lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 21 Dec 2023 19:42:21 +0800
From: Baoquan He <bhe@...hat.com>
To: fuqiang wang <fuqiang.wang@...ystack.cn>
Cc: Vivek Goyal <vgoyal@...hat.com>, Dave Young <dyoung@...hat.com>,
	Yuntao Wang <ytcoode@...il.com>, kexec@...ts.infradead.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 2/2] kexec: Fix potential out of bounds in
 crash_exclude_mem_range()

On 12/20/23 at 01:57pm, fuqiang wang wrote:
> When the split does not occur on the last array member, the current code
> will not return an error. So the correct array out-of-bounds check should
> be mem->nr_ranges >= mem->max_nr_ranges.
> 
> When the OOB happen, the cmem->ranges[] have changed, so return early to
> avoid it.
> 
> Signed-off-by: fuqiang wang <fuqiang.wang@...ystack.cn>
> ---
>  kernel/crash_core.c | 7 +++----
>  1 file changed, 3 insertions(+), 4 deletions(-)

You may need rebase your work on next/master branch to avoid conflict.

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git

In the current, below commit exists, then code change in this patch may
not be needed.
86d80cbb61ca crash_core: fix and simplify the logic of crash_exclude_mem_range()

> 
> diff --git a/kernel/crash_core.c b/kernel/crash_core.c
> index d4313b53837e..b1ab61c74fd2 100644
> --- a/kernel/crash_core.c
> +++ b/kernel/crash_core.c
> @@ -611,6 +611,9 @@ int crash_exclude_mem_range(struct crash_mem *mem,
>  		}
>  
>  		if (p_start > start && p_end < end) {
> +			/* Split happened */
> +			if (mem->nr_ranges >= mem->max_nr_ranges)
> +				return -ENOMEM;
>  			/* Split original range */
>  			mem->ranges[i].end = p_start - 1;
>  			temp_range.start = p_end + 1;
> @@ -626,10 +629,6 @@ int crash_exclude_mem_range(struct crash_mem *mem,
>  	if (!temp_range.end)
>  		return 0;
>  
> -	/* Split happened */
> -	if (i == mem->max_nr_ranges - 1)
> -		return -ENOMEM;
> -
>  	/* Location where new range should go */
>  	j = i + 1;
>  	if (j < mem->nr_ranges) {
> -- 
> 2.42.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ