From: Baoquan He <bhe@redhat.com>
To: fuqiang wang <fuqiang.wang@easystack.cn>
Cc: Vivek Goyal <vgoyal@redhat.com>, Dave Young <dyoung@redhat.com>,
Yuntao Wang <ytcoode@gmail.com>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 2/2] kexec: Fix potential out of bounds in crash_exclude_mem_range()
Date: Thu, 21 Dec 2023 19:42:21 +0800 [thread overview]
Message-ID: <ZYQknSaxtNt/ZQvI@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20231220055733.100325-3-fuqiang.wang@easystack.cn>
On 12/20/23 at 01:57pm, fuqiang wang wrote:
> When the split does not occur on the last array member, the current code
> will not return an error. So the correct array out-of-bounds check should
> be mem->nr_ranges >= mem->max_nr_ranges.
>
> When the OOB happen, the cmem->ranges[] have changed, so return early to
> avoid it.
>
> Signed-off-by: fuqiang wang <fuqiang.wang@easystack.cn>
> ---
> kernel/crash_core.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
You may need rebase your work on next/master branch to avoid conflict.
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
In the current, below commit exists, then code change in this patch may
not be needed.
86d80cbb61ca crash_core: fix and simplify the logic of crash_exclude_mem_range()
>
> diff --git a/kernel/crash_core.c b/kernel/crash_core.c
> index d4313b53837e..b1ab61c74fd2 100644
> --- a/kernel/crash_core.c
> +++ b/kernel/crash_core.c
> @@ -611,6 +611,9 @@ int crash_exclude_mem_range(struct crash_mem *mem,
> }
>
> if (p_start > start && p_end < end) {
> + /* Split happened */
> + if (mem->nr_ranges >= mem->max_nr_ranges)
> + return -ENOMEM;
> /* Split original range */
> mem->ranges[i].end = p_start - 1;
> temp_range.start = p_end + 1;
> @@ -626,10 +629,6 @@ int crash_exclude_mem_range(struct crash_mem *mem,
> if (!temp_range.end)
> return 0;
>
> - /* Split happened */
> - if (i == mem->max_nr_ranges - 1)
> - return -ENOMEM;
> -
> /* Location where new range should go */
> j = i + 1;
> if (j < mem->nr_ranges) {
> --
> 2.42.0
>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Baoquan He <bhe@redhat.com>
To: fuqiang wang <fuqiang.wang@easystack.cn>
Cc: Vivek Goyal <vgoyal@redhat.com>, Dave Young <dyoung@redhat.com>,
Yuntao Wang <ytcoode@gmail.com>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 2/2] kexec: Fix potential out of bounds in crash_exclude_mem_range()
Date: Thu, 21 Dec 2023 19:42:21 +0800 [thread overview]
Message-ID: <ZYQknSaxtNt/ZQvI@MiWiFi-R3L-srv> (raw)
In-Reply-To: <20231220055733.100325-3-fuqiang.wang@easystack.cn>
On 12/20/23 at 01:57pm, fuqiang wang wrote:
> When the split does not occur on the last array member, the current code
> will not return an error. So the correct array out-of-bounds check should
> be mem->nr_ranges >= mem->max_nr_ranges.
>
> When the OOB happen, the cmem->ranges[] have changed, so return early to
> avoid it.
>
> Signed-off-by: fuqiang wang <fuqiang.wang@easystack.cn>
> ---
> kernel/crash_core.c | 7 +++----
> 1 file changed, 3 insertions(+), 4 deletions(-)
You may need rebase your work on next/master branch to avoid conflict.
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
In the current, below commit exists, then code change in this patch may
not be needed.
86d80cbb61ca crash_core: fix and simplify the logic of crash_exclude_mem_range()
>
> diff --git a/kernel/crash_core.c b/kernel/crash_core.c
> index d4313b53837e..b1ab61c74fd2 100644
> --- a/kernel/crash_core.c
> +++ b/kernel/crash_core.c
> @@ -611,6 +611,9 @@ int crash_exclude_mem_range(struct crash_mem *mem,
> }
>
> if (p_start > start && p_end < end) {
> + /* Split happened */
> + if (mem->nr_ranges >= mem->max_nr_ranges)
> + return -ENOMEM;
> /* Split original range */
> mem->ranges[i].end = p_start - 1;
> temp_range.start = p_end + 1;
> @@ -626,10 +629,6 @@ int crash_exclude_mem_range(struct crash_mem *mem,
> if (!temp_range.end)
> return 0;
>
> - /* Split happened */
> - if (i == mem->max_nr_ranges - 1)
> - return -ENOMEM;
> -
> /* Location where new range should go */
> j = i + 1;
> if (j < mem->nr_ranges) {
> --
> 2.42.0
>
next prev parent reply other threads:[~2023-12-21 11:42 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-20 5:57 [PATCH v2 0/2] kexec: fix potential cmem->ranges out of bounds fuqiang wang
2023-12-20 5:57 ` fuqiang wang
2023-12-20 5:57 ` [PATCH v2 1/2] x86/kexec: Fix potential out of bounds in crash_setup_memmap_entries() fuqiang wang
2023-12-20 5:57 ` fuqiang wang
2023-12-21 13:14 ` Baoquan He
2023-12-21 13:14 ` Baoquan He
2023-12-22 11:41 ` fuqiang wang
2023-12-22 11:41 ` fuqiang wang
2023-12-20 5:57 ` [PATCH v2 2/2] kexec: Fix potential out of bounds in crash_exclude_mem_range() fuqiang wang
2023-12-20 5:57 ` fuqiang wang
2023-12-21 11:42 ` Baoquan He [this message]
2023-12-21 11:42 ` Baoquan He
2023-12-22 11:08 ` fuqiang wang
2023-12-22 11:08 ` fuqiang wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZYQknSaxtNt/ZQvI@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=dyoung@redhat.com \
--cc=fuqiang.wang@easystack.cn \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=vgoyal@redhat.com \
--cc=ytcoode@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.