On 12/2/23 11:47 PM, Kees Cook wrote: [...] >> In persistent_ram_init_ecc(), on 64-bit arches DIV_ROUND_UP() will return >> 64-bit value since persistent_ram_zone::buffer_size has type size_t which >> is derived from the 64-bit *unsigned long*, while the ecc_blocks variable >> this value gets assigned to has (always 32-bit) *int* type. Even if that >> value fits into *int* type, an overflow is still possible when calculating >> the size_t typed ecc_total variable further below since there's no cast to >> any 64-bit type before multiplication. Declaring the ecc_blocks variable >> as *unsigned long* should fix this mess... >> >> [...] > > I changed this from unsigned long to size_t, which will do the same thing.
Not quite the same. And ecc_blocks is a block count, not a byte count, so size_t doesn't seem appropriate... > Applied to for-linus/pstore, thanks! > > [1/1] pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() > https://git.kernel.org/kees/c/c92116e01d32 > > Take care, Thanks anyway. :-) MBR, Sergey
