From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=FaIs=O2=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D5A51C433EF
	for <linux-mm@archiver.kernel.org>; Wed,  6 Oct 2021 18:40:27 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 6BA8061029
	for <linux-mm@archiver.kernel.org>; Wed,  6 Oct 2021 18:40:27 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 6BA8061029
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id A179D6B006C; Wed,  6 Oct 2021 14:40:26 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9C6BA6B0071; Wed,  6 Oct 2021 14:40:26 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 88E8F6B0073; Wed,  6 Oct 2021 14:40:26 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0188.hostedemail.com [216.40.44.188])
	by kanga.kvack.org (Postfix) with ESMTP id 76ABC6B006C
	for <linux-mm@kvack.org>; Wed,  6 Oct 2021 14:40:26 -0400 (EDT)
Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 3690E39BA5
	for <linux-mm@kvack.org>; Wed,  6 Oct 2021 18:40:26 +0000 (UTC)
X-FDA: 78666878052.23.F7A6A10
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124])
	by imf20.hostedemail.com (Postfix) with ESMTP id CD500D0013F0
	for <linux-mm@kvack.org>; Wed,  6 Oct 2021 18:40:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1633545625;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=OYtCMCdzeUAH5A7kvrEJVmvT/XFeYC2/Oa0mvBondw8=;
	b=jKd8BPqOY7TSNmeuZP1YcGOm8gnA25fxxbLiLXPvC+Pcn8CSZVURpnmFzWqt5PDTIodN8A
	uftxOMHBiwJU4K+U9vui+kBTjBaMNmkrjCEIpqq6m82Y0pMPKe6mbg/OAclaG+V+92ZHTu
	ZA8kjYOPX2qSiIX62XTNT8ydXQ09xe4=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-593-uym_wXdROkONzeGgZuqjXw-1; Wed, 06 Oct 2021 14:40:24 -0400
X-MC-Unique: uym_wXdROkONzeGgZuqjXw-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E863C814401;
	Wed,  6 Oct 2021 18:40:22 +0000 (UTC)
Received: from optiplex-lnx.redhat.com (unknown [10.3.128.15])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 1A5DA60657;
	Wed,  6 Oct 2021 18:40:21 +0000 (UTC)
From: Rafael Aquini <aquini@redhat.com>
To: linux-mm@kvack.org
Cc: Andrew Morton <akpm@linux-foundation.org>,
	linux-kernel@vger.kernel.org
Subject: [PATCH] mm/swapfile: fix an integer overflow in swap_show()
Date: Wed,  6 Oct 2021 14:40:11 -0400
Message-Id: <20211006184011.2579054-1-aquini@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: CD500D0013F0
X-Stat-Signature: k45k6ba9cu4g73we4wywqdfq3j8mwcwj
Authentication-Results: imf20.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=jKd8BPqO;
	dmarc=pass (policy=none) header.from=redhat.com;
	spf=none (imf20.hostedemail.com: domain of aquini@redhat.com has no SPF policy when checking 216.205.24.124) smtp.mailfrom=aquini@redhat.com
X-HE-Tag: 1633545625-457150
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

This one is just a minor nuisance for people going through /proc/swaps if
any of their swapareas is bigger than, or equal to 1073741824 pages (4TB)=
.

seq_printf() format string casts as uint the conversion from pages to KB,
and that will overflow in the aforementioned case.

Albeit being almost unthinkable that someone would actually set up such b=
ig
of a single swaparea, there is a ticket recently filed against RHEL:
https://bugzilla.redhat.com/show_bug.cgi?id=3D2008812

Given that all other codesites that use format strings for the same swap
pages-to-KB conversion do cast it as ulong, this patch just follows suit.

Signed-off-by: Rafael Aquini <aquini@redhat.com>
---
 mm/swapfile.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mm/swapfile.c b/mm/swapfile.c
index 22d10f713848..29a7e3ebaaae 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -2763,7 +2763,7 @@ static int swap_show(struct seq_file *swap, void *v=
)
 	struct swap_info_struct *si =3D v;
 	struct file *file;
 	int len;
-	unsigned int bytes, inuse;
+	unsigned long bytes, inuse;
=20
 	if (si =3D=3D SEQ_START_TOKEN) {
 		seq_puts(swap, "Filename\t\t\t\tType\t\tSize\t\tUsed\t\tPriority\n");
@@ -2775,7 +2775,7 @@ static int swap_show(struct seq_file *swap, void *v=
)
=20
 	file =3D si->swap_file;
 	len =3D seq_file_path(swap, file, " \t\n\\");
-	seq_printf(swap, "%*s%s\t%u\t%s%u\t%s%d\n",
+	seq_printf(swap, "%*s%s\t%lu\t%s%lu\t%s%d\n",
 			len < 40 ? 40 - len : 1, " ",
 			S_ISBLK(file_inode(file)->i_mode) ?
 				"partition" : "file\t",
--=20
2.26.3