diff options
author | Dan Carpenter <dan.carpenter@linaro.org> | 2023-07-25 20:03:16 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-08-03 10:24:14 +0200 |
commit | af7aa4fe94b3dc0652f7fb5369f78623e98b0310 (patch) | |
tree | f70a2d37bb81aa1b236783f03fedea2f1ae81cc8 /fs/proc | |
parent | 7f1715d827dc6d1ad48e192ee2d45eef79166d4a (diff) | |
download | linux-af7aa4fe94b3dc0652f7fb5369f78623e98b0310.tar.gz |
proc/vmcore: fix signedness bug in read_from_oldmem()
commit 641db40f3afe7998011bfabc726dba3e698f8196 upstream. The bug is the error handling: if (tmp < nr_bytes) { "tmp" can hold negative error codes but because "nr_bytes" is type size_t the negative error codes are treated as very high positive values (success). Fix this by changing "nr_bytes" to type ssize_t. The "nr_bytes" variable is used to store values between 1 and PAGE_SIZE and they can fit in ssize_t without any issue. Link: https://lkml.kernel.org/r/b55f7eed-1c65-4adc-95d1-6c7c65a54a6e@moroto.mountain Fixes: 5d8de293c224 ("vmcore: convert copy_oldmem_page() to take an iov_iter") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org> Acked-by: Baoquan He <bhe@redhat.com> Cc: Dave Young <dyoung@redhat.com> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs/proc')
-rw-r--r-- | fs/proc/vmcore.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c index 5aa527ca6dbe..1ec0647a2026 100644 --- a/fs/proc/vmcore.c +++ b/fs/proc/vmcore.c @@ -132,7 +132,7 @@ ssize_t read_from_oldmem(struct iov_iter *iter, size_t count, u64 *ppos, bool encrypted) { unsigned long pfn, offset; - size_t nr_bytes; + ssize_t nr_bytes; ssize_t read = 0, tmp; int idx; |