From: Dmitry Safonov <dima@arista.com>
Date: Mon, 30 Jul 2018 17:32:36 +0000 (+0100)
Subject: netlink: Don't shift with UB on nlk->ngroups
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=fffd3058eaf438e71cd301c14a0c67161a5864df;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git

netlink: Don't shift with UB on nlk->ngroups

[ Upstream commit 61f4b23769f0cc72ae62c9a81cf08f0397d40da8 ]

On i386 nlk->ngroups might be 32 or 0. Which leads to UB, resulting in
hang during boot.
Check for 0 ngroups and use (unsigned long long) as a type to shift.

Fixes: 7acf9d4237c4 ("netlink: Do not subscribe to non-existent groups").
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 143d9001e87d..b2fcbf012056 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -976,7 +976,11 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
 		if (err)
 			return err;
 	}
-	groups &= (1UL << nlk->ngroups) - 1;
+
+	if (nlk->ngroups == 0)
+		groups = 0;
+	else
+		groups &= (1ULL << nlk->ngroups) - 1;
 
 	bound = nlk->bound;
 	if (bound) {