Received: by 2002:a05:7412:8598:b0:f9:33c2:5753 with SMTP id n24csp292234rdh; Mon, 18 Dec 2023 21:30:12 -0800 (PST) X-Google-Smtp-Source: AGHT+IHkr5nunVl7aEAfbzZYD79ArkIG8dMjY5U6I5WUKVAVh0sGup9AqEqhWGDXFpuGIQ+t0ymS X-Received: by 2002:a05:620a:1590:b0:77f:391:dfb3 with SMTP id d16-20020a05620a159000b0077f0391dfb3mr18581341qkk.118.1702963812032; Mon, 18 Dec 2023 21:30:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702963812; cv=none; d=google.com; s=arc-20160816; b=e9jaZv0bDEFzSlLgIYjKqewjaJJgQ4J0MAcOJ0d61ri/vhB61vPY9YtzVqlx4Fl6sP WR9/61vuLcmIXje1IIOjApsNgCFl9NYrhPhIRUR5AmhpMfh2bJEg+rwVn1dmSna5113w kUF06bZl9LvhntXCT6wXjFPor8DGcwc3cqfJJAa6MqhSG756tXgV0pBX1fu9+IUqva9l fmzW4Cr7L1lCOye609+8DFt/GsyS1lETmfJ67FA0M7d6vudx5ayhGK5WN1xKlVBIdtR3 cYb+Dhwugtywt63tpUz/oejNEI56bxIaR15AKPP3kfBcHvwq+wUkPoykWF3Wv8PXp5Bw Ihug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=1KSDKlkaKqJ/0klbby4oepQ0g/PTqlT6o7kLyfpy1io=; fh=CF+V5nxVRO+tYPRcIL1BCXzJLvPcxGGSa8ue949OZL4=; b=L1DvPtvF2awCKu29f3mjKpD+e47mRh0N9kaUCOw6DRmaDCzBoeVbAI7KVVx95jHH1C 6FFw73LOfpDCvynjSdBAIE3KbqtrrNdToX0Z1oBxLSCLjHc2xw/hHt2aU0LZ7l7j8dIK Br8JbE7Rv62rj7YkgAt1cMffFecrgFf5SRNtKKlWZoRIbErpNAovCbwda2cgIvtVwh+D 9ypbLFabee00o+IC+l1PU8jxteBRlrOVkAJIwnL4jWaqEcppqPoV0I8eT3DVRFa6zptF hu3VGvvOS9y2oD1UEKqZRS979oPoSQWFWmlV6LlhvTeURegBRbrxAL5AOnG3fA0DBkZo ybpg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=nAFD5OFT; spf=pass (google.com: domain of linux-kernel+bounces-4715-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4715-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id k22-20020a05620a415600b0077d856c0562si24715140qko.322.2023.12.18.21.30.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Dec 2023 21:30:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-4715-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=nAFD5OFT; spf=pass (google.com: domain of linux-kernel+bounces-4715-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4715-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C2B101C21ECC for ; Tue, 19 Dec 2023 05:30:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A3D2C746C; Tue, 19 Dec 2023 05:30:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="nAFD5OFT" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-oo1-f45.google.com (mail-oo1-f45.google.com [209.85.161.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 73E8E6FB4 for ; Tue, 19 Dec 2023 05:30:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-oo1-f45.google.com with SMTP id 006d021491bc7-58d18c224c7so2565023eaf.2 for ; Mon, 18 Dec 2023 21:30:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702963802; x=1703568602; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1KSDKlkaKqJ/0klbby4oepQ0g/PTqlT6o7kLyfpy1io=; b=nAFD5OFTvPEZJbXH0dY1kDTboG0FWXyenFbvQe6f8SyWWvjY0zJnaau4ttnSpf60rV KHjqGYGUnpTPYssl82Z0eAHPrBEguulz414bwV0N3/SNW8qFaha5OiybXNzFg5nU6aDP 1BW8f40f9pHLnaiV9Y9qvFdOAlKc3Do+AgvR+7J7sXDlLG/peQJkZx54nY5w0T/TXUap vlBig1k20fSGz/NFvgz+TCiVFENgmajWfvH27TbNrES/T3adbz3dF948SggDc6mgELrU xxc2/vSK04hcX35aKOrS0peSA52F3grFxV5PM3qmUoTn61Cpj/tQgMLoIRLFMDrmRsF8 AqNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702963802; x=1703568602; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1KSDKlkaKqJ/0klbby4oepQ0g/PTqlT6o7kLyfpy1io=; b=Bs1JpprXZXclRKHFMEJSltiEkQPmlhG2Rfj2QWCImO93pNUS/90qad1BwOamXAUBBH mkIbnwxP0tfWzy8Er59c2lx/htih7sTEAwyeL1rpLDsyX8Enp8joI+cSagBlNaw+6VVr z04k7SWyQiMIVy62PM1og1xFVbwRlovGNHNy1K94UdD6bO64ET3S9+UFBRGqXhYFBYRH 2WSP53pZW/psHY9WBUkJCdDuCr7w9kV1xRiBof4YALSN8Ey9vnkLZgdJLPH8Hi19eFuw pjG4fGwtNaQXr6raWUnZAbBdYDoxf4oCcxMeHjixRXTCKMWdZsNwGPDNY5FMqAFt4Kwp Nngg== X-Gm-Message-State: AOJu0Yz3fnNCS9v+rR3qhcgwVYdcCb36bCFnYcphKvgbP+nJettVhfR9 0RdrvhStzXRUMqTQ8cF1gj8= X-Received: by 2002:a05:6358:248b:b0:170:6ed7:3148 with SMTP id m11-20020a056358248b00b001706ed73148mr12035927rwc.22.1702963802200; Mon, 18 Dec 2023 21:30:02 -0800 (PST) Received: from code.. ([144.202.108.46]) by smtp.gmail.com with ESMTPSA id 17-20020a17090a195100b0028b1fce7c01sm568132pjh.37.2023.12.18.21.29.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Dec 2023 21:30:01 -0800 (PST) From: Yuntao Wang To: fuqiang.wang@easystack.cn Cc: bhe@redhat.com, dyoung@redhat.com, kexec@lists.infradead.org, linux-kernel@vger.kernel.org, vgoyal@redhat.com, ytcoode@gmail.com Subject: Re: [PATCH] kexec: avoid out of bounds in crash_exclude_mem_range() Date: Tue, 19 Dec 2023 13:29:29 +0800 Message-ID: <20231219052955.40414-1-ytcoode@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On Tue, 19 Dec 2023 11:50:32 +0800, fuqiang wang wrote: > 在 2023/12/19 10:47, Yuntao Wang 写道: > > > Hi fuqiang, > > > > Yesterday, I posted two patches that happen to address the bugs you an Baoquan > > are currently discussing here, I wasn't aware that you both were also working > > on fixing these issues. > > > > Baoquan suggested I talk to you about it. > > > > If you're interested, you can take a look at my patches and review them to see > > if there are any issues. If everything is fine, and if you're willing, you can > > also add a 'Reviewed-by' tag there. > > > > The following link is for the two patches I posted yesterday: > > > > https://lore.kernel.org/lkml/20231218081915.24120-3-ytcoode@gmail.com/t/#u > > > > Sincerely, > > Yuntao > > Hi Yuntao, > > I'm glad you've also noticed this issue. But I'm sorry, I want to solve this > problem myself because this is my first time posting a patch in the community, > and I cherish this opportunity very much. I can truly understand your feelings because I still remember how thrilled I was when my first patch got merged. So keep it up! > > I have carefully reviewed your patch. There is some changes where my views differ > from yours: > diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c > index c92d88680dbf..3be46f4b441e 100644 > --- a/arch/x86/kernel/crash.c > +++ b/arch/x86/kernel/crash.c > @@ -282,10 +282,6 @@ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params) > struct crash_memmap_data cmd; > struct crash_mem *cmem; > > - cmem = vzalloc(struct_size(cmem, ranges, 1)); > - if (!cmem) > - return -ENOMEM; > - > memset(&cmd, 0, sizeof(struct crash_memmap_data)); > cmd.params = params; > > @@ -321,6 +317,11 @@ int crash_setup_memmap_entries(struct kimage *image, struct boot_params *params) > } > > /* Exclude some ranges from crashk_res and add rest to memmap */ > + cmem = vzalloc(struct_size(cmem, ranges, 1)); > + if (!cmem) > + return -ENOMEM; > + cmem->max_nr_ranges = 1; > + > ret = memmap_exclude_ranges(image, cmem, crashk_res.start, crashk_res.end); > if (ret) > goto out; > > 1. I don't feel very good that you have moved vzalloc() to in front of > memmap_exclude_ranges. Because if memory allocation fails, there is no need to > do anything else afterwards. I moved it here because only memmap_exclude_ranges() and the code below it use cmem. I think it is a good practice to put related code together, which also improves code readability. > > 2. The cmem->max_nr_ranges should be set to 2. Because in > memmap_exclude_ranges, a cmem->ranges[] will be filled in and if a split occurs > later, another one will be added. With the current code, image->elf_load_addr should be equal to crashk_res.start, so split will not occur in crash_exclude_mem_range(). Therefore, setting cmem->max_nr_ranges to 1 is safe. > > Thanks > fuqiang