This is a note to let you know that I've just added the patch titled
misc: pci_endpoint_test: Prevent some integer overflows
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
misc-pci_endpoint_test-prevent-some-integer-overflows.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Mon 11 Nov 2019 10:07:22 AM CET
From: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>
Date: Thu, 5 Sep 2019 10:17:50 -0600
Subject: misc: pci_endpoint_test: Prevent some integer overflows
To: stable@xxxxxxxxxxxxxxx
Cc: linux-usb@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-pm@xxxxxxxxxxxxxxx, dri-devel@xxxxxxxxxxxxxxxxxxxxx, linux-omap@xxxxxxxxxxxxxxx, linux-i2c@xxxxxxxxxxxxxxx, linux-pci@xxxxxxxxxxxxxxx, linux-mtd@xxxxxxxxxxxxxxxxxxx
Message-ID: <20190905161759.28036-10-mathieu.poirier@xxxxxxxxxx>
From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
commit 378f79cab12b669928f3a4037f023837ead2ce0c upstream
"size + max" can have an arithmetic overflow when we're allocating:
orig_src_addr = dma_alloc_coherent(dev, size + alignment, ...
I've added a few checks to prevent that.
Fixes: 13107c60681f ("misc: pci_endpoint_test: Add support to provide aligned buffer addresses")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Mathieu Poirier <mathieu.poirier@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/misc/pci_endpoint_test.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -226,6 +226,9 @@ static bool pci_endpoint_test_copy(struc
u32 src_crc32;
u32 dst_crc32;
+ if (size > SIZE_MAX - alignment)
+ goto err;
+
orig_src_addr = dma_alloc_coherent(dev, size + alignment,
&orig_src_phys_addr, GFP_KERNEL);
if (!orig_src_addr) {
@@ -311,6 +314,9 @@ static bool pci_endpoint_test_write(stru
size_t alignment = test->alignment;
u32 crc32;
+ if (size > SIZE_MAX - alignment)
+ goto err;
+
orig_addr = dma_alloc_coherent(dev, size + alignment, &orig_phys_addr,
GFP_KERNEL);
if (!orig_addr) {
@@ -369,6 +375,9 @@ static bool pci_endpoint_test_read(struc
size_t alignment = test->alignment;
u32 crc32;
+ if (size > SIZE_MAX - alignment)
+ goto err;
+
orig_addr = dma_alloc_coherent(dev, size + alignment, &orig_phys_addr,
GFP_KERNEL);
if (!orig_addr) {
Patches currently in stable-queue which might be from mathieu.poirier@xxxxxxxxxx are
queue-4.14/mailbox-reset-txdone_method-txdone_by_poll-if-client-knows_txdone.patch
queue-4.14/mtd-spi-nor-cadence-quadspi-add-a-delay-in-write-sequence.patch
queue-4.14/misc-pci_endpoint_test-fix-bug_on-error-during-pci_disable_msi.patch
queue-4.14/asoc-tlv320dac31xx-mark-expected-switch-fall-through.patch
queue-4.14/pci-dra7xx-add-shutdown-handler-to-cleanly-turn-off-clocks.patch
queue-4.14/asoc-tlv320aic31xx-handle-inverted-bclk-in-non-dsp-modes.patch
queue-4.14/mtd-spi-nor-enable-4b-opcodes-for-mx66l51235l.patch
queue-4.14/cpufreq-ti-cpufreq-add-missing-of_node_put.patch
queue-4.14/asoc-davinci-kill-bug_on-usage.patch
queue-4.14/mfd-palmas-assign-the-right-powerhold-mask-for-tps65917.patch
queue-4.14/asoc-davinci-mcasp-fix-an-error-handling-path-in-davinci_mcasp_probe.patch
queue-4.14/misc-pci_endpoint_test-prevent-some-integer-overflows.patch
queue-4.14/asoc-davinci-mcasp-handle-return-value-of-devm_kasprintf.patch
queue-4.14/i2c-omap-trigger-bus-recovery-in-lockup-case.patch
queue-4.14/usb-dwc3-allow-disabling-of-metastability-workaround.patch
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
Patch "misc: pci_endpoint_test: Prevent some integer overflows" has been added to the 4.14-stable tree
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Patch "misc: pci_endpoint_test: Prevent some integer overflows" has been added to the 4.14-stable tree
- From: <gregkh@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 11 Nov 2019 10:43:33 +0100
- Cc: stable-commits@xxxxxxxxxxxxxxx
- In-reply-to: <20190905161759.28036-10-mathieu.poirier@linaro.org>
- References:
- [BACKPORT 4.14.y 09/18] misc: pci_endpoint_test: Prevent some integer overflows
- From: Mathieu Poirier
- [BACKPORT 4.14.y 09/18] misc: pci_endpoint_test: Prevent some integer overflows
- Prev by Date: Patch "misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi()" has been added to the 4.14-stable tree
- Next by Date: [PATCH] mtd: spi-nor: Make sure nor->spimem and nor->controller_ops are mutually exclusive
- Previous by thread: [BACKPORT 4.14.y 09/18] misc: pci_endpoint_test: Prevent some integer overflows
- Next by thread: [BACKPORT 4.14.y 10/18] PCI: dra7xx: Add shutdown handler to cleanly turn off clocks
- Index(es):
 |