From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26F39E77188 for ; Fri, 10 Jan 2025 16:49:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AE0386B00C2; Fri, 10 Jan 2025 11:49:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A90F86B00C3; Fri, 10 Jan 2025 11:49:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 930AA6B00C4; Fri, 10 Jan 2025 11:49:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 726AE6B00C2 for ; Fri, 10 Jan 2025 11:49:54 -0500 (EST) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id EF625B0314 for ; Fri, 10 Jan 2025 16:49:53 +0000 (UTC) X-FDA: 82992129066.22.254FD9C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id 4FBB1A000E for ; Fri, 10 Jan 2025 16:49:52 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gLO9DXzI; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736527792; a=rsa-sha256; cv=none; b=Ehz55Ij1lD2MLnBy15Hv+CAtlgGWrrGlc1aO6In6IFgX5Y3H6mNgDMlyW44RpBv1s//GzO K6BewJy57HmEk+Y5PoKaHqOdZMROwmGuCHhPRNe1dj0cmnBExEoGFOQJfzChauX4RcjGlW suGkXysrSAY0tB7rW66aArEIFv/m0Rg= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=gLO9DXzI; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf15.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736527792; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nzRPYSALOGlD0RkOp1RUKYV2dv+GARL3y6CwHxlLy1I=; b=RKF9GoPk2TPZaTWlmqWVMoTwVuKKuXpM8oZoJ+8vSSupQL4ynpomtF+OKXSGB0ZA/KvCbw t4GjRONPPDbRt5p1teOMt+mlecM5DNcKhpyz4ngS/mgP4o38MPY6+DYH4zcA/7GTG9T/Cx YijXEoBNQIVgmcKin/7XyckXPVWCecU= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 9DE895C3BF6; Fri, 10 Jan 2025 16:49:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 40CDAC4CED6; Fri, 10 Jan 2025 16:49:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1736527791; bh=+yDQ+vJqHznaDyos9xjW00xrBMEHb0ruggMNJ4oZado=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gLO9DXzIlngQ9OUW3zqrNtoKR/H74kAqGYSNWAScFW40NQZJn2QqcvV6+MG3gNXgI my5endsWAut9pMhmvwxsvzquT3VC1mKv5BjgbGhotQIzW3OogWmpYsEn3+uqWcd38m 5G0gI2C7eH443UZFOqee6loc3CoWD8/K57KY0OSpObvFjG9HE9v6GQin6VK8AExl88 rHmm3X45mMJjtDM9spQ8s8VL9MGJWWsVLwjqBmk7qHUoyGiFDPYTa+AFZV1/R2TMF4 1IG+OfL3s3hZDWmsgCw1MQ8Rm+HNhXbgkQ6f8B7oaD9tHFy7Qew4SpzdVm0r6qIXbo cD2Vklyl/aqPA== From: Kees Cook To: Nicolas Pitre , Dan Carpenter Cc: Kees Cook , Alexander Viro , Christian Brauner , Jan Kara , Eric Biederman , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH] binfmt_flat: Fix integer overflow bug on 32 bit systems Date: Fri, 10 Jan 2025 08:49:47 -0800 Message-Id: <173652778610.3103415.15796406713093643015.b4-ty@kernel.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <5be17f6c-5338-43be-91ef-650153b975cb@stanley.mountain> References: <5be17f6c-5338-43be-91ef-650153b975cb@stanley.mountain> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Rspam-User: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: 4FBB1A000E X-Stat-Signature: pffdcn93cgesqypxju4a56whr1j73781 X-HE-Tag: 1736527792-539201 X-HE-Meta: U2FsdGVkX1/pEAcxqM4go7y1PmBxo92S5P/41n1aO2HygBJms7yp3ERAtEtTg7XHxS9ItFmssJwXSyM4ES8gBSerkeNh3jyBmX+gAf1LYsGe3E6maagG24NkjFkgLLlY4mOiMdH2t8CglokjDY4/gkeb95j7jy8BcMayT+D2PdFcWhxxjljW5Lde8m1Y0WFJAcIrXbHwxhPCt7QUA1kx/yO7lC3LYMvK0NwMRCKW78IcLjTaVk35Gi/VkAwbUvocdtXueIidZz2Hj69YnHR5/80Y8uGyy+dY0x1YJVAPvd5TGzwrcG1rdcDJva+ST/exAH9RW83a0pf779gN9+Y621jQps0CPHnkN7j0S/aGkrSA/kCBb1UL3lkMENGHYP2g1dbFNA0WkzXGyphPQz7KKSj3yHFcKf6jQ0T45mtBM72MgVQt97pN0evccGbOQAAsao6Cjr1eHIPAp5l+P7njlcug1OoT8OjYvmqvrV9sLZ6R1Od5wgXuIvXY8fmWlC6bAYUfAV/PTVchbb7hZwEZbHjQmA0KTA5Yp5cdNdeY14L3IGpBMHIR0J9DSF3s257LYxd2yADMk93ec0+4Wi80qPfafBOyBaFy0tI9Id9RCqVKKAk9VbInlp2ett/ZLLWkrVdgHCzUrkUmARE3LY3PmNTa8oKu96N8unTkFWyRTCLTBNOmp+81YXP5B9t/BanPpVUFLbqKyX4TuESoM4n+ySHbShNZDkeJo7bziY4PYI9DzweW2bqiqy8a4SNbSTfLdHHNAsp1I5OdKGGfcdgCTxhQUb9jrtWcg2NGei32zy57PfkrbN5tdVyaf9S8F82y/M1FFj6tbqGMTzQjbeb5YjY0k/TqOXy++sRbdEKOCDbr4disgSGeufB/yRCKM/UaLWJxA96kF42N9A23Tg0FM8wd0Lg2QOb97DSnF6swsXu0/V0MrRsVms582P7lveRjtgRT782he5beBcIA3gK +1yLWh8C +3IaHrAmjiqvCUrtBgj/5VsSa+RsIh2d+fZaoFU8SPo2KP3Iuih/0EsarpNHf/4ra362I+4+ZoNyiP1wiFLP41JgAxaqRgPqB9KNRKUIm3yBTI2iCPo6piEJzPbHjCQeGtB1cDoNO4fzUsEFXPE+IAsaQRq0Jno8kuVRpxKXi8Et9YEq4AR8EflEkNI2QfulQkOErb/cyk3PzOv7Nsd5oxKeMSz7+QWsNGYFcXvRSo04gGrOm9MIT9s88PC0AnNq+CTVOFXYXRGj2Nx+dbVfuZLzffkLXFVv9gOx9 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, 04 Dec 2024 15:07:15 +0300, Dan Carpenter wrote: > Most of these sizes and counts are capped at 256MB so the math doesn't > result in an integer overflow. The "relocs" count needs to be checked > as well. Otherwise on 32bit systems the calculation of "full_data" > could be wrong. > > full_data = data_len + relocs * sizeof(unsigned long); > > [...] Applied to for-next/topic/execve/core, thanks! [1/1] binfmt_flat: Fix integer overflow bug on 32 bit systems https://git.kernel.org/kees/c/55cf2f4b945f Take care, -- Kees Cook