lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240713014808.1689915-1-ruanjinjie@huawei.com>
Date: Sat, 13 Jul 2024 09:48:08 +0800
From: Jinjie Ruan <ruanjinjie@...wei.com>
To: <bhe@...hat.com>, <vgoyal@...hat.com>, <dyoung@...hat.com>,
	<austindh.kim@...il.com>, <rmk+kernel@...linux.org.uk>,
	<kexec@...ts.infradead.org>, <linux-kernel@...r.kernel.org>
CC: <ruanjinjie@...wei.com>
Subject: [PATCH v2] crash: Fix x86_32 and arm32 memory reserve bug

On x86_32 Qemu machine with 1GB memory, the cmdline "crashkernel=4G" is ok
as below:
	crashkernel reserved: 0x0000000020000000 - 0x0000000120000000 (4096 MB)

And on Qemu vexpress-a9 with 1GB memory, the crash kernel "crashkernel=4G"
is also ok as below:
	Reserving 4096MB of memory at 2432MB for crashkernel (System RAM: 1024MB)

The cause is that the crash_size is parsed and printed with "unsigned long
long" data type which is 8 bytes but allocated used with "phys_addr_t"
which is 4 bytes in memblock_phys_alloc_range().

Fix it by limiting the "crash_size" to phys_addr_t and bypass the invalid
input size.

After this patch, it fail as expected and no above confusing reserve
success info.

Fixes: 9d17f3372306 ("ARM: 9190/1: kdump: add invalid input check for 'crashkernel=0'")
Signed-off-by: Jinjie Ruan <ruanjinjie@...wei.com>
---
v2:
- Also fix for x86_32.
- Update the fix method.
- Peel off the other two patches.
- Update the commit message.
---
 kernel/crash_reserve.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kernel/crash_reserve.c b/kernel/crash_reserve.c
index 5073ae205f79..5c2148d89da6 100644
--- a/kernel/crash_reserve.c
+++ b/kernel/crash_reserve.c
@@ -314,7 +314,7 @@ int __init parse_crashkernel(char *cmdline,
 	if (high && ret == -ENOENT) {
 		ret = __parse_crashkernel(cmdline, 0, crash_size,
 				crash_base, suffix_tbl[SUFFIX_HIGH]);
-		if (ret || !*crash_size)
+		if (ret || !(phys_addr_t)*crash_size)
 			return -EINVAL;
 
 		/*
@@ -333,7 +333,7 @@ int __init parse_crashkernel(char *cmdline,
 		*high = true;
 	}
 #endif
-	if (!*crash_size)
+	if (!(phys_addr_t)*crash_size)
 		ret = -EINVAL;
 
 	return ret;
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ