Patch "misc: pci_endpoint_test: Prevent some integer overflows" has been added to the 4.14-stable tree
gregkh at linuxfoundation.org
gregkh at linuxfoundation.org
Mon Nov 11 09:43:33 UTC 2019
This is a note to let you know that I've just added the patch titled
misc: pci_endpoint_test: Prevent some integer overflows
to the 4.14-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
misc-pci_endpoint_test-prevent-some-integer-overflows.patch
and it can be found in the queue-4.14 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable at vger.kernel.org> know about it.
>From foo at baz Mon 11 Nov 2019 10:07:22 AM CET
From: Mathieu Poirier <mathieu.poirier at linaro.org>
Date: Thu, 5 Sep 2019 10:17:50 -0600
Subject: misc: pci_endpoint_test: Prevent some integer overflows
To: stable at vger.kernel.org
Cc: linux-usb at vger.kernel.org, linux-kernel at vger.kernel.org, linux-pm at vger.kernel.org, dri-devel at lists.freedesktop.org, linux-omap at vger.kernel.org, linux-i2c at vger.kernel.org, linux-pci at vger.kernel.org, linux-mtd at lists.infradead.org
Message-ID: <20190905161759.28036-10-mathieu.poirier at linaro.org>
From: Dan Carpenter <dan.carpenter at oracle.com>
commit 378f79cab12b669928f3a4037f023837ead2ce0c upstream
"size + max" can have an arithmetic overflow when we're allocating:
orig_src_addr = dma_alloc_coherent(dev, size + alignment, ...
I've added a few checks to prevent that.
Fixes: 13107c60681f ("misc: pci_endpoint_test: Add support to provide aligned buffer addresses")
Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier at linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
---
drivers/misc/pci_endpoint_test.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/drivers/misc/pci_endpoint_test.c
+++ b/drivers/misc/pci_endpoint_test.c
@@ -226,6 +226,9 @@ static bool pci_endpoint_test_copy(struc
u32 src_crc32;
u32 dst_crc32;
+ if (size > SIZE_MAX - alignment)
+ goto err;
+
orig_src_addr = dma_alloc_coherent(dev, size + alignment,
&orig_src_phys_addr, GFP_KERNEL);
if (!orig_src_addr) {
@@ -311,6 +314,9 @@ static bool pci_endpoint_test_write(stru
size_t alignment = test->alignment;
u32 crc32;
+ if (size > SIZE_MAX - alignment)
+ goto err;
+
orig_addr = dma_alloc_coherent(dev, size + alignment, &orig_phys_addr,
GFP_KERNEL);
if (!orig_addr) {
@@ -369,6 +375,9 @@ static bool pci_endpoint_test_read(struc
size_t alignment = test->alignment;
u32 crc32;
+ if (size > SIZE_MAX - alignment)
+ goto err;
+
orig_addr = dma_alloc_coherent(dev, size + alignment, &orig_phys_addr,
GFP_KERNEL);
if (!orig_addr) {
Patches currently in stable-queue which might be from mathieu.poirier at linaro.org are
queue-4.14/mailbox-reset-txdone_method-txdone_by_poll-if-client-knows_txdone.patch
queue-4.14/mtd-spi-nor-cadence-quadspi-add-a-delay-in-write-sequence.patch
queue-4.14/misc-pci_endpoint_test-fix-bug_on-error-during-pci_disable_msi.patch
queue-4.14/asoc-tlv320dac31xx-mark-expected-switch-fall-through.patch
queue-4.14/pci-dra7xx-add-shutdown-handler-to-cleanly-turn-off-clocks.patch
queue-4.14/asoc-tlv320aic31xx-handle-inverted-bclk-in-non-dsp-modes.patch
queue-4.14/mtd-spi-nor-enable-4b-opcodes-for-mx66l51235l.patch
queue-4.14/cpufreq-ti-cpufreq-add-missing-of_node_put.patch
queue-4.14/asoc-davinci-kill-bug_on-usage.patch
queue-4.14/mfd-palmas-assign-the-right-powerhold-mask-for-tps65917.patch
queue-4.14/asoc-davinci-mcasp-fix-an-error-handling-path-in-davinci_mcasp_probe.patch
queue-4.14/misc-pci_endpoint_test-prevent-some-integer-overflows.patch
queue-4.14/asoc-davinci-mcasp-handle-return-value-of-devm_kasprintf.patch
queue-4.14/i2c-omap-trigger-bus-recovery-in-lockup-case.patch
queue-4.14/usb-dwc3-allow-disabling-of-metastability-workaround.patch
More information about the dri-devel
mailing list