[PATCH 3/4] kexec-tools: Fix possible overflows and make use of dbg_memrange() macro

Sun May 26 09:16:26 EDT 2013

On Wed, May 22, 2013 at 10:57:35AM +0200, Thomas Renninger wrote:
> add_memmap() will add another memrange, therefore we need an additional
> array entry and need to check for
> if (nr_entries >= CRASH_MAX_MEMMAP_NR - 1)
> 
> Same for delete_memmap: If a region has to be split an additional region is
> added first, so we again have to check for:
> if (nr_entries >= CRASH_MAX_MEMMAP_NR - 1)
> 
> In add_memmap we know the amount of range entries. No need to check for the
> ugly:
> -               if (mstart == 0 && mend == 0)
> -                       break;
> condition, just let the loop go until nr_entries.
> 
> Signed-off-by: Thomas Renninger <trenn at suse.de>
> Signed-off-by: Thomas Renninger <Thomas Renninger" trenn at suse.de>

This patch seems fine, however, the second Signed-off-by line seems to be a
malformed duplicate of the first.

> ---
>  kexec/arch/i386/crashdump-x86.c |   35 ++++++++---------------------------
>  1 files changed, 8 insertions(+), 27 deletions(-)
> 
> diff --git a/kexec/arch/i386/crashdump-x86.c b/kexec/arch/i386/crashdump-x86.c
> index 9b5a7cd..7fd1c5b 100644
> --- a/kexec/arch/i386/crashdump-x86.c
> +++ b/kexec/arch/i386/crashdump-x86.c
> @@ -545,14 +545,12 @@ static int add_memmap(struct memory_range *memmap_p, unsigned long long addr,
>  		else
>  			nr_entries++;
>  	}
> -	if (nr_entries == CRASH_MAX_MEMMAP_NR)
> +	if (nr_entries >= CRASH_MAX_MEMMAP_NR - 1)
>  		return -1;
>  
> -	for (i = 0; i < CRASH_MAX_MEMMAP_NR;  i++) {
> +	for (i = 0; i < nr_entries;  i++) {
>  		mstart = memmap_p[i].start;
>  		mend = memmap_p[i].end;
> -		if (mstart == 0 && mend == 0)
> -			break;
>  		if (mstart <= (addr+size-1) && mend >=addr)
>  			/* Overlapping region. */
>  			return -1;
> @@ -565,16 +563,8 @@ static int add_memmap(struct memory_range *memmap_p, unsigned long long addr,
>  	memmap_p[tidx].start = addr;
>  	memmap_p[tidx].end = addr + size - 1;
>  
> -	dbgprintf("Memmap after adding segment\n");
> -	for (i = 0; i < CRASH_MAX_MEMMAP_NR;  i++) {
> -		mstart = memmap_p[i].start;
> -		mend = memmap_p[i].end;
> -		if (mstart == 0 && mend == 0)
> -			break;
> -		dbgprintf("%016llx - %016llx\n",
> -			mstart, mend);
> -	}
> -
> +	nr_entries++;
> +	dbg_memrange("Memmap after adding segment", &memmap_p, nr_entries);
>  	return 0;
>  }
>  
> @@ -600,8 +590,7 @@ static int delete_memmap(struct memory_range *memmap_p, unsigned long long addr,
>  		else
>  			nr_entries++;
>  	}
> -	if (nr_entries == CRASH_MAX_MEMMAP_NR)
> -		/* List if full */
> +	if (nr_entries >= CRASH_MAX_MEMMAP_NR - 1)
>  		return -1;
>  
>  	for (i = 0; i < CRASH_MAX_MEMMAP_NR;  i++) {
> @@ -643,25 +632,17 @@ static int delete_memmap(struct memory_range *memmap_p, unsigned long long addr,
>  		for (j = nr_entries-1; j > tidx; j--)
>  			memmap_p[j+1] = memmap_p[j];
>  		memmap_p[tidx+1] = temp_region;
> +		nr_entries++;
>  	}
>  	if ((operation == -1) && tidx >=0) {
>  		/* Delete the exact match memory region. */
>  		for (j = i+1; j < CRASH_MAX_MEMMAP_NR; j++)
>  			memmap_p[j-1] = memmap_p[j];
>  		memmap_p[j-1].start = memmap_p[j-1].end = 0;
> +		nr_entries--;
>  	}
>  
> -	dbgprintf("Memmap after deleting segment\n");
> -	for (i = 0; i < CRASH_MAX_MEMMAP_NR;  i++) {
> -		mstart = memmap_p[i].start;
> -		mend = memmap_p[i].end;
> -		if (mstart == 0 && mend == 0) {
> -			break;
> -		}
> -		dbgprintf("%016llx - %016llx\n",
> -			mstart, mend);
> -	}
> -
> +	dbg_memrange("Memmap after deleting segment", &memmap_p, nr_entries);
>  	return 0;
>  }
>  
> -- 
> 1.7.6.1
> 
> 
> _______________________________________________
> kexec mailing list
> kexec at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
> 