From: Colin Ian King <colin.king@xxxxxxxxxxxxx>
The left shift of the int mapped is evaluated using 32 bit arithmetic
and then assigned to an unsigned long. In the case where mapped is
0x80000 when PAGE_SHIFT is 12 will lead to the upper bits being
sign extended in the unsigned long. Larger values can lead to an
int overflow. Avoid this by casting mapped to unsigned long before
shifting.
Addresses-Coverity: ("Uninitentional integer overflow")
Fixes: 8b2a105c3794 ("mm: selftests for exclusive device memory")
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
lib/test_hmm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/test_hmm.c b/lib/test_hmm.c
index 74d69f87691e..b54657701b3a 100644
--- a/lib/test_hmm.c
+++ b/lib/test_hmm.c
@@ -749,7 +749,7 @@ static int dmirror_exclusive(struct dmirror *dmirror,
}
}
- if (addr + (mapped << PAGE_SHIFT) < next) {
+ if (addr + ((unsigned int)mapped << PAGE_SHIFT) < next) {
mmap_read_unlock(mm);
mmput(mm);
return -EBUSY;
--
2.31.1
