From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from pandora.arm.linux.org.uk ([2001:4d48:ad52:3201:214:fdff:fe10:1be6]) by bombadil.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1aviK2-0002p7-GI for kexec@lists.infradead.org; Thu, 28 Apr 2016 09:33:23 +0000 In-Reply-To: <20160428092644.GX19428@n2100.arm.linux.org.uk> References: <20160428092644.GX19428@n2100.arm.linux.org.uk> From: Russell King Subject: [PATCH 09/12] kexec: ensure user memory sizes do not wrap MIME-Version: 1.0 Content-Disposition: inline Message-Id: Date: Thu, 28 Apr 2016 10:28:30 +0100 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: linux-arm-kernel@lists.infradead.org Cc: Mark Rutland , devicetree@vger.kernel.org, Tony Luck , linux-ia64@vger.kernel.org, linux-doc@vger.kernel.org, Pawel Moll , Jonathan Corbet , Ian Campbell , kexec@lists.infradead.org, Fenghua Yu , Haren Myneni , Rob Herring , Eric Biederman , Santosh Shilimkar , Kumar Gala , Vivek Goyal Ensure that user memory sizes do not wrap around when validating the user input, which can lead to the following input validation working incorrectly. Signed-off-by: Russell King --- kernel/kexec_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index 8d34308ea449..d719a4d0ef55 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -169,6 +169,8 @@ int sanity_check_segment_list(struct kimage *image) mstart = image->segment[i].mem; mend = mstart + image->segment[i].memsz; + if (mstart > mend) + return result; if ((mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK)) return result; if (mend >= KEXEC_DESTINATION_MEMORY_LIMIT) -- 2.1.0 _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec