[lvc-project] [PATCH] mm/zsmalloc: prevent integer overflow in obj_free
Anastasia Belova
abelova at astralinux.ru
Thu Mar 13 14:51:45 MSK 2025
The result of multiplication of class_size and f_objidx
may not fit unsigned integer. Add explicit casting to
unsigned long to prevent integer overflow.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: bfd093f5e7f0 ("zsmalloc: use freeobj for index")
Signed-off-by: Anastasia Belova <abelova at astralinux.ru>
---
mm/zsmalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c
index 6d0e47f7ae33..96e0b04ff278 100644
--- a/mm/zsmalloc.c
+++ b/mm/zsmalloc.c
@@ -1421,7 +1421,7 @@ static void obj_free(int class_size, unsigned long obj)
obj_to_location(obj, &f_zpdesc, &f_objidx);
- f_offset = offset_in_page(class_size * f_objidx);
+ f_offset = offset_in_page((unsigned long)class_size * f_objidx);
zspage = get_zspage(f_zpdesc);
vaddr = kmap_local_zpdesc(f_zpdesc);
--
2.43.0
More information about the lvc-project
mailing list