Re: CVE-2022-49623: powerpc/xive/spapr: correct bitmap allocation size

From: zhangjianhua (E)
Date: Thu Mar 06 2025 - 08:42:13 EST

Next message: Parvathi Pudi: "Re: [PATCH net-next v3 00/10] PRU-ICSSM Ethernet Driver"
Previous message: Adam Simonelli: " Re: [PATCH v7 2/3] ttynull: Add an option to allow ttynull to be used as a console device"
Next in thread: Greg KH: "Re: CVE-2022-49623: powerpc/xive/spapr: correct bitmap allocation size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Greg，

The commit message of this patch show that it occurs out-of-bounds of xibm->bitmap，the reason is that the allocated object can be smaller than sizeof(long) while bits is small.

However, it is incorrect. The kzalloc interface allocates memory in the unit of byte while bitmap_zalloc does based on the number of bits after rounded up, the space allocated by the kzalloc is not less than that allocated by the bitmap_zalloc. Therefore, replacing the kzalloc with the bitmap_zalloc does not solve the problem. In fact, the problem of out-of-bounds access does not exist. For instance the xibm->count is 3，kzalloc and bitmap_zalloc both return 8 bytes，it's enough for all bitmap. Although using the kzalloc wastes some memory, it does not create any real problems.

Maybe this CVE should be rejected?

Jianhua Zhang

Best regards.

Next message: Parvathi Pudi: "Re: [PATCH net-next v3 00/10] PRU-ICSSM Ethernet Driver"
Previous message: Adam Simonelli: " Re: [PATCH v7 2/3] ttynull: Add an option to allow ttynull to be used as a console device"
Next in thread: Greg KH: "Re: CVE-2022-49623: powerpc/xive/spapr: correct bitmap allocation size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]