[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <aBxiod8BG9gR49Hl@MiWiFi-R3L-srv>
Date: Thu, 8 May 2025 15:52:01 +0800
From: Baoquan He <bhe@...hat.com>
To: fuqiang wang <fuqiang.wang@...ystack.cn>
Cc: Vivek Goyal <vgoyal@...hat.com>, Dave Young <dyoung@...hat.com>,
kexec@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5] x86/kexec: fix potential cmem->ranges out of bounds
On 05/08/25 at 03:38pm, Baoquan He wrote:
> In memmap_exclude_ranges(), elfheader will be excluded from crashk_res.
> In the current x86 architecture code, the elfheader is always allocated
> at crashk_res.start. It seems that there won't be a new split range.
> But it depends on the allocation position of elfheader in crashk_res. To
> avoid potential out of bounds in future, add a extra slot. And using
> random kexec_buf for passing dm crypt keys may cause a range split too,
> add another extra slot here.
Sorry, this should be from fuqiang wang, when I edited the patch to
reply to his patch, I forgot that. Please help makes change to set
Fuqiang as the patch author, I just adapted the content based on Coiby's
patches.
>
> The similar issue also exists in fill_up_crash_elf_data(). The range to
> be excluded is [0, 1M], start (0) is special and will not appear in the
> middle of existing cmem->ranges[]. But in cast the low 1M could be
> changed in the future, add a extra slot too.
>
> Previously discussed link:
> [1] https://lore.kernel.org/kexec/ZXk2oBf%2FT1Ul6o0c@MiWiFi-R3L-srv/
> [2] https://lore.kernel.org/kexec/273284e8-7680-4f5f-8065-c5d780987e59@easystack.cn/
> [3] https://lore.kernel.org/kexec/ZYQ6O%2F57sHAPxTHm@MiWiFi-R3L-srv/
>
> Signed-off-by: fuqiang wang <fuqiang.wang@...ystack.cn>
> Signed-off-by: Baoquan He <bhe@...hat.com>
> ---
> v4->v5:
> - This is on top of Coiby's LUKS patchset in branch mm-nonmm-unstable of
> akpm/mm.git. I did some adaption based on Coiby's patches.
> - [PATCH v9 0/8] Support kdump with LUKS encryption by reusing LUKS volume keys
>
> arch/x86/kernel/crash.c | 23 +++++++++++++++++++----
> 1 file changed, 19 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
> index bcb534688dfe..749a60ce8b7f 100644
> --- a/arch/x86/kernel/crash.c
> +++ b/arch/x86/kernel/crash.c
> @@ -165,8 +165,18 @@ static struct crash_mem *fill_up_crash_elf_data(void)
> /*
> * Exclusion of crash region and/or crashk_low_res may cause
> * another range split. So add extra two slots here.
> + *
> + * Exclusion of low 1M may not cause another range split, because the
> + * range of exclude is [0, 1M] and the condition for splitting a new
> + * region is that the start, end parameters are both in a certain
> + * existing region in cmem and cannot be equal to existing region's
> + * start or end. Obviously, the start of [0, 1M] cannot meet this
> + * condition.
> + *
> + * But in order to lest the low 1M could be changed in the future,
> + * (e.g. [stare, 1M]), add a extra slot.
> */
> - nr_ranges += 2;
> + nr_ranges += 3;
> cmem = vzalloc(struct_size(cmem, ranges, nr_ranges));
> if (!cmem)
> return NULL;
> @@ -313,10 +323,15 @@ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params)
> struct crash_mem *cmem;
>
> /*
> - * Using random kexec_buf for passing dm crypt keys may cause a range
> - * split. So use two slots here.
> + * In the current x86 architecture code, the elfheader is always
> + * allocated at crashk_res.start. But it depends on the allocation
> + * position of elfheader in crashk_res. To avoid potential out of
> + * bounds in future, add an extra slot.
> + *
> + * And using random kexec_buf for passing dm crypt keys may cause a
> + * range split too, add another extra slot here.
> */
> - nr_ranges = 2;
> + nr_ranges = 3;
> cmem = vzalloc(struct_size(cmem, ranges, nr_ranges));
> if (!cmem)
> return -ENOMEM;
> --
> 2.41.0
>
Powered by blists - more mailing lists