acct: fix potential integer overflow in encode_comp_t()

[ Upstream commit c5f31c655bcc01b6da53b836ac951c1556245305 ] The integer overflow is descripted with following codes: > 317 static comp_t encode_comp_t(u64 value) > 318 { > 319 int exp, rnd; ...... > 341 exp <<= MANTSIZE; > 342 exp += value; > 343 return exp; > 344 } Currently comp_t is defined as type of '__u16', but the variable 'exp' is type of 'int', so overflow would happen when variable 'exp' in line 343 is greater than 65535. Link: https://lkml.kernel.org/r/20210515140631.369106-3-zhengyejian1@huawei.com Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> Cc: Hanjun Guo <guohanjun@huawei.com> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Zhang Jinhao <zhangjinhao2@huawei.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Zheng Yejian <zhengyejian1@huawei.com> 2021-05-15 22:06:31 +0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-12-31 13:32:58 +0100
commit: 0aac6e60c464a5f942f995428e67f8ae1c422250 (patch)
tree: 56451049434f2f4b93c8cd0ffb50ed096c7bae31 /kernel/acct.c
parent: a16731fa1b96226c75bbf18e73513b14fc318360 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/acct.c b/kernel/acct.c
index 62200d799b9b..034a26daabb2 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -350,6 +350,8 @@ static comp_t encode_comp_t(unsigned long value)
 		exp++;
 	}
 
+	if (exp > (((comp_t) ~0U) >> MANTSIZE))
+		return (comp_t) ~0U;
 	/*
 	 * Clean it up and polish it off.
 	 */
author	Zheng Yejian <zhengyejian1@huawei.com>	2021-05-15 22:06:31 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-12-31 13:32:58 +0100
commit	0aac6e60c464a5f942f995428e67f8ae1c422250 (patch)
tree	56451049434f2f4b93c8cd0ffb50ed096c7bae31 /kernel/acct.c
parent	a16731fa1b96226c75bbf18e73513b14fc318360 (diff)