[PATCH] x86/mce/dev-mcelog: Fix potential memory access error
From: Yang Li
Date: Mon Mar 29 2021 - 05:50:30 EST
Using set_bit() to set a bit in an integer is not a good idea, since
the function expects an unsigned long as argument, which can be 64bit
wide.
Coverity reports this problem as
High:Out-of-bounds access(INCOMPATIBLE_CAST)
CWE119: Out-of-bounds access to a scalar
Pointer "&mcelog->flags" points to an object whose effective type is
"unsigned int" (32 bits, unsigned) but is dereferenced as a wider
"unsigned long" (64 bits, unsigned). This may lead to memory corruption.
/home/heyuan.shy/git-repo/linux/arch/x86/kernel/cpu/mce/dev-mcelog.c:
dev_mce_log
Just use BIT instead.
Reported-by: Abaci Robot <abaci@xxxxxxxxxxxxxxxxx>
Signed-off-by: Yang Li <yang.lee@xxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/cpu/mce/dev-mcelog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/mce/dev-mcelog.c b/arch/x86/kernel/cpu/mce/dev-mcelog.c
index 100fbee..fd7b1b4 100644
--- a/arch/x86/kernel/cpu/mce/dev-mcelog.c
+++ b/arch/x86/kernel/cpu/mce/dev-mcelog.c
@@ -51,7 +51,7 @@ static int dev_mce_log(struct notifier_block *nb, unsigned long val,
* earlier errors are the more interesting ones:
*/
if (entry >= mcelog->len) {
- set_bit(MCE_OVERFLOW, (unsigned long *)&mcelog->flags);
+ mcelog->flags |= BIT(MCE_OVERFLOW);
goto unlock;
}
--
1.8.3.1