| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Dec 2023 16:09:08 +0800
From: Yuntao Wang <ytcoode@...il.com>
To: linux-kernel@...r.kernel.org,
kexec@...ts.infradead.org,
x86@...nel.org
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Jonathan Corbet <corbet@....net>,
Eric Biederman <ebiederm@...ssion.com>,
Yuntao Wang <ytcoode@...il.com>
Subject: [PATCH 1/3] kexec_file: fix incorrect end value passed to kimage_is_destination_range()
The end parameter received by kimage_is_destination_range() should be the
last valid byte address of the target memory segment plus 1. However, in
the locate_mem_hole_bottom_up() and locate_mem_hole_top_down() functions,
the corresponding value passed to kimage_is_destination_range() is the last
valid byte address of the target memory segment, which is 1 less. Fix it.
Signed-off-by: Yuntao Wang <ytcoode@...il.com>
---
kernel/kexec_file.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index f9a419cd22d4..26be070d3bdd 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -435,13 +435,12 @@ static int locate_mem_hole_top_down(unsigned long start, unsigned long end,
if (temp_start < start || temp_start < kbuf->buf_min)
return 0;
- temp_end = temp_start + kbuf->memsz - 1;
-
/*
* Make sure this does not conflict with any of existing
* segments
*/
- if (kimage_is_destination_range(image, temp_start, temp_end)) {
+ if (kimage_is_destination_range(image, temp_start,
+ temp_start + kbuf->memsz)) {
temp_start = temp_start - PAGE_SIZE;
continue;
}
@@ -475,7 +474,7 @@ static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end,
* Make sure this does not conflict with any of existing
* segments
*/
- if (kimage_is_destination_range(image, temp_start, temp_end)) {
+ if (kimage_is_destination_range(image, temp_start, temp_end + 1)) {
temp_start = temp_start + PAGE_SIZE;
continue;
}
--
2.43.0
Powered by blists - more mailing lists