[openEuler-22.03-LTS-SP1] EDAC/bluefield: Fix potential integer overflow - Kernel

30 Dec 2024

From: David Thompson davthompson@nvidia.com
stable inclusion
from stable-v5.10.231
commit e0269ea7a628fdeddd65b92fe29c09655dbb80b9
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBDHGU
CVE: CVE-2024-53161
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
--------------------------------
[ Upstream commit 1fe774a93b46bb029b8f6fa9d1f25affa53f06c6 ]
The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx
left-shifted 16 bits and OR-ed with DIMM index.  With mem_ctrl_idx defined as
32-bits wide the left-shift operation truncates the upper 16 bits of
information during the calculation of the SMC argument.
The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any
potential integer overflow, i.e. loss of data from upper 16 bits.
Fixes: 82413e562ea6 ("EDAC, mellanox: Add ECC support for BlueField DDR4")
Signed-off-by: David Thompson davthompson@nvidia.com
Signed-off-by: Borislav Petkov (AMD) bp@alien8.de
Reviewed-by: Shravan Kumar Ramani shravankr@nvidia.com
Link: https://lore.kernel.org/r/20240930151056.10158-1-davthompson@nvidia.com
Signed-off-by: Sasha Levin sashal@kernel.org
Signed-off-by: Liu Kai liukai284@huawei.com
---
 drivers/edac/bluefield_edac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/edac/bluefield_edac.c b/drivers/edac/bluefield_edac.c
index e4736eb37bfb..0ef048982768 100644
--- a/drivers/edac/bluefield_edac.c
+++ b/drivers/edac/bluefield_edac.c
@@ -180,7 +180,7 @@ static void bluefield_edac_check(struct mem_ctl_info *mci)
 static void bluefield_edac_init_dimms(struct mem_ctl_info *mci)
 {
    struct bluefield_edac_priv *priv = mci->pvt_info;
-	int mem_ctrl_idx = mci->mc_idx;
+	u64 mem_ctrl_idx = mci->mc_idx;
    struct dimm_info *dimm;
    u64 smc_info, smc_arg;
    int is_empty = 1, i;
-- 
2.34.1


    