| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Zp4JCmiZgGZ8jq-b@kernel.org>
Date: Mon, 22 Jul 2024 10:23:54 +0300
From: Mike Rapoport <rppt@...nel.org>
To: Jinjie Ruan <ruanjinjie@...wei.com>
Cc: linux@...linux.org.uk, paul.walmsley@...ive.com, palmer@...belt.com,
aou@...s.berkeley.edu, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com, hpa@...or.com,
arnd@...db.de, gregkh@...uxfoundation.org, deller@....de,
javierm@...hat.com, bhe@...hat.com, robh@...nel.org,
alexghiti@...osinc.com, bjorn@...osinc.com,
akpm@...ux-foundation.org, namcao@...utronix.de,
dawei.li@...ngroup.cn, chenjiahao16@...wei.com,
julian.stecklina@...erus-technology.de, rafael.j.wysocki@...el.com,
linux-arm-kernel@...ts.infradead.org,
linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 3/3] riscv: kdump: Fix crash memory reserve exceed
system memory bug
On Mon, Jul 22, 2024 at 03:08:29PM +0800, Jinjie Ruan wrote:
>
>
> On 2024/7/22 14:38, Mike Rapoport wrote:
> > Hi,
> >
> > On Mon, Jul 22, 2024 at 11:57:01AM +0800, Jinjie Ruan wrote:
> >> Similar with x86_32, on Riscv32 Qemu "virt" machine with 1GB memory, the
> >> crash kernel "crashkernel=4G" is ok as below:
> >> crashkernel reserved: 0x00000000bf400000 - 0x00000001bf400000 (4096 MB)
> >>
> >> The cause is that the crash_size is parsed and printed with "unsigned long
> >> long" data type which is 8 bytes but allocated used with "phys_addr_t"
> >> which is 4 bytes in memblock_phys_alloc_range().
> >>
> >> Fix it by checking if the crash_size is greater than system RAM size and
> >> warn out as parse_crashkernel_mem() do it if so.
> >>
> >> After this patch, it fails and there is no above confusing reserve
> >> success info.
> >>
> >> Signed-off-by: Jinjie Ruan <ruanjinjie@...wei.com>
> >> ---
> >> arch/riscv/mm/init.c | 5 +++++
> >> 1 file changed, 5 insertions(+)
> >>
> >> diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
> >> index bfa2dea95354..5d66a4937fcd 100644
> >> --- a/arch/riscv/mm/init.c
> >> +++ b/arch/riscv/mm/init.c
> >> @@ -1381,6 +1381,11 @@ static void __init arch_reserve_crashkernel(void)
> >> if (ret)
> >> return;
> >>
> >> + if (crash_size >= memblock_phys_mem_size()) {
> >> + pr_warn("Crashkernel: invalid size.");
> >> + return;
> >> + }
> >> +
> >
> > What the point of adding three identical checks right after the call to
> > parse_crashkernel()?
> >
> > This check should be there and parse_crashkernel() should return error in
> > this case.
>
> Hi, Mike
>
> How about the folling rough patch?
>
> --- a/kernel/crash_reserve.c
> +++ b/kernel/crash_reserve.c
> @@ -313,7 +313,7 @@ int __init parse_crashkernel(char *cmdline,
> if (high && ret == -ENOENT) {
> ret = __parse_crashkernel(cmdline, 0, crash_size,
> crash_base, suffix_tbl[SUFFIX_HIGH]);
> - if (ret || !*crash_size)
> + if (ret || !*crash_size || crash_size >= system_ram)
> return -EINVAL;
>
> /*
> @@ -332,7 +332,7 @@ int __init parse_crashkernel(char *cmdline,
> *high = true;
> }
> #endif
> - if (!*crash_size)
> + if (!*crash_size || crash_size >= system_ram)
> ret = -EINVAL;
>
Why no simply
diff --git a/kernel/crash_reserve.c b/kernel/crash_reserve.c
index 5b2722a93a48..64312709877d 100644
--- a/kernel/crash_reserve.c
+++ b/kernel/crash_reserve.c
@@ -336,6 +336,9 @@ int __init parse_crashkernel(char *cmdline,
if (!*crash_size)
ret = -EINVAL;
+ if (*crash_size >= system_ram)
+ ret = -EINVAL;
+
return ret;
}
> >
> >> reserve_crashkernel_generic(cmdline, crash_size, crash_base,
> >> low_size, high);
> >> }
> >> --
> >> 2.34.1
> >>
> >
--
Sincerely yours,
Mike.
Powered by blists - more mailing lists