tlCTfmHz22YC393 WFwF6ykvPSO7x6i3IcJedUdcjwEtv8UQVuj8IBB5ZU/4ugtaqaswp7T8I0T7Wmk+Qv UqAEEYqvcSDBNFfSAzp4JwrVpCvkoAKF/DIGf+Ukt+GGpwcARf9y6YIjbGInl/ZH+j +XpoLK0SjLApi2AxtxcMWBhJg08GYr+9bILr5G0sczlbM+U62PRT5mvHmueDJ7Aalj AXlmxoL49WNRA== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Zheng Yejian , Hanjun Guo , Randy Dunlap , Vlastimil Babka , Zhang Jinhao , Andrew Morton , Sasha Levin , tangmeng@uniontech.com, willy@infradead.org Subject: [PATCH AUTOSEL 6.1 17/22] acct: fix potential integer overflow in encode_comp_t() Date: Sat, 17 Dec 2022 10:27:18 -0500 Message-Id: <20221217152727.98061-17-sashal@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221217152727.98061-1-sashal@kernel.org> References: <20221217152727.98061-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Zheng Yejian [ Upstream commit c5f31c655bcc01b6da53b836ac951c1556245305 ] The integer overflow is descripted with following codes: > 317 static comp_t encode_comp_t(u64 value) > 318 { > 319 int exp, rnd; ...... > 341 exp <<= MANTSIZE; > 342 exp += value; > 343 return exp; > 344 } Currently comp_t is defined as type of '__u16', but the variable 'exp' is type of 'int', so overflow would happen when variable 'exp' in line 343 is greater than 65535. Link: https://lkml.kernel.org/r/20210515140631.369106-3-zhengyejian1@huawei.com Signed-off-by: Zheng Yejian Cc: Hanjun Guo Cc: Randy Dunlap Cc: Vlastimil Babka Cc: Zhang Jinhao Signed-off-by: Andrew Morton Signed-off-by: Sasha Levin --- kernel/acct.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/acct.c b/kernel/acct.c index 62200d799b9b..034a26daabb2 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -350,6 +350,8 @@ static comp_t encode_comp_t(unsigned long value) exp++; } + if (exp > (((comp_t) ~0U) >> MANTSIZE)) + return (comp_t) ~0U; /* * Clean it up and polish it off. */ -- 2.35.1