[LTS 7.9] net: mdio: fix undefined behavior in bit shift for __mdiobus_register #374
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[CBR 7.9]
CVE-2022-49907
VULN-66410
Problem
https://www.cve.org/CVERecord?id=CVE-2022-49907
Applicability: yes (similar as in #358)
The bug applies to CBR 7.9: the affected MDIO bus driver is central to the control of any ethernet interface device. The patch 40e4eb3 is not backported onto CBR 7.9. The commit 4fd5f81 marked in 40e4eb3 as introducing the bug is present in
ciqcbr7_9
's history.Solution (same as in #358)
The solution in 40e4eb3 involves using the
BIT(i)
macro instead of the raw bit shift1 << i
to obtain anint
with i -th bit set. The fully expandedBIT(i)
macro boils down to1UL << i
construct operating on unsigned type where the left shit is defined for the full range of the type's bits (seeinclude/vdso/bits.h
,include/uapi/linux/const.h
,include/linux/bits.h
).kABI check: passed
Boot test: passed
boot-test.log
Kselftests: passed relative
Reference
kselftests–ciqcbr7_9–run1.log
Patch
kselftests–ciqcbr7_9-CVE-2022-49907–run1.log
Manual comparison
The logs of the CBR 7.9 selftests don't conform to the unified TAP 13 format of the versions ≥ LTS 8.6 and as such they can't be parsed in an automated way. The results must be assessed manually.
The test results for the reference and patched kernel are the same.
Specific tests: skipped