lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20240729115012.1656042-1-ruanjinjie@huawei.com>
Date: Mon, 29 Jul 2024 19:50:12 +0800
From: Jinjie Ruan <ruanjinjie@...wei.com>
To: <bhe@...hat.com>, <vgoyal@...hat.com>, <dyoung@...hat.com>,
	<paul.walmsley@...ive.com>, <palmer@...belt.com>, <aou@...s.berkeley.edu>,
	<rppt@...nel.org>, <kexec@...ts.infradead.org>,
	<linux-kernel@...r.kernel.org>, <linux-riscv@...ts.infradead.org>,
	<linux-arm-kernel@...ts.infradead.org>
CC: <ruanjinjie@...wei.com>
Subject: [PATCH v6] crash: Fix crash memory reserve exceed system memory bug

On x86_32 Qemu machine with 1GB memory, the cmdline "crashkernel=4G" is ok
as below:
	crashkernel reserved: 0x0000000020000000 - 0x0000000120000000 (4096 MB)

It's similar on other architectures, such as ARM32 and RISCV32.

The cause is that the crash_size is parsed and printed with "unsigned long
long" data type which is 8 bytes but allocated used with "phys_addr_t"
which is 4 bytes in memblock_phys_alloc_range().

Fix it by checking if crash_size is greater than system RAM size and
return error if so.

After this patch, there is no above confusing reserve success info.

Signed-off-by: Jinjie Ruan <ruanjinjie@...wei.com>
Suggested-by: Mike Rapoport <rppt@...nel.org>
Acked-by: Baoquan He <bhe@...hat.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
---
v6:
- Take off Baoquan's Suggested-by.
v5:
- Fix it in common parse_crashkernel() instead of per-arch.
- Add suggested-by.

v4:
- Update the warn info to align with parse_crashkernel_mem().
- Rebased on the "ARM: Use generic interface to simplify crashkernel
  reservation" patch.
- Also fix for riscv32.
- Update the commit message.

v3:
- Handle the check in reserve_crashkernel() Baoquan suggested.
- Split x86_32 and arm32.
- Add Suggested-by.
- Drop the wrong fix tag.

v2:
- Also fix for x86_32.
- Update the fix method.
- Peel off the other two patches.
- Update the commit message.
---
 kernel/crash_reserve.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/crash_reserve.c b/kernel/crash_reserve.c
index ad5b3f2c5487..5387269114f6 100644
--- a/kernel/crash_reserve.c
+++ b/kernel/crash_reserve.c
@@ -335,6 +335,9 @@ int __init parse_crashkernel(char *cmdline,
 	if (!*crash_size)
 		ret = -EINVAL;
 
+	if (*crash_size >= system_ram)
+		ret = -EINVAL;
+
 	return ret;
 }
 
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ