From: Dmitry Safonov <dima@arista.com>
Date: Mon, 30 Jul 2018 17:32:36 +0000 (+0100)
Subject: netlink: Don't shift with UB on nlk->ngroups
X-Git-Tag: v4.9.119~12
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=4d502572ea7da97550891c2b0bcd36fa4eb33401;p=platform%2Fkernel%2Flinux-amlogic.git

netlink: Don't shift with UB on nlk->ngroups

[ Upstream commit 61f4b23769f0cc72ae62c9a81cf08f0397d40da8 ]

On i386 nlk->ngroups might be 32 or 0. Which leads to UB, resulting in
hang during boot.
Check for 0 ngroups and use (unsigned long long) as a type to shift.

Fixes: 7acf9d4237c4 ("netlink: Do not subscribe to non-existent groups").
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index cbcc92ebe97a..26ff1c7bbcfa 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -985,7 +985,11 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
 		if (err)
 			return err;
 	}
-	groups &= (1UL << nlk->ngroups) - 1;
+
+	if (nlk->ngroups == 0)
+		groups = 0;
+	else
+		groups &= (1ULL << nlk->ngroups) - 1;
 
 	bound = nlk->bound;
 	if (bound) {