kasan: Fix a type conversion error

The current KASAN code can not find the following out-of-bounds bugs:

        char *ptr;
        ptr = kmalloc(8, GFP_KERNEL);
        memset(ptr+7, 0, 2);

the cause of the problem is the type conversion error in
*memory_is_poisoned_n* function.  So this patch fix that.

Signed-off-by: Wang Long <[email protected]>
Acked-by: Andrey Ryabinin <[email protected]>
Cc: Vladimir Murzin <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

diff --git a/mm/kasan/kasan.c b/mm/kasan/kasan.c
index 21c50dcbc9f095a91fd9fd47193ef7054b1c7fad..2b21ccd55cd4a867c902d0ea3e7d04f66de7c634 100644 (file)
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@@ -203,7 +203,7 @@ static __always_inline bool memory_is_poisoned_n(unsigned long addr,
                s8 *last_shadow = (s8 *)kasan_mem_to_shadow((void *)last_byte);
 
                if (unlikely(ret != (unsigned long)last_shadow ||
-                       ((last_byte & KASAN_SHADOW_MASK) >= *last_shadow)))
+                       ((long)(last_byte & KASAN_SHADOW_MASK) >= *last_shadow)))
                        return true;
        }
        return false;