From: Sung-hun Kim <sfoon.kim@samsung.com>
Date: Wed, 28 Oct 2020 10:26:31 +0000 (+0900)
Subject: mm: LKSM: bug fix for KASAN out-of-bound access error on accessing a filter
X-Git-Tag: accepted/tizen/unified/20201102.124307^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=acea88dbb780d2415aa08108f5b9f87ee7db7a08;p=platform%2Fkernel%2Flinux-rpi.git

mm: LKSM: bug fix for KASAN out-of-bound access error on accessing a filter

KASAN reports out-of-bound accesses (reported by Jaehoon Chung)
on slab which is performed for obtaining a next filtered
address to find a sharable page.

LKSM exploits bitmap-based filters to find sharable pages in
an efficient way. A buggy code is a kind of miscalculation for
boundary of the allocated bitmap. This patch takes care of it.

Change-Id: If45c5ce175db067523b60f11e69e12d2bc798659
Signed-off-by: Sung-hun Kim <sfoon.kim@samsung.com>
---

diff --git a/mm/lksm.c b/mm/lksm.c
index 6081f4b..3dcaacf 100644
--- a/mm/lksm.c
+++ b/mm/lksm.c
@@ -2917,7 +2917,7 @@ static void lksm_insert_mm_slot_ordered(struct mm_slot *slot)
 static inline void __lksm_copy_filter
 (unsigned long *orig, unsigned long *newer, int size)
 {
-	while (size-- >= 0)
+	while (--size >= 0)
 		*(newer++) = *(orig++);
 }
 
@@ -3012,8 +3012,8 @@ static inline unsigned long lksm_get_next_filtered_address
 	unsigned long next_offset, curr_offset, nbits;
 
 	curr_offset = (addr - base) >> PAGE_SHIFT;
-	nbits = (region->len == 0) ? BITS_PER_LONG :
-				(region->len << (6 + PAGE_SHIFT));
+	nbits = region->len * BITS_PER_LONG;
+
 	if (region->len > SINGLE_FILTER_LEN)
 		next_offset = find_next_bit(region->filter, nbits, curr_offset);
 	else