Commit 91efecb1 authored Oct 21, 2024 by Guenter Roeck Committed by Lin Ruifeng Oct 21, 2024

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

stable inclusion
from stable-v4.19.322
commit 298a55f11edd811f2189b74eb8f53dee34d4f14c
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IARWFE
CVE: CVE-2024-46757

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=298a55f11edd811f2189b74eb8f53dee34d4f14c



--------------------------------

[ Upstream commit 0403e10bf0824bf0ec2bb135d4cf1c0cc3bf4bf0 ]

DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large
negative number such as -9223372036854775808 is provided by the user.
Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lin Ruifeng <linruifeng4@huawei.com>

parent b4c65e94

drivers/hwmon/nct6775.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2264,7 +2264,7 @@ store_temp_offset(struct device dev, struct device_attribute attr,
		if (err < 0)
		return err;

		val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), -128, 127);
		val = DIV_ROUND_CLOSEST(clamp_val(val, -128000, 127000), 1000);

		mutex_lock(&data->update_lock);
		data->temp_offset[nr] = val;