The variable 'n' is defined as ULONG. However in the cpumask_next(),
it is used as INT.
That is vulnerable and may cause overflow.
Therefore, it might be better to define 'n' as INT.
Fixes: cb152ff ("sched: Fix /proc/sched_stat failure on very very large systems")
Signed-off-by: Jiasheng Jiang <[email protected]>
---
kernel/sched/stats.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/sched/stats.c b/kernel/sched/stats.c
index 3f93fc3..6503d3a 100644
--- a/kernel/sched/stats.c
+++ b/kernel/sched/stats.c
@@ -82,7 +82,7 @@ static int show_schedstat(struct seq_file *seq, void *v)
*/
static void *schedstat_start(struct seq_file *file, loff_t *offset)
{
- unsigned long n = *offset;
+ int n = *offset;
if (n == 0)
return (void *) 1;
--
2.7.4
On Mon, Oct 25, 2021 at 08:17:27AM +0000, Jiasheng Jiang wrote:
> The variable 'n' is defined as ULONG. However in the cpumask_next(),
> it is used as INT.
> That is vulnerable and may cause overflow.
> Therefore, it might be better to define 'n' as INT.
-ENOPARSE