From patchwork Tue May 8 12:57:32 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Colin King X-Patchwork-Id: 10386117 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9D75360353 for ; Tue, 8 May 2018 12:57:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8E2712890E for ; Tue, 8 May 2018 12:57:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8835128938; Tue, 8 May 2018 12:57:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3F3A22818E for ; Tue, 8 May 2018 12:57:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755148AbeEHM5h (ORCPT ); Tue, 8 May 2018 08:57:37 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:32998 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754775AbeEHM5g (ORCPT ); Tue, 8 May 2018 08:57:36 -0400 Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1fG2BR-0006PL-7z; Tue, 08 May 2018 12:57:33 +0000 From: Colin King To: Johannes Berg , "David S . Miller" , linux-wireless@vger.kernel.org, netdev@vger.kernel.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] mac80211: ethtool: avoid 32 bit multiplication overflow Date: Tue, 8 May 2018 13:57:32 +0100 Message-Id: <20180508125732.5153-1-colin.king@canonical.com> X-Mailer: git-send-email 2.17.0 MIME-Version: 1.0 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Colin Ian King The multiplication of 100000 * cfg80211_calculate_bitrate() is a 32 bit operation and can overflow if cfg80211_calculate_bitrate is greater than 42949. Although I don't believe this is occurring at present, it would be safer to avoid the potential overflow by making the constant 100000 an ULL to ensure a 64 multiplication occurs. Detected by CoverityScan, CID#1468643 ("Unintentional integer overflow") Signed-off-by: Colin Ian King --- net/mac80211/ethtool.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/mac80211/ethtool.c b/net/mac80211/ethtool.c index 08408520c3f8..2ba5686cbcab 100644 --- a/net/mac80211/ethtool.c +++ b/net/mac80211/ethtool.c @@ -117,11 +117,11 @@ static void ieee80211_get_stats(struct net_device *dev, if (sinfo.filled & BIT(NL80211_STA_INFO_TX_BITRATE)) - data[i] = 100000 * + data[i] = 100000ULL * cfg80211_calculate_bitrate(&sinfo.txrate); i++; if (sinfo.filled & BIT(NL80211_STA_INFO_RX_BITRATE)) - data[i] = 100000 * + data[i] = 100000ULL * cfg80211_calculate_bitrate(&sinfo.rxrate); i++;