Commit d8d898d4 authored Dec 30, 2024 by David Thompson Committed by liukai Dec 30, 2024

EDAC/bluefield: Fix potential integer overflow

stable inclusion
from stable-v5.10.231
commit e0269ea7a628fdeddd65b92fe29c09655dbb80b9
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBDHGU
CVE: CVE-2024-53161

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e0269ea7a628fdeddd65b92fe29c09655dbb80b9



--------------------------------

[ Upstream commit 1fe774a93b46bb029b8f6fa9d1f25affa53f06c6 ]

The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx
left-shifted 16 bits and OR-ed with DIMM index.  With mem_ctrl_idx defined as
32-bits wide the left-shift operation truncates the upper 16 bits of
information during the calculation of the SMC argument.

The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any
potential integer overflow, i.e. loss of data from upper 16 bits.

Fixes: 82413e56 ("EDAC, mellanox: Add ECC support for BlueField DDR4")
Signed-off-by: David Thompson <davthompson@nvidia.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Reviewed-by: Shravan Kumar Ramani <shravankr@nvidia.com>
Link: https://lore.kernel.org/r/20240930151056.10158-1-davthompson@nvidia.com


Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Liu Kai <liukai284@huawei.com>

parent 34fbe42d

drivers/edac/bluefield_edac.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -180,7 +180,7 @@ static void bluefield_edac_check(struct mem_ctl_info *mci)
		static void bluefield_edac_init_dimms(struct mem_ctl_info *mci)
		{
		struct bluefield_edac_priv *priv = mci->pvt_info;
		int mem_ctrl_idx = mci->mc_idx;
		u64 mem_ctrl_idx = mci->mc_idx;
		struct dimm_info *dimm;
		u64 smc_info, smc_arg;
		int is_empty = 1, i;