lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zp4JCmiZgGZ8jq-b@kernel.org>
Date: Mon, 22 Jul 2024 10:23:54 +0300
From: Mike Rapoport <rppt@...nel.org>
To: Jinjie Ruan <ruanjinjie@...wei.com>
Cc: linux@...linux.org.uk, paul.walmsley@...ive.com, palmer@...belt.com,
	aou@...s.berkeley.edu, tglx@...utronix.de, mingo@...hat.com,
	bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com,
	arnd@...db.de, gregkh@...uxfoundation.org, deller@....de,
	javierm@...hat.com, bhe@...hat.com, robh@...nel.org,
	alexghiti@...osinc.com, bjorn@...osinc.com,
	akpm@...ux-foundation.org, namcao@...utronix.de,
	dawei.li@...ngroup.cn, chenjiahao16@...wei.com,
	julian.stecklina@...erus-technology.de, rafael.j.wysocki@...el.com,
	linux-arm-kernel@...ts.infradead.org,
	linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 3/3] riscv: kdump: Fix crash memory reserve exceed
 system memory bug

On Mon, Jul 22, 2024 at 03:08:29PM +0800, Jinjie Ruan wrote:
> 
> 
> On 2024/7/22 14:38, Mike Rapoport wrote:
> > Hi,
> > 
> > On Mon, Jul 22, 2024 at 11:57:01AM +0800, Jinjie Ruan wrote:
> >> Similar with x86_32, on Riscv32 Qemu "virt" machine with 1GB memory, the
> >> crash kernel "crashkernel=4G" is ok as below:
> >> 	crashkernel reserved: 0x00000000bf400000 - 0x00000001bf400000 (4096 MB)
> >>
> >> The cause is that the crash_size is parsed and printed with "unsigned long
> >> long" data type which is 8 bytes but allocated used with "phys_addr_t"
> >> which is 4 bytes in memblock_phys_alloc_range().
> >>
> >> Fix it by checking if the crash_size is greater than system RAM size and
> >> warn out as parse_crashkernel_mem() do it if so.
> >>
> >> After this patch, it fails and there is no above confusing reserve
> >> success info.
> >>
> >> Signed-off-by: Jinjie Ruan <ruanjinjie@...wei.com>
> >> ---
> >>  arch/riscv/mm/init.c | 5 +++++
> >>  1 file changed, 5 insertions(+)
> >>
> >> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
> >> index bfa2dea95354..5d66a4937fcd 100644
> >> --- a/arch/riscv/mm/init.c
> >> +++ b/arch/riscv/mm/init.c
> >> @@ -1381,6 +1381,11 @@ static void __init arch_reserve_crashkernel(void)
> >>  	if (ret)
> >>  		return;
> >>  
> >> +	if (crash_size >= memblock_phys_mem_size()) {
> >> +		pr_warn("Crashkernel: invalid size.");
> >> +		return;
> >> +	}
> >> +
> > 
> > What the point of adding three identical checks right after the call to
> > parse_crashkernel()?
> > 
> > This check should be there and parse_crashkernel() should return error in
> > this case.
> 
> Hi, Mike
> 
> How about the folling rough patch?
> 
> --- a/kernel/crash_reserve.c
> +++ b/kernel/crash_reserve.c
> @@ -313,7 +313,7 @@ int __init parse_crashkernel(char *cmdline,
>         if (high && ret == -ENOENT) {
>                 ret = __parse_crashkernel(cmdline, 0, crash_size,
>                                 crash_base, suffix_tbl[SUFFIX_HIGH]);
> -               if (ret || !*crash_size)
> +               if (ret || !*crash_size || crash_size >= system_ram)
>                         return -EINVAL;
> 
>                 /*
> @@ -332,7 +332,7 @@ int __init parse_crashkernel(char *cmdline,
>                 *high = true;
>         }
>  #endif
> -       if (!*crash_size)
> +       if (!*crash_size || crash_size >= system_ram)
>                 ret = -EINVAL;
> 

Why no simply

diff --git a/kernel/crash_reserve.c b/kernel/crash_reserve.c
index 5b2722a93a48..64312709877d 100644
--- a/kernel/crash_reserve.c
+++ b/kernel/crash_reserve.c
@@ -336,6 +336,9 @@ int __init parse_crashkernel(char *cmdline,
 	if (!*crash_size)
 		ret = -EINVAL;
 
+	if (*crash_size >= system_ram)
+		ret = -EINVAL;
+
 	return ret;
 }
 
 
> > 
> >>  	reserve_crashkernel_generic(cmdline, crash_size, crash_base,
> >>  				    low_size, high);
> >>  }
> >> -- 
> >> 2.34.1
> >>
> > 

-- 
Sincerely yours,
Mike.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ