mm: selftests: fix potential integer overflow on shift of a int

The left shift of the int mapped is evaluated using 32 bit arithmetic and
then assigned to an unsigned long.  In the case where mapped is 0x80000
when PAGE_SHIFT is 12 will lead to the upper bits being sign extended in
the unsigned long.  Larger values can lead to an int overflow.  Avoid this
by making mapped an unsigned long.

Addresses-Coverity: ("Uninitentional integer overflow")
Link: https://lkml.kernel.org/r/20210526170530.3766167-1-colin.king@canonical.com
Fixes: 8b2a105c3794 ("mm: selftests for exclusive device memory")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Jason Gunthorpe <jgg@nvidia.com>
Cc: Alistair Popple <apopple@nvidia.com>
Cc: Ralph Campbell <rcampbell@nvidia.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>

diff --git a/lib/test_hmm.c b/lib/test_hmm.c
index 74d69f87691e0ad337485f91cee58251f196e527..8c55c47236929accb5f75f2313e8dfba6fdd043c 100644 (file)
--- a/lib/test_hmm.c
+++ b/lib/test_hmm.c
@@ -733,7 +733,8 @@ static int dmirror_exclusive(struct dmirror *dmirror,
 
        mmap_read_lock(mm);
        for (addr = start; addr < end; addr = next) {
-               int i, mapped;
+               unsigned long mapped;
+               int i;
 
                if (end < addr + (ARRAY_SIZE(pages) << PAGE_SHIFT))
                        next = end;