[PATCH][next] x86/fault: fix sign-extend of a unsigned that has been promoted to an int

From: Colin King
Date: Sat Dec 22 2018 - 14:11:41 EST


From: Colin Ian King <colin.king@xxxxxxxxxxxxx>

The shifting of desc.base2 by 24 bits will end up with a sign extension
error if the bit 7 of desc.base2 is set. This because desc.base2 is
promoted to type int and then sign extended to an unsigned long, causing
the upper bits 32 bits to be set on the sign extension. Fix this by
casting desc.base2 to unsigned long before the shift.

Detected by CoverityScan, CID#1475635 ("Unintended sign extension")

Fixes: a1a371c468f7 ("x86/fault: Decode page fault OOPSes better")
Signed-off-by: Colin Ian King <colin.king@xxxxxxxxxxxxx>
---
arch/x86/mm/fault.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
index 2ff25ad33233..9d5c75f02295 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
@@ -595,7 +595,7 @@ static void show_ldttss(const struct desc_ptr *gdt, const char *name, u16 index)
return;
}

- addr = desc.base0 | (desc.base1 << 16) | (desc.base2 << 24);
+ addr = desc.base0 | (desc.base1 << 16) | ((unsigned long)desc.base2 << 24);
#ifdef CONFIG_X86_64
addr |= ((u64)desc.base3 << 32);
#endif
--
2.19.1