Re: CVE-2022-49623: powerpc/xive/spapr: correct bitmap allocation size

From: Greg KH
Date: Thu Mar 06 2025 - 08:58:54 EST

Next message: FUJITA Tomonori: "Re: [PATCH v5 5/5] gpu: nova-core: add initial documentation"
Previous message: Borislav Petkov: "Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS"
In reply to: zhangjianhua (E): "Re: CVE-2022-49623: powerpc/xive/spapr: correct bitmap allocation size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 06, 2025 at 09:41:41PM +0800, zhangjianhua (E) wrote:
> Hi Greg，
>
> The commit message of this patch show that it occurs out-of-bounds of
> xibm->bitmap，the reason is that the allocated object can be smaller than
> sizeof(long) while bits is small.
>
> However, it is incorrect. The kzalloc interface allocates memory in the
> unit of byte while bitmap_zalloc does based on the number of bits after
> rounded up, the space allocated by the kzalloc is not less than that
> allocated by the bitmap_zalloc. Therefore, replacing the kzalloc with the
> bitmap_zalloc does not solve the problem. In fact, the problem of
> out-of-bounds access does not exist. For instance the xibm->count is
> 3，kzalloc and bitmap_zalloc both return 8 bytes，it's enough for all
> bitmap. Although using the kzalloc wastes some memory, it does not create
> any real problems.
>
> Maybe this CVE should be rejected?

We will be glad to reject this if you think this does not actually fix
anything at all. If so, just let us know.

thanks,

greg k-h

Next message: FUJITA Tomonori: "Re: [PATCH v5 5/5] gpu: nova-core: add initial documentation"
Previous message: Borislav Petkov: "Re: [PATCH] x86/sev: Make SEV_STATUS available via SYSFS"
In reply to: zhangjianhua (E): "Re: CVE-2022-49623: powerpc/xive/spapr: correct bitmap allocation size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]