| From foo@baz Fri Aug 3 21:22:28 CEST 2018 |
| From: Dmitry Safonov <dima@arista.com> |
| Date: Mon, 30 Jul 2018 18:32:36 +0100 |
| Subject: netlink: Don't shift with UB on nlk->ngroups |
| |
| From: Dmitry Safonov <dima@arista.com> |
| |
| [ Upstream commit 61f4b23769f0cc72ae62c9a81cf08f0397d40da8 ] |
| |
| On i386 nlk->ngroups might be 32 or 0. Which leads to UB, resulting in |
| hang during boot. |
| Check for 0 ngroups and use (unsigned long long) as a type to shift. |
| |
| Fixes: 7acf9d4237c4 ("netlink: Do not subscribe to non-existent groups"). |
| Reported-by: kernel test robot <rong.a.chen@intel.com> |
| Signed-off-by: Dmitry Safonov <dima@arista.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/netlink/af_netlink.c | 6 +++++- |
| 1 file changed, 5 insertions(+), 1 deletion(-) |
| |
| --- a/net/netlink/af_netlink.c |
| +++ b/net/netlink/af_netlink.c |
| @@ -985,7 +985,11 @@ static int netlink_bind(struct socket *s |
| if (err) |
| return err; |
| } |
| - groups &= (1UL << nlk->ngroups) - 1; |
| + |
| + if (nlk->ngroups == 0) |
| + groups = 0; |
| + else |
| + groups &= (1ULL << nlk->ngroups) - 1; |
| |
| bound = nlk->bound; |
| if (bound) { |
