[PATCH 2/3] kexec: ensure user memory sizes do not wrap
Minfei Huang
mhuang at redhat.com
Thu Apr 28 04:07:22 PDT 2016
On 04/14/16 at 09:00pm, Russell King wrote:
> Ensure that user memory sizes do not wrap around when validating the
> user input, which can lead to the following input validation working
> incorrectly.
>
> Signed-off-by: Russell King <rmk+kernel at arm.linux.org.uk>
> ---
> kernel/kexec_core.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
> index 8d34308ea449..d719a4d0ef55 100644
> --- a/kernel/kexec_core.c
> +++ b/kernel/kexec_core.c
> @@ -169,6 +169,8 @@ int sanity_check_segment_list(struct kimage *image)
>
> mstart = image->segment[i].mem;
> mend = mstart + image->segment[i].memsz;
> + if (mstart > mend)
> + return result;
The type of image->segment[i].memsz is unsigned. So it is no need to
have a test here.
The next several test will catch if image->segment[i].memsz is equal to
0.
Thanks
Minfei
> if ((mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK))
> return result;
> if (mend >= KEXEC_DESTINATION_MEMORY_LIMIT)
> --
> 2.1.0
>
>
> _______________________________________________
> kexec mailing list
> kexec at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
More information about the kexec
mailing list