On Fri, Feb 23, 2018 at 7:00 PM, Luis R. Rodriguez <[email protected]> wrote: > As reported by Dan the parentheses is in the wrong place, and since > unlikely() call returns either 0 or 1 it's never less than zero. > The second issue is that signed integer overflows like "INT_MAX + 1" are > undefined behavior. > > Since num_test_devs represents the number of devices, we want to stop > prior to hitting the max, and not rely on the wrap arround at all. So > just cap at num_test_devs + 1, prior to assigning a new device. > > Reported-by: Dan Carpenter <[email protected]> > Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress test the module loader") > Signed-off-by: Luis R. Rodriguez <[email protected]>
Acked-by: Kees Cook <[email protected]> -Kees > --- > lib/test_kmod.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/test_kmod.c b/lib/test_kmod.c > index e372b97eee13..0e5b7a61460b 100644 > --- a/lib/test_kmod.c > +++ b/lib/test_kmod.c > @@ -1141,7 +1141,7 @@ static struct kmod_test_device > *register_test_dev_kmod(void) > mutex_lock(®_dev_mutex); > > /* int should suffice for number of devices, test for wrap */ > - if (unlikely(num_test_devs + 1) < 0) { > + if (num_test_devs + 1 == INT_MAX) { > pr_err("reached limit of number of test devices\n"); > goto out; > } > -- > 2.16.2 > -- Kees Cook Pixel Security
