+ mm-fadvise-fix-signed-overflow-ubsan-complaint.patch added to -mm tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The patch titled
     Subject: mm/fadvise: fix signed overflow UBSAN complaint
has been added to the -mm tree.  Its filename is
     mm-fadvise-fix-signed-overflow-ubsan-complaint.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/mm-fadvise-fix-signed-overflow-ubsan-complaint.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/mm-fadvise-fix-signed-overflow-ubsan-complaint.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
Subject: mm/fadvise: fix signed overflow UBSAN complaint

Signed integer overflow is undefined according to the C standard.  The
overflow in ksys_fadvise64_64() is deliberate, but since it is signed
overflow, UBSAN complains:

	UBSAN: Undefined behaviour in mm/fadvise.c:76:10
	signed integer overflow:
	4 + 9223372036854775805 cannot be represented in type 'long long int'

Use unsigned types to do math.  Unsigned overflow is defined so UBSAN will
not complain about it.  This patch doesn't change generated code.

Link: http://lkml.kernel.org/r/20180629184453.7614-1-aryabinin@xxxxxxxxxxxxx
Signed-off-by: Andrey Ryabinin <aryabinin@xxxxxxxxxxxxx>
Reported-by: <icytxw@xxxxxxxxx>
Cc: Alexander Potapenko <glider@xxxxxxxxxx>
Cc: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---


diff -puN mm/fadvise.c~mm-fadvise-fix-signed-overflow-ubsan-complaint mm/fadvise.c
--- a/mm/fadvise.c~mm-fadvise-fix-signed-overflow-ubsan-complaint
+++ a/mm/fadvise.c
@@ -73,7 +73,7 @@ int ksys_fadvise64_64(int fd, loff_t off
 	}
 
 	/* Careful about overflows. Len == 0 means "as much as possible" */
-	endbyte = offset + len;
+	endbyte = (u64)offset + (u64)len;
 	if (!len || endbyte < len)
 		endbyte = -1;
 	else
_

Patches currently in -mm which might be from aryabinin@xxxxxxxxxxxxx are

mm-fadvise-fix-signed-overflow-ubsan-complaint.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Kernel Archive]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]

  Powered by Linux