| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZX0JwbQ59XH5rqm9@MiWiFi-R3L-srv>
Date: Sat, 16 Dec 2023 10:21:53 +0800
From: Baoquan He <bhe@...hat.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Yuntao Wang <ytcoode@...il.com>, linux-kernel@...r.kernel.org,
kexec@...ts.infradead.org, x86@...nel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>, Jonathan Corbet <corbet@....net>
Subject: Re: [PATCH 1/3] kexec_file: fix incorrect end value passed to
kimage_is_destination_range()
On 12/15/23 at 11:46am, Eric W. Biederman wrote:
> Yuntao Wang <ytcoode@...il.com> writes:
>
> > The end parameter received by kimage_is_destination_range() should be the
> > last valid byte address of the target memory segment plus 1. However, in
> > the locate_mem_hole_bottom_up() and locate_mem_hole_top_down() functions,
> > the corresponding value passed to kimage_is_destination_range() is the last
> > valid byte address of the target memory segment, which is 1 less. Fix
> > it.
>
> If that is true we I think we should rather fix
> kimage_is_destination_range.
It's true wit the current implementation of
kimage_is_destination_range(). Its callers pass the start/end+1
pair. Agree we should fix kimage_is_destination_range() instead and
adjust callers, such as kimage_alloc_normal_control_pages(), and
kimage_alloc_page().
>
> Otherwise we run the risk of having areas whose end is not
> representable, epecially on 32bit.
>
>
> Eric
>
>
> > Signed-off-by: Yuntao Wang <ytcoode@...il.com>
> > ---
> > kernel/kexec_file.c | 7 +++----
> > 1 file changed, 3 insertions(+), 4 deletions(-)
> >
> > diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> > index f9a419cd22d4..26be070d3bdd 100644
> > --- a/kernel/kexec_file.c
> > +++ b/kernel/kexec_file.c
> > @@ -435,13 +435,12 @@ static int locate_mem_hole_top_down(unsigned long start, unsigned long end,
> > if (temp_start < start || temp_start < kbuf->buf_min)
> > return 0;
> >
> > - temp_end = temp_start + kbuf->memsz - 1;
> > -
> > /*
> > * Make sure this does not conflict with any of existing
> > * segments
> > */
> > - if (kimage_is_destination_range(image, temp_start, temp_end)) {
> > + if (kimage_is_destination_range(image, temp_start,
> > + temp_start + kbuf->memsz)) {
> > temp_start = temp_start - PAGE_SIZE;
> > continue;
> > }
> > @@ -475,7 +474,7 @@ static int locate_mem_hole_bottom_up(unsigned long start, unsigned long end,
> > * Make sure this does not conflict with any of existing
> > * segments
> > */
> > - if (kimage_is_destination_range(image, temp_start, temp_end)) {
> > + if (kimage_is_destination_range(image, temp_start, temp_end + 1)) {
> > temp_start = temp_start + PAGE_SIZE;
> > continue;
> > }
>
> _______________________________________________
> kexec mailing list
> kexec@...ts.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
>
Powered by blists - more mailing lists