Received: by 2002:a05:7412:8d06:b0:f9:332d:97f1 with SMTP id bj6csp83866rdb; Mon, 18 Dec 2023 09:30:04 -0800 (PST) X-Google-Smtp-Source: AGHT+IG7D3qNF3amf2OnmEzFxoFkBlSstu3AVOHqtBZVQWRKKBOdiFPMGvkbR/KstOIOFFOZfGp0 X-Received: by 2002:a50:8714:0:b0:552:f3c1:3a51 with SMTP id i20-20020a508714000000b00552f3c13a51mr2566504edb.16.1702920604759; Mon, 18 Dec 2023 09:30:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702920604; cv=none; d=google.com; s=arc-20160816; b=zbkfKHnHrwHfphUIojpOqdEdBaENWyXbEKO2b5TntNIwCb36jQYb+iA7+QTnfIZ3gd QEXFkHqOnVrerkNmD6FkTarA/RrLl0vPfle3yTljfaDGiVrNPDNJvjWSJSZNonuw2S8I agqpA3hSPDjR/ccQ71yMoNiJI+wPHo48bCO33RvED4X3iQaIEbTXedUD3peb/Teyo791 Z/gcCDsLH6uRbPFJ8WBiy7zHWqxJfKfE/lnfwjVzc7M2DC792o2jWC2H6Pb7zvmLaKTT ClxVBUQeZmkhh+masuZkosTUEaPEdEInmTnedyMyzf0hsmsFsmmq/pezpq/mawQ2odWa 8p/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :subject:cc:to:from:date:dkim-signature; bh=5dKiYVZvapb4TjvNJOeW3+/sMVClcHRefRgbhL53D1A=; fh=s1vt3AO3BgJ54WApwT34ekeEvvkDxfDYe18LPKrT/dQ=; b=rYAfjOo6fP0qr0oAE7Dzfzlrs/Z5bhD9CUUONO7L6+d+u2fBx1eraT+YWvRLMcqemj O75xqbbEqoX+YeSPAw8Qxzw8GmdHXBLDULGYk2iI+607FUHfsXHbVsPucYzoggEhKFqI QB12Ud3Yvn/7jv6b+MixgbwUQk4m6D+ZwMLmlvel5KAl6845B8cQcOacoB1Ab7DlMFUO Xwgo8JVsPLywaY/n6yEQus/8O6Ct8lA+eFarXubqaFOOR9hFUp5ZxXD8O/u7NdkYlcvX oJDK54nvf2x2553h5V5GT2N7FwgiwKiyiT6K5YDbQ2T4Wm8CbR5VgLiN0gATA6lEOqJU HY3w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b="E5k/M/ce"; spf=pass (google.com: domain of linux-kernel+bounces-4168-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4168-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id v23-20020a50d097000000b005535f51b2fdsi668779edd.13.2023.12.18.09.30.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Dec 2023 09:30:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-4168-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=korg header.b="E5k/M/ce"; spf=pass (google.com: domain of linux-kernel+bounces-4168-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4168-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 352311F23326 for ; Mon, 18 Dec 2023 17:29:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 47E805BF9D; Mon, 18 Dec 2023 17:29:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="E5k/M/ce" X-Original-To: linux-kernel@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 604705D73B for ; Mon, 18 Dec 2023 17:29:03 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8E2BCC433C8; Mon, 18 Dec 2023 17:29:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1702920543; bh=ynjI4k0Sr9W4fKkiz4LK5kOla2xoyYoQCxBA58AjXe0=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=E5k/M/cevF1JpfantAKOdadkXEaBzQr18LSpDNV+KkWjeJQm8Z7yGIwVUutpN0+rL pcbqzMYKUCvcgCG7a9tIXnzPdus2F24TETbxOjZBjGzBU11ltvt82zQI8o7IbNAxSN KMQRyPWltAyCd3lVkb18dI8lEhAg/vHV1St9gksw= Date: Mon, 18 Dec 2023 09:29:02 -0800 From: Andrew Morton To: Yuntao Wang Cc: linux-kernel@vger.kernel.org, kexec@lists.infradead.org, x86@kernel.org, Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Baoquan He , Vivek Goyal , Dave Young , Hari Bathini , Sean Christopherson , Takashi Iwai Subject: Re: [PATCH 2/2] crash_core: fix out-of-bounds access check in crash_exclude_mem_range() Message-Id: <20231218092902.9fae480cfcad3874e9e7236f@linux-foundation.org> In-Reply-To: <20231218081915.24120-3-ytcoode@gmail.com> References: <20231218081915.24120-1-ytcoode@gmail.com> <20231218081915.24120-3-ytcoode@gmail.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Mon, 18 Dec 2023 16:19:15 +0800 Yuntao Wang wrote: > mem->nr_ranges represents the current number of elements stored in > the mem->ranges array, and mem->max_nr_ranges represents the maximum number > of elements that the mem->ranges array can hold. Therefore, the correct > array out-of-bounds check should be mem->nr_ranges >= mem->max_nr_ranges. > This does not apply after your own "crash_core: fix and simplify the logic of crash_exclude_mem_range()". What should be done?