Kefeng Wang
0c7d37f4d9
hpet: Fix division by zero in hpet_time_div() ...
The base value in do_div() called by hpet_time_div() is truncated from
unsigned long to uint32_t, resulting in a divide-by-zero exception.
UBSAN: Undefined behaviour in ../drivers/char/hpet.c:572:2
division by zero
CPU: 1 PID: 23682 Comm: syz-executor.3 Not tainted 4.4.184.x86_64+ #4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
0000000000000000 b573382df1853d00 ffff8800a3287b98 ffffffff81ad7561
ffff8800a3287c00 ffffffff838b35b0 ffffffff838b3860 ffff8800a3287c20
0000000000000000 ffff8800a3287bb0 ffffffff81b8f25e ffffffff838b35a0
Call Trace:
[<ffffffff81ad7561>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffffff81ad7561>] dump_stack+0xc1/0x120 lib/dump_stack.c:51
[<ffffffff81b8f25e>] ubsan_epilogue+0x12/0x8d lib/ubsan.c:166
[<ffffffff81b900cb>] __ubsan_handle_divrem_overflow+0x282/0x2c8 lib/ubsan.c:262
[<ffffffff823560dd>] hpet_time_div drivers/char/hpet.c:572 [inline]
[<ffffffff823560dd>] hpet_ioctl_common drivers/char/hpet.c:663 [inline]
[<ffffffff823560dd>] hpet_ioctl_common.cold+0xa8/0xad drivers/char/hpet.c:577
[<ffffffff81e63d56>] hpet_ioctl+0xc6/0x180 drivers/char/hpet.c:676
[<ffffffff81711590>] vfs_ioctl fs/ioctl.c:43 [inline]
[<ffffffff81711590>] file_ioctl fs/ioctl.c:470 [inline]
[<ffffffff81711590>] do_vfs_ioctl+0x6e0/0xf70 fs/ioctl.c:605
[<ffffffff81711eb4>] SYSC_ioctl fs/ioctl.c:622 [inline]
[<ffffffff81711eb4>] SyS_ioctl+0x94/0xc0 fs/ioctl.c:613
[<ffffffff82846003>] tracesys_phase2+0x90/0x95
The main C reproducer autogenerated by syzkaller,
syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0);
memcpy((void*)0x20000100, "/dev/hpet\000", 10);
syscall(__NR_openat, 0xffffffffffffff9c, 0x20000100, 0, 0);
syscall(__NR_ioctl, r[0], 0x40086806, 0x40000000000000);
Fix it by using div64_ul().
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: Zhang HongJun <zhanghongjun2@huawei.com>
Cc: stable <stable@vger.kernel.org>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20190711132757.130092-1-wangkefeng.wang@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-25 14:39:51 +02:00
2019-07-08 10:39:56 -07:00
2019-07-15 11:03:02 -03:00
2019-07-13 15:07:02 -07:00
2019-05-21 10:50:46 +02:00
2019-05-21 11:28:46 +02:00
2019-06-24 23:57:50 +03:00
2019-05-21 10:50:46 +02:00
2019-06-05 17:37:13 +02:00
2018-06-05 11:24:55 -07:00
2019-05-21 10:50:45 +02:00
2019-05-21 10:50:45 +02:00
2017-11-02 11:10:55 +01:00
2019-06-09 09:11:21 +02:00
2019-05-21 10:50:45 +02:00
2018-02-11 14:34:03 -08:00
2019-05-21 10:50:45 +02:00
2019-05-21 10:50:45 +02:00
2019-06-05 17:37:13 +02:00
2019-07-25 14:39:51 +02:00
2019-07-15 11:03:02 -03:00
2019-05-21 10:50:45 +02:00
2019-01-22 10:21:45 +01:00
2019-01-22 14:56:00 +01:00
2019-01-03 18:57:57 -08:00
2019-05-24 18:00:41 +02:00
2019-05-30 11:29:53 -07:00
2019-05-21 10:50:45 +02:00
2019-05-21 10:50:45 +02:00
2019-05-21 10:50:45 +02:00
2017-11-21 15:57:05 -08:00
2019-05-21 10:50:45 +02:00
2019-05-21 10:50:45 +02:00
2019-05-21 10:50:45 +02:00
2019-05-30 11:26:32 -07:00
2019-05-30 11:26:38 -07:00
2019-05-26 00:11:49 -04:00
2019-05-21 10:50:45 +02:00
2019-05-30 11:26:32 -07:00
2019-05-21 10:50:45 +02:00
2018-02-11 14:34:03 -08:00
2019-05-24 17:36:45 +02:00
2019-05-30 11:26:35 -07:00
2018-11-11 12:58:27 -08:00
2019-05-30 11:25:14 -07:00
2019-06-05 17:37:13 +02:00
2019-05-30 11:26:35 -07:00
0c7d37f4d9