From: fuqiang wang <fuqiang.wang@easystack.cn>
To: Baoquan He <bhe@redhat.com>, Vivek Goyal <vgoyal@redhat.com>,
Dave Young <dyoung@redhat.com>
Cc: kexec@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: [PATCH] kexec: avoid out of bounds in crash_exclude_mem_range()
Date: Mon, 27 Nov 2023 10:56:39 +0800 [thread overview]
Message-ID: <20231127025641.62210-1-fuqiang.wang@easystack.cn> (raw)
When the split happened, judge whether mem->nr_ranges is equal to
mem->max_nr_ranges. If it is true, return -ENOMEM.
The advantage of doing this is that it can avoid array bounds caused by
some bugs. E.g., Before commit 4831be702b95 ("arm64/kexec: Fix missing
extra range for crashkres_low."), reserve both high and low memories for
the crashkernel may cause out of bounds.
On the other hand, move this code before the split to ensure that the
array will not be changed when return error.
Signed-off-by: fuqiang wang <fuqiang.wang@easystack.cn>
---
kernel/crash_core.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/crash_core.c b/kernel/crash_core.c
index efe87d501c8c..ffdc246cf425 100644
--- a/kernel/crash_core.c
+++ b/kernel/crash_core.c
@@ -611,6 +611,9 @@ int crash_exclude_mem_range(struct crash_mem *mem,
}
if (p_start > start && p_end < end) {
+ /* Split happened */
+ if (mem->nr_ranges == mem->max_nr_ranges)
+ return -ENOMEM;
/* Split original range */
mem->ranges[i].end = p_start - 1;
temp_range.start = p_end + 1;
@@ -626,9 +629,6 @@ int crash_exclude_mem_range(struct crash_mem *mem,
if (!temp_range.end)
return 0;
- /* Split happened */
- if (i == mem->max_nr_ranges - 1)
- return -ENOMEM;
/* Location where new range should go */
j = i + 1;
--
2.42.0
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next reply other threads:[~2023-11-27 2:57 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-27 2:56 fuqiang wang [this message]
2023-11-30 7:44 ` [PATCH] kexec: avoid out of bounds in crash_exclude_mem_range() Baoquan He
2023-11-30 13:20 ` fuqiang wang
2023-12-13 4:44 ` Baoquan He
2023-12-13 13:10 ` fuqiang wang
2023-12-14 9:17 ` Baoquan He
2023-12-14 10:29 ` Baoquan He
2023-12-18 8:31 ` fuqiang wang
2023-12-19 2:42 ` Yuntao Wang
2023-12-19 2:47 ` Yuntao Wang
2023-12-19 3:50 ` fuqiang wang
2023-12-19 5:29 ` Yuntao Wang
2023-12-19 8:55 ` fuqiang wang
2023-12-19 10:39 ` Yuntao Wang
2023-12-19 12:54 ` fuqiang wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231127025641.62210-1-fuqiang.wang@easystack.cn \
--to=fuqiang.wang@easystack.cn \
--cc=bhe@redhat.com \
--cc=dyoung@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=vgoyal@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).