The patch titled Subject: resource: fix integer overflow at reallocation has been removed from the -mm tree. Its filename was resource-fix-integer-overflow-at-reallocation.patch This patch was dropped because an alternative patch was merged ------------------------------------------------------ From: Takashi Iwai <tiwai@xxxxxxx> Subject: resource: fix integer overflow at reallocation We've got a bug report indicating a kernel panic at booting on an x86-32 system, and it turned out to be the invalid resource assigned after PCI resource reallocation. __find_resource() first aligns the resource start address and resets the end address with start+size-1 accordingly, then checks whether it's contained. Here the end address may overflow the integer, although resource_contains() still returns true because the function validates only start and end address. So this ends up with returning an invalid resource (start > end). There was already an attempt to cover such a problem in the commit 47ea91b4052d ("Resource: fix wrong resource window calculation"), but this case is an overseen one. This patch adds the validity check in resource_contains() to see whether the given resource has a valid range for avoiding the integer overflow problem. Bugzilla: http://bugzilla.opensuse.org/show_bug.cgi?id=1086739 Link: http://lkml.kernel.org/r/20180408072026.27365-1-tiwai@xxxxxxx Fixes: 23c570a67448 ("resource: ability to resize an allocated resource") Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> Reported-by: Michael Henders <hendersm@xxxxxxx> Tested-by: Michael Henders <hendersm@xxxxxxx> Reviewed-by: Ram Pai <linuxram@xxxxxxxxxx> Cc: Bjorn Helgaas <bhelgaas@xxxxxxxxxx> Cc: <stable@xxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- include/linux/ioport.h | 3 +++ 1 file changed, 3 insertions(+) diff -puN include/linux/ioport.h~resource-fix-integer-overflow-at-reallocation include/linux/ioport.h --- a/include/linux/ioport.h~resource-fix-integer-overflow-at-reallocation +++ a/include/linux/ioport.h @@ -212,6 +212,9 @@ static inline bool resource_contains(str return false; if (r1->flags & IORESOURCE_UNSET || r2->flags & IORESOURCE_UNSET) return false; + /* sanity check whether it's a valid resource range */ + if (r2->end < r2->start) + return false; return r1->start <= r2->start && r1->end >= r2->end; } _ Patches currently in -mm which might be from tiwai@xxxxxxx are resource-fix-integer-overflow-at-reallocation-v1.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html