| From 7c75a4af01b6723ef67421e5637163588b79bee1 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Tue, 5 Jun 2018 17:51:07 +0100 |
| Subject: ipmi_si: fix potential integer overflow on large shift |
| |
| From: Colin Ian King <colin.king@canonical.com> |
| |
| [ Upstream commit 97a103e6b584442cd848887ed8d47be2410b7e09 ] |
| |
| Shifting unsigned char b by an int type can lead to sign-extension |
| overflow. For example, if b is 0xff and the shift is 24, then top |
| bit is sign-extended so the final value passed to writeq has all |
| the upper 32 bits set. Fix this by casting b to a 64 bit unsigned |
| before the shift. |
| |
| Detected by CoverityScan, CID#1465246 ("Unintended sign extension") |
| |
| Signed-off-by: Colin Ian King <colin.king@canonical.com> |
| Signed-off-by: Corey Minyard <cminyard@mvista.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/char/ipmi/ipmi_si_mem_io.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/drivers/char/ipmi/ipmi_si_mem_io.c b/drivers/char/ipmi/ipmi_si_mem_io.c |
| index 638f4ab88f445..75583612ab105 100644 |
| --- a/drivers/char/ipmi/ipmi_si_mem_io.c |
| +++ b/drivers/char/ipmi/ipmi_si_mem_io.c |
| @@ -51,7 +51,7 @@ static unsigned char mem_inq(const struct si_sm_io *io, unsigned int offset) |
| static void mem_outq(const struct si_sm_io *io, unsigned int offset, |
| unsigned char b) |
| { |
| - writeq(b << io->regshift, (io->addr)+(offset * io->regspacing)); |
| + writeq((u64)b << io->regshift, (io->addr)+(offset * io->regspacing)); |
| } |
| #endif |
| |
| -- |
| 2.20.1 |
| |