From patchwork Tue Mar 16 11:43:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 12142035 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD786C433DB for ; Tue, 16 Mar 2021 11:43:30 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 5FC6065020 for ; Tue, 16 Mar 2021 11:43:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5FC6065020 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id D30196B006C; Tue, 16 Mar 2021 07:43:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CE12E6B006E; Tue, 16 Mar 2021 07:43:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B83E16B0070; Tue, 16 Mar 2021 07:43:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0151.hostedemail.com [216.40.44.151]) by kanga.kvack.org (Postfix) with ESMTP id 965D46B006C for ; Tue, 16 Mar 2021 07:43:29 -0400 (EDT) Received: from smtpin30.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 405316D63 for ; Tue, 16 Mar 2021 11:43:29 +0000 (UTC) X-FDA: 77925552138.30.A18AF90 Received: from aserp2120.oracle.com (aserp2120.oracle.com [141.146.126.78]) by imf17.hostedemail.com (Postfix) with ESMTP id 94C244080F47 for ; Tue, 16 Mar 2021 11:43:28 +0000 (UTC) Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 12GBdaPH160273; Tue, 16 Mar 2021 11:43:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : mime-version : content-type; s=corp-2020-01-29; bh=qV1Rq+2H1o2CbC83Mj76nXd65U3V69TV6d/S19mcjpc=; b=fpcLUJHxkujAMjYRWLKXvBPuG8Dq4yC+zwwbbyRV2gyfhWiv128eF1brBs28gxnQRzYl aNz+TXi7ZvSOFDL1Pxns9s++CqI2PenpKiOvRuIQV8iN8SIDqK73lgWZFLStvPksAamd CbiukjlZTcbNsi37ms/GqCPZHMN/bxOKYqfTAy3j8NDKSdxZgN10hWBgL7UTuWXugDWy 4Z87OBnQ1PFvYohcinoSce4avaQZVYy6/1dIsfLhtHF8dUahEwzxB3motl4MdAb37LS9 yDAWbTm1MGyKSWZ5ryblQqTAoL2uNO2PsWdfWzDbuD3GdR/cx6zpj1Ao/3EEpfUR+IOk Ew== Received: from aserp3030.oracle.com (aserp3030.oracle.com [141.146.126.71]) by aserp2120.oracle.com with ESMTP id 378nbm7cmd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 16 Mar 2021 11:43:27 +0000 Received: from pps.filterd (aserp3030.oracle.com [127.0.0.1]) by aserp3030.oracle.com (8.16.0.42/8.16.0.42) with SMTP id 12GBacCf004230; Tue, 16 Mar 2021 11:43:25 GMT Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by aserp3030.oracle.com with ESMTP id 3796ytb1pm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 16 Mar 2021 11:43:25 +0000 Received: from abhmp0010.oracle.com (abhmp0010.oracle.com [141.146.116.16]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 12GBhOKl013102; Tue, 16 Mar 2021 11:43:25 GMT Received: from mwanda (/102.36.221.92) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 16 Mar 2021 04:43:24 -0700 Date: Tue, 16 Mar 2021 14:43:16 +0300 From: Dan Carpenter To: =?iso-8859-1?q?J=E9r=F4me?= Glisse , Ralph Campbell Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH] lib/test_hmm.c: fix harmless shift wrapping bug Message-ID: MIME-Version: 1.0 Content-Disposition: inline X-Mailer: git-send-email haha only kidding X-Proofpoint-IMR: 1 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9924 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 malwarescore=0 spamscore=0 bulkscore=0 mlxlogscore=999 mlxscore=0 suspectscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103160081 X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=9924 signatures=668683 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 impostorscore=0 malwarescore=0 adultscore=0 mlxscore=0 clxscore=1011 mlxlogscore=999 lowpriorityscore=0 phishscore=0 priorityscore=1501 spamscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103160081 X-Stat-Signature: d9na8x8ugz9xeqg4rcqstptowf4pxfra X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 94C244080F47 Received-SPF: none (oracle.com>: No applicable sender policy available) receiver=imf17; identity=mailfrom; envelope-from=""; helo=aserp2120.oracle.com; client-ip=141.146.126.78 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1615895008-328548 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The "cmd.npages" variable is a u64 that comes from the user. I noticed during review that it could have a shift wrapping bug when it is used in the integer overflow test on the next line. It turns out this is harmless. The users all do: unsigned long size = cmd->npages << PAGE_SHIFT; and after that "size" is used consistently and "cmd->npages" is never used again. So even when there is an integer overflow, everything works fine. Even though this is harmless, I believe syzbot will complain and fixing it makes the code easier to read. Fixes: b2ef9f5a5cb3 ("mm/hmm/test: add selftest driver for HMM") Signed-off-by: Dan Carpenter Reviewed-by: Ralph Campbell --- lib/test_hmm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/test_hmm.c b/lib/test_hmm.c index 80a78877bd93..541466034a6b 100644 --- a/lib/test_hmm.c +++ b/lib/test_hmm.c @@ -930,6 +930,8 @@ static long dmirror_fops_unlocked_ioctl(struct file *filp, if (cmd.addr & ~PAGE_MASK) return -EINVAL; + if (cmd.npages > ULONG_MAX >> PAGE_SHIFT) + return -EINVAL; if (cmd.addr >= (cmd.addr + (cmd.npages << PAGE_SHIFT))) return -EINVAL;