Commit 946a53b7 authored by Andrew Morton's avatar Andrew Morton Committed by Yang Yingliang
Browse files

mm/vmalloc.c:__vmalloc_area_node(): avoid 32-bit overflow 

mainline inclusion
from mainline-v5.11-rc1
commit 34fe6537
category: bugfix
bugzilla: NA
CVE: NA

-----------------------------------------------

With a machine with 3 TB (more than 2 TB memory).  If you use vmalloc to
allocate > 2 TB memory, the array_size below will be overflowed.

The array_size is an unsigned int and can only be used to allocate less
than 2 TB memory.  If you pass 2*1028*1028*1024*1024 = 2 * 2^40 in the
argument of vmalloc.  The array_size will become 2*2^31 = 2^32.  The 2^32
cannot be store with a 32 bit integer.

The fix is to change the type of array_size to unsigned long.

[akpm@linux-foundation.org: rework for current mainline]

Link: https://bugzilla.kernel.org/show_bug.cgi?id=210023


Reported-by: default avatar <hsinhuiwu@gmail.com>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>

conflict:
	mm/vmalloc.c

Signed-off-by: default avatarTong Tiangen <tongtiangen@huawei.com>
Reviewed-by: default avatarChen Wandun <chenwandun@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent afab063f
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment