acct: fix potential integer overflow in encode_comp_t()

[ Upstream commit c5f31c655bcc01b6da53b836ac951c1556245305 ] The integer overflow is descripted with following codes: > 317 static comp_t encode_comp_t(u64 value) > 318 { > 319 int exp, rnd; ...... > 341 exp <<= MANTSIZE; > 342 exp += value; > 343 return exp; > 344 } Currently comp_t is defined as type of '__u16', but the variable 'exp' is type of 'int', so overflow would happen when variable 'exp' in line 343 is greater than 65535. Link: https://lkml.kernel.org/r/20210515140631.369106-3-zhengyejian1@huawei.com Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> Cc: Hanjun Guo <guohanjun@huawei.com> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Zhang Jinhao <zhangjinhao2@huawei.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Zheng Yejian <zhengyejian1@huawei.com> 2021-05-15 22:06:31 +0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2023-01-18 11:30:34 +0100
commit: 1750a0983c455a9b3badd848471fc8d58cb61f67 (patch)
tree: b2c6da613514d1b228e5b5eda0b3a216ba97f076 /kernel
parent: 9b3ba54025357440d6c4414c670984f628c6f6bf (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/acct.c b/kernel/acct.c
index 81f9831a7859..6d98aed403ba 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
@@ -331,6 +331,8 @@ static comp_t encode_comp_t(unsigned long value)
 		exp++;
 	}
 
+	if (exp > (((comp_t) ~0U) >> MANTSIZE))
+		return (comp_t) ~0U;
 	/*
 	 * Clean it up and polish it off.
 	 */
author	Zheng Yejian <zhengyejian1@huawei.com>	2021-05-15 22:06:31 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2023-01-18 11:30:34 +0100
commit	1750a0983c455a9b3badd848471fc8d58cb61f67 (patch)
tree	b2c6da613514d1b228e5b5eda0b3a216ba97f076 /kernel
parent	9b3ba54025357440d6c4414c670984f628c6f6bf (diff)