| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <C2FBF39E1F0503D4+8030be33-fd88-4f18-b631-a4fecaf62c5a@uniontech.com> Date: Mon, 15 Dec 2025 12:41:51 +0800 From: Qiang Ma <maqianga@...ontech.com> To: Baoquan He <bhe@...hat.com> Cc: akpm@...ux-foundation.org, kexec@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] kexec: Fix uninitialized struct kimage *image pointer 在 2025/12/15 09:18, Baoquan He 写道: > On 12/14/25 at 07:35pm, Qiang Ma wrote: >> 在 2025/12/12 18:53, Baoquan He 写道: >>> On 12/12/25 at 03:16pm, Qiang Ma wrote: >>>> The image is initialized to NULL. Then, after calling kimage_alloc_init, >>>> we can directly goto 'out' because at this time, the kimage_free will >>>> determine whether image is a NULL pointer. >>> Rechecked the code flow, in kimage_alloc_init(), if anything wrong, the >>> allocated memory are all freed via out_free_control_pages and >>> out_free_image accordingly, any place missed? If no, I think the current >>> code is correctly handled. >> I rechecked the code and found no omissions. > Hmm, my bad, I didn't say my question clearly. I checked code, didn't > find anything wrong in the current code. In kimage_alloc_init(), the > allocated memory are all freed on failure, no memory leaked. Means you > are fixing correct code. Oh, I see. I recalled that this fix was in preparation for patch "kexec: add kexec flag to control debug printing" for kexec_dbg_print to be reset to false in kimage_free. In that case, I don't think this patch should be posted separately. > >>>> Signed-off-by: Qiang Ma <maqianga@...ontech.com> >>>> --- >>>> kernel/kexec.c | 4 +++- >>>> 1 file changed, 3 insertions(+), 1 deletion(-) >>> Acked-by: Baoquan He <bhe@...hat.com> >>> >>>> diff --git a/kernel/kexec.c b/kernel/kexec.c >>>> index 28008e3d462e..9bb1f2b6b268 100644 >>>> --- a/kernel/kexec.c >>>> +++ b/kernel/kexec.c >>>> @@ -95,6 +95,8 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments, >>>> unsigned long i; >>>> int ret; >>>> + image = NULL; >>>> + >>>> /* >>>> * Because we write directly to the reserved memory region when loading >>>> * crash kernels we need a serialization here to prevent multiple crash >>>> @@ -129,7 +131,7 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments, >>>> ret = kimage_alloc_init(&image, entry, nr_segments, segments, flags); >>>> if (ret) >>>> - goto out_unlock; >>>> + goto out; >>>> if (flags & KEXEC_PRESERVE_CONTEXT) >>>> image->preserve_context = 1; >>>> -- >>>> 2.20.1 >>>> >
Powered by blists - more mailing lists