| Message ID | 20210526170530.3766167-1-colin.king@canonical.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [V2,next] mm: selftests: fix potential integer overflow on shift of a int | expand |
On Wed, May 26, 2021 at 06:05:30PM +0100, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > The left shift of the int mapped is evaluated using 32 bit arithmetic > and then assigned to an unsigned long. In the case where mapped is > 0x80000 when PAGE_SHIFT is 12 will lead to the upper bits being > sign extended in the unsigned long. Larger values can lead to an > int overflow. Avoid this by making mapped an unsigned long. > > Addresses-Coverity: ("Uninitentional integer overflow") > Fixes: 8b2a105c3794 ("mm: selftests for exclusive device memory") > Signed-off-by: Colin Ian King <colin.king@canonical.com> > --- > > V2: Make mapped an unsigned long rather than casting it to unsigned long Reviewed-by: Jason Gunthorpe <jgg@nvidia.com> Jason
diff --git a/lib/test_hmm.c b/lib/test_hmm.c index 74d69f87691e..8c55c4723692 100644 --- a/lib/test_hmm.c +++ b/lib/test_hmm.c @@ -733,7 +733,8 @@ static int dmirror_exclusive(struct dmirror *dmirror, mmap_read_lock(mm); for (addr = start; addr < end; addr = next) { - int i, mapped; + unsigned long mapped; + int i; if (end < addr + (ARRAY_SIZE(pages) << PAGE_SHIFT)) next = end;