From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79C03C4167B for ; Sat, 17 Dec 2022 00:11:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1C9B78E0002; Fri, 16 Dec 2022 19:11:18 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 17A968E0001; Fri, 16 Dec 2022 19:11:18 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 041F28E0002; Fri, 16 Dec 2022 19:11:17 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id E57268E0001 for ; Fri, 16 Dec 2022 19:11:17 -0500 (EST) Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id C1C5A1A0859 for ; Sat, 17 Dec 2022 00:11:17 +0000 (UTC) X-FDA: 80249868594.02.2423C4E Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf16.hostedemail.com (Postfix) with ESMTP id 3F8A8180016 for ; Sat, 17 Dec 2022 00:11:16 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UcVE87sk; spf=pass (imf16.hostedemail.com: domain of sashal@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=sashal@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1671235876; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gP5873migtLdHlXvlYi2rxjqVUYn2J6y8qj0ON3QF4w=; b=c+Wc5Nycm8ckc0kgCuyKNBs7W/JRM43NG0j/7hM7AE2LtzML/My1Lp9NAk8yVJj2vYoMWB 3osqJZTk/h0lkTeZkgS9KJZuzbEWuJ6XXte+nlL/HTb0yfk6beiy0r/KsYiztd5Z0IttXt wTsleOPvl6lMbThGzbVnR5MJ+1LSTSg= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=UcVE87sk; spf=pass (imf16.hostedemail.com: domain of sashal@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=sashal@kernel.org; dmarc=pass (policy=none) header.from=kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1671235876; a=rsa-sha256; cv=none; b=Y41s9svUv1jly2faWRNB9bob4D+MQzv/c2xKm+HILTmn8YU+GQh5CyIYgBOPZDgWAnPRAj qQdCWuFqOFk6pVsmc2lcmRrMReqGEb3bke2rNrdd/1mZDKrmWAHiBrxq9eTNlunIi7D4pE Sgxu/lwiMCY0SL6FvZSscHXhAUrqq3M= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 75270622C1; Sat, 17 Dec 2022 00:11:15 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D4DCC433F0; Sat, 17 Dec 2022 00:11:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1671235874; bh=F1JA5kgwiRUQgQMgSFHXyA042OntNyRNiUZKAZHDIBE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UcVE87skmLJ/8K5m2q/zAfV1SeLcjb9CZaIVztnVwZmyAlkxe67FcocHAdctwfMnr PdmwAbsSjzMjXKMNPyb9QllYS5yo+dAXwbfWZOlYIw1WLK+/FfLqBetZAhsnfsrS67 5fK3OO8DImPQwbtyUNBSGfiI8FgCxT3n6pX5CfONLJ4TAMb6jLIjPu+OWKPMKX2vTU Biin2cjBeD/zrcXzmGWHciVXyw3D0DcBp/CJnkaCiCZpNeteTMk1UxmmhK+ZHEp6gC xtKg9f0THgxyMp1XwDPB+MTcCMzMrQ0hEpezUBhhw3f35tG2VTkfoSZBlFWolc1YZ1 9LAaa2GfAn7gg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Liu Shixin , Kees Cook , Sasha Levin , viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH AUTOSEL 5.10 5/5] binfmt_misc: fix shift-out-of-bounds in check_special_flags Date: Fri, 16 Dec 2022 19:10:57 -0500 Message-Id: <20221217001058.41426-5-sashal@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221217001058.41426-1-sashal@kernel.org> References: <20221217001058.41426-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 3F8A8180016 X-Stat-Signature: n7c8fqt8fjssp7myn61coz7wk56zbkjb X-Rspam-User: X-HE-Tag: 1671235876-447963 X-HE-Meta: U2FsdGVkX1/i7eVGRUQObnhbORep1LUShGe+bEIMx7IYCF2u7kBbt4pLyal+f8IO03OM4QBtUVscw9KBKb+BNWIdCgBtF6Zt7kHQM8PWYY3YSyo/7Qalz6UeaiXfbEEAja0kpZrr5pr0Fn9KCDhDi2X2F8u3P2iuYGo2rw4w+4x/W5gm7zNJ6fWfHg5CFd/9GpbQriSP6ts9zU6tuY9iar8nh4oB2dM5yhnVtnRXj5xY1l98GQfvhh/Sap2CplPGzbdv+/Z8s/7a4V2hlHc5f8nN3u0IbDlk/PPUTAjPL204jUfBYB6YxMvkJTsCSF/ES+oS7CFBjcYFAieMNNlWTMLKbj2wFoTJnCIYrsTfAZCgI2MMQS6aGdfnaKZGxHoqHdMnXljLFokuUb/6D173CuFTrp3IFrCQdwBvb1UMAu/YRXYck9fDWJCbEJqUcuLPEwK8ybJlLefPEZ53TBCXnZ6TXCFkjMSXVLUzTnF74EBmUerxYQ5N42C2qZ5hYohNsbUqncmiUbS8K05cpNQNVj4v10b/o3kbHEaC7qUO3FIIw2HyOnLG6esDoj5L7L2r+x95QTJ20dnanFGDi3HHsuTAiOgKUb+PqQbMvNDNYxRnYIJ22M6dSp35fZfAMdCX5DX3C5lTO/Pg6+fjKeNBpYUEwGosmuGjkH5kz4HojxpsIvWkmX1uBy6ntWGf2/M9JLVz/KKPiqht1wtDxZ32JrbsoY5V4S3hjFhjzngMPS1fobHVcSOMfhj4rfFvoCU7IJ1lQGe2kqeHRlXRUE02jCsaZwazdUqrR6yYb2tyi+SWLabqHSEC/cAOa+/6eutH6z0J8+vy/k2Jxj2c7om/+kLPx7utCj0tRItipWxhmWKgBIbW9CuZwIazzyGSbdygt+L7GlLbcoH3Xwsnd/rJX/aRI0Yx5whl2Bo3VxU4bVwMMFlY3iZLAJPhS6ClnUNAf933i6wXiANahgmVt3X duUEn5qf evdopy+vqF2mouagRkDH7SzPxZn+tonHTQoQ6NIumphLRF9+Mxudj9Rd3xdYg0/z9b7uPngrYAygzqhkgmH/BcuHTFHfRIK2edMERcQEWxbt+yCmBGmKPMf3lKA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Liu Shixin [ Upstream commit 6a46bf558803dd2b959ca7435a5c143efe837217 ] UBSAN reported a shift-out-of-bounds warning: left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8d/0xcf lib/dump_stack.c:106 ubsan_epilogue+0xa/0x44 lib/ubsan.c:151 __ubsan_handle_shift_out_of_bounds+0x1e7/0x208 lib/ubsan.c:322 check_special_flags fs/binfmt_misc.c:241 [inline] create_entry fs/binfmt_misc.c:456 [inline] bm_register_write+0x9d3/0xa20 fs/binfmt_misc.c:654 vfs_write+0x11e/0x580 fs/read_write.c:582 ksys_write+0xcf/0x120 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x34/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x4194e1 Since the type of Node's flags is unsigned long, we should define these macros with same type too. Signed-off-by: Liu Shixin Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20221102025123.1117184-1-liushixin2@huawei.com Signed-off-by: Sasha Levin --- fs/binfmt_misc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 11b5bf241955..ce0047feea72 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c @@ -44,10 +44,10 @@ static LIST_HEAD(entries); static int enabled = 1; enum {Enabled, Magic}; -#define MISC_FMT_PRESERVE_ARGV0 (1 << 31) -#define MISC_FMT_OPEN_BINARY (1 << 30) -#define MISC_FMT_CREDENTIALS (1 << 29) -#define MISC_FMT_OPEN_FILE (1 << 28) +#define MISC_FMT_PRESERVE_ARGV0 (1UL << 31) +#define MISC_FMT_OPEN_BINARY (1UL << 30) +#define MISC_FMT_CREDENTIALS (1UL << 29) +#define MISC_FMT_OPEN_FILE (1UL << 28) typedef struct { struct list_head list; -- 2.35.1