[PATCH 2/3] kexec: ensure user memory sizes do not wrap
Baoquan He
bhe at redhat.com
Thu Apr 28 02:56:24 PDT 2016
On 04/14/16 at 09:00pm, Russell King wrote:
> Ensure that user memory sizes do not wrap around when validating the
> user input, which can lead to the following input validation working
> incorrectly.
>
> Signed-off-by: Russell King <rmk+kernel at arm.linux.org.uk>
> ---
> kernel/kexec_core.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
> index 8d34308ea449..d719a4d0ef55 100644
> --- a/kernel/kexec_core.c
> +++ b/kernel/kexec_core.c
> @@ -169,6 +169,8 @@ int sanity_check_segment_list(struct kimage *image)
>
> mstart = image->segment[i].mem;
> mend = mstart + image->segment[i].memsz;
> + if (mstart > mend)
> + return result;
Though this checking has been done in kexec utitlity, I am fine it's
re-check in kernel space. Anyway it keeps code safer. Ack it.
Acked-by: Baoquan He <bhe at redhat.com>
> if ((mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK))
> return result;
> if (mend >= KEXEC_DESTINATION_MEMORY_LIMIT)
> --
> 2.1.0
>
>
> _______________________________________________
> kexec mailing list
> kexec at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
More information about the kexec
mailing list