From: Wang Long Date: Fri, 6 Nov 2015 02:51:18 +0000 (-0800) Subject: kasan: Fix a type conversion error X-Git-Tag: firefly_0821_release~176^2~776^2~8 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=e0d57714394f5e2ce4e2f9bbebf48e3c7a7fd3be;p=firefly-linux-kernel-4.4.55.git kasan: Fix a type conversion error The current KASAN code can not find the following out-of-bounds bugs: char *ptr; ptr = kmalloc(8, GFP_KERNEL); memset(ptr+7, 0, 2); the cause of the problem is the type conversion error in *memory_is_poisoned_n* function. So this patch fix that. Signed-off-by: Wang Long Acked-by: Andrey Ryabinin Cc: Vladimir Murzin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c index 21c50dcbc9f0..2b21ccd55cd4 100644 --- a/mm/kasan/kasan.c +++ b/mm/kasan/kasan.c @@ -203,7 +203,7 @@ static __always_inline bool memory_is_poisoned_n(unsigned long addr, s8 *last_shadow = (s8 *)kasan_mem_to_shadow((void *)last_byte); if (unlikely(ret != (unsigned long)last_shadow || - ((last_byte & KASAN_SHADOW_MASK) >= *last_shadow))) + ((long)(last_byte & KASAN_SHADOW_MASK) >= *last_shadow))) return true; } return false;