Received: by 2002:a05:7412:8598:b0:f9:33c2:5753 with SMTP id n24csp268953rdh;
        Mon, 18 Dec 2023 20:09:33 -0800 (PST)
X-Google-Smtp-Source: AGHT+IHW4JPZdnRx2L0PZNPXbICEyd8q8FC+1O6WEg4UMOcIFYTqupffIMaYxrTy8cuhPN/QS4C+
X-Received: by 2002:a05:6870:f113:b0:203:eee3:caca with SMTP id k19-20020a056870f11300b00203eee3cacamr534158oac.80.1702958973607;
        Mon, 18 Dec 2023 20:09:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702958973; cv=none;
        d=google.com; s=arc-20160816;
        b=E+ERj/TIrR5ODGxWZH/UEDOst1lkZQFntCKTFlbGrtXHgeMwey3EM9kpCmyLuVsWm2
         swWHZeAIs43I+GXfB/D2BWHhX/Qf7EqT4ZW+U11OowzwMYwnY84C8n1Pjr7+jJj/6FdZ
         M0JoG/PdgSlG6+6ldZw4gPgnYN1CXfnBcLg5ChnWZX7k+ytP4BFE6knkTPeIJiwJmoQi
         cH8dYQPQSdgeLECYsfmr4y82CC4YTpc1aaWe7UoF9yJYAM6dil2BC9243icPslsZZAOQ
         +KwVU9fk139701HX4tKn7nfvLPUHDFsAFFLBsnszDfFVe+XBDJ21eO594VTfCj0DHhpF
         cVHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:message-id;
        bh=Gltcx4Wbbwgl+JVz8fkGWnx3Cu/DbB6QpNtwQBA2ZuI=;
        fh=HmgEDPidyIWdlj/n2eBdydhqglgkDm0ibYyN4w6vX3I=;
        b=raj5lxmYqbgibCRNZBJzhGl6oiu5GQHmsiYXHDNEAHQDtd5tVDpXOLOF4KyO7kwnT+
         cXwKnTuJL3ugeKypaAEUhPtueNy5ua0qROcFKwM6LdUZ7qUJiNHu3bp3qzA3YzJQf4cw
         sLrb84IHg+yYnhKyA3IxZdGAPiJdzoh40B2+j20FbR7L4V03BsmMrCBPhHPVjlIAw2oF
         dEprllJt5LswkaksULeplcVUu3+J7bXbjUX2jG1LSX9jkyr7L2uMzRabYrrIw7tQMF9F
         7fGvIxj8KynUV4R7QXbZRPS8P/D6jhvGEJ49mP8WSLxgTBHxyBxTlNFOM606jdimrmfs
         Zxww==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel+bounces-4662-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4662-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=easystack.cn
Return-Path: <linux-kernel+bounces-4662-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id w16-20020a63c110000000b005c2786b7e32si19002262pgf.812.2023.12.18.20.09.33
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 18 Dec 2023 20:09:33 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-4662-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel+bounces-4662-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4662-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=easystack.cn
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 3F0C0285AD8
	for <linux.lists.archive@gmail.com>; Tue, 19 Dec 2023 04:09:33 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 02A8853B4;
	Tue, 19 Dec 2023 04:09:27 +0000 (UTC)
X-Original-To: linux-kernel@vger.kernel.org
Received: from mail-m17229.xmail.ntesmail.com (mail-m17229.xmail.ntesmail.com [45.195.17.229])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26AE75235
	for <linux-kernel@vger.kernel.org>; Tue, 19 Dec 2023 04:09:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=easystack.cn
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=easystack.cn
Received: from [10.9.0.130] (unknown [211.103.144.18])
	by smtp.qiye.163.com (Hmail) with ESMTPA id BD8ED260127;
	Tue, 19 Dec 2023 11:50:33 +0800 (CST)
Message-ID: <c797bdde-b5a5-4b2b-9106-c1386a0e7516@easystack.cn>
Date: Tue, 19 Dec 2023 11:50:32 +0800
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH] kexec: avoid out of bounds in crash_exclude_mem_range()
Content-Language: en-US
To: Yuntao Wang <ytcoode@gmail.com>
Cc: bhe@redhat.com, dyoung@redhat.com, kexec@lists.infradead.org,
 linux-kernel@vger.kernel.org, vgoyal@redhat.com
References: <2fc2ad7d-13be-4a9a-b984-67b1bf04c56b@easystack.cn>
 <20231219024727.35016-1-ytcoode@gmail.com>
From: fuqiang wang <fuqiang.wang@easystack.cn>
In-Reply-To: <20231219024727.35016-1-ytcoode@gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-HM-Spam-Status: e1kfGhgUHx5ZQUpXWQgPGg8OCBgUHx5ZQUlOS1dZFg8aDwILHllBWSg2Ly
	tZV1koWUFJQjdXWS1ZQUlXWQ8JGhUIEh9ZQVlDQktLVk4fT0JOTR9CTUtNT1UZERMWGhIXJBQOD1
	lXWRgSC1lBWUlKSlVKS0hVSk9PVUpDWVdZFhoPEhUdFFlBWU9LSFVKTU9JTE5VSktLVUpCS0tZBg
	++
X-HM-Tid: 0a8c803268680276kunmbd8ed260127
X-HM-MType: 1
X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6Kwg6Nww*FTEwKwIfKQkiDw0a
	PVEaCx1VSlVKTEtJQk5MQ0hMT0JCVTMWGhIXVR0OChIaFRxVDBoVHDseGggCCA8aGBBVGBVFWVdZ
	EgtZQVlJSkpVSktIVUpPT1VKQ1lXWQgBWUFITU1JNwY+

在 2023/12/19 10:47, Yuntao Wang 写道:

> Hi fuqiang,
>
> Yesterday, I posted two patches that happen to address the bugs you an Baoquan
> are currently discussing here, I wasn't aware that you both were also working
> on fixing these issues.
>
> Baoquan suggested I talk to you about it.
>
> If you're interested, you can take a look at my patches and review them to see
> if there are any issues. If everything is fine, and if you're willing, you can
> also add a 'Reviewed-by' tag there.
>
> The following link is for the two patches I posted yesterday:
>
> https://lore.kernel.org/lkml/20231218081915.24120-3-ytcoode@gmail.com/t/#u
>
> Sincerely,
> Yuntao

Hi Yuntao,

I'm glad you've also noticed this issue. But I'm sorry, I want to solve this
problem myself because this is my first time posting a patch in the community,
and I cherish this opportunity very much.

I have carefully reviewed your patch. There is some changes where my views differ
from yours:
diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c
index c92d88680dbf..3be46f4b441e 100644
--- a/arch/x86/kernel/crash.c
+++ b/arch/x86/kernel/crash.c
@@ -282,10 +282,6 @@ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params)
      struct crash_memmap_data cmd;
      struct crash_mem *cmem;

-    cmem = vzalloc(struct_size(cmem, ranges, 1));
-    if (!cmem)
-        return -ENOMEM;
-
      memset(&cmd, 0, sizeof(struct crash_memmap_data));
      cmd.params = params;

@@ -321,6 +317,11 @@ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params)
      }

      /* Exclude some ranges from crashk_res and add rest to memmap */
+    cmem = vzalloc(struct_size(cmem, ranges, 1));
+    if (!cmem)
+        return -ENOMEM;
+    cmem->max_nr_ranges = 1;
+
      ret = memmap_exclude_ranges(image, cmem, crashk_res.start, crashk_res.end);
      if (ret)
          goto out;

1. I don't feel very good that you have moved vzalloc() to in front of
memmap_exclude_ranges. Because if memory allocation fails, there is no need to
do anything else afterwards.

2. The cmem->max_nr_ranges should be set to 2. Because in
memmap_exclude_ranges, a cmem->ranges[] will be filled in and if a split occurs
later, another one will be added.

Thanks
fuqiang