Received: by 2002:a05:7412:798b:b0:fc:a2b0:25d7 with SMTP id fb11csp222913rdb;
        Thu, 22 Feb 2024 01:22:26 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCXPUcu+SUMpSdK+jP/waXtQmZ4RN+aFEKUlSxH7SgdmnlbY0vd6W2YRi99wToPXjkd9BCgq5wUXRszel0C3xtrqecyyLvUO9NlzNfj78w==
X-Google-Smtp-Source: AGHT+IH1eqdyfscYFW+BeiJZaeU2E9Bj9ndN7QRPBVCWxBht2xTEJ+nsFSsTp36e6jkD53dK0Fj2
X-Received: by 2002:a17:902:f689:b0:1db:dd24:9962 with SMTP id l9-20020a170902f68900b001dbdd249962mr3425864plg.21.1708593746627;
        Thu, 22 Feb 2024 01:22:26 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708593746; cv=pass;
        d=google.com; s=arc-20160816;
        b=Z/bUttg7aE17XJbXDR9ZUeajwoI0N/E7tngxLfexPC591ZEDUC8S+lw2FuJPRVWbFA
         w8YAeh/4i1bq1he2RXL1pwNESixJnm9wM+j2PGqSlNXNswoC2C3Al4kaiel1h4sAzHbl
         gweJ2iO9dHKUn9DgF7LCHt5GtNQC3XlTPoNetCcsfcgC3SWRX5mLJ6m1h5BIDUT6OvjC
         XaxA/t4ldQGV7+qM4DanUrZCecIgV7r9fLEiRKx4vDmys+9ZF+s1qPArejcfLGHvCyzG
         uc/wBC5on8yG0/QNV9lvhywxQ37RHlLN/8NHBNCLY6ILYs47xml8j3D2+a6f768Q6Z5w
         rBXQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=oCVceRJ4c78MPAjhinbj8feHNV7TeUxfiGEfqf5K8ws=;
        fh=HvUiEEezgAcGMOeznawpZrmIdS4SZ8LRLgbYp+vsaFA=;
        b=B5bweBAQvDcYiJE8Xoey8di2D3cnsIj6dB+BZcNe0jdRwyvf3yvA8uYN//6F+O4JzZ
         VaduAxn7nUbQs4yz/ga5upPJ6qPj0hmbmy5K1fId2o7yBEBeX5cq3ZIPREr2cwHyKN4q
         2DyGgCkhsVBxst86UobRoA57Ex5I4LoOW+uGYzIOMXA7JjBjAjqDd1OyJFFbSxGL5NO/
         PxpVlu2d/0vNfai7tnUpR2vGMu/GzzQ8lQFBp7korFMZ8v76YOX/h9P1s9NyQoHYVPaH
         OxOGxengPzmT9caImxSZbQX6rD8Z2Tq62YvSBLh6rwy3XyMgaNWeqEDJmkqBrTUDyhuh
         Eyig==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=bh4IqpA6;
       arc=pass (i=1 spf=pass spfdomain=163.com dkim=pass dkdomain=163.com dmarc=pass fromdomain=163.com);
       spf=pass (google.com: domain of linux-kernel+bounces-76207-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76207-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Return-Path: <linux-kernel+bounces-76207-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id i3-20020a170902c94300b001dbfd897929si6789892pla.618.2024.02.22.01.22.26
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 22 Feb 2024 01:22:26 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-76207-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=bh4IqpA6;
       arc=pass (i=1 spf=pass spfdomain=163.com dkim=pass dkdomain=163.com dmarc=pass fromdomain=163.com);
       spf=pass (google.com: domain of linux-kernel+bounces-76207-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76207-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 85D11282580
	for <linux.lists.archive@gmail.com>; Thu, 22 Feb 2024 09:21:53 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 10D833717A;
	Thu, 22 Feb 2024 09:21:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=163.com header.i=@163.com header.b="bh4IqpA6"
Received: from m16.mail.163.com (m16.mail.163.com [220.197.31.3])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 5D1902375F
	for <linux-kernel@vger.kernel.org>; Thu, 22 Feb 2024 09:21:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=220.197.31.3
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708593707; cv=none; b=LkK6bl/v0NH/FfmTOsRhT0xpJwLFHlshUS9ffT+enQCXsi8CupMQtuKQf3/erda8tqLKWB6DaHD9MZAQRY3052dLCL0Yq9SgixnBcSCMu1Y0yUUDn6c50Q564lph8nnCaC/YETKMT3SKrbLrcVqbgCWsTkWBENaelKL+U4cmOTA=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708593707; c=relaxed/simple;
	bh=Gp6ifRhXtu6IzNFdn/+ncdfl38xS/UkvsM6DFjdqeBo=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=Cwsp/jw8obi76SXqUivbncaGJgk8xy8ZKGuQYCRuUzn3OX4KeMTL/kyCMF+dIidGmAezZjbwrL/yMFGcMyu78P58x0rWSEnQXzCG/DUi0e5r6vbOTPcABpjM4hqlXaiJcFNLe3F8Mgji2tGtMSezUhD6Md6WOhlUfLYhCveG6F0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=163.com; spf=pass smtp.mailfrom=163.com; dkim=pass (1024-bit key) header.d=163.com header.i=@163.com header.b=bh4IqpA6; arc=none smtp.client-ip=220.197.31.3
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=163.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=163.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
	s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=oCVce
	RJ4c78MPAjhinbj8feHNV7TeUxfiGEfqf5K8ws=; b=bh4IqpA6DUBrOMjpjwuIg
	a9XQAhUt7C9PAcjYXAq/cu4Ie4lnQ3ABCb8R6fwdqCY1+7yDrJU8PJkjMM4nTKqR
	BW0fQ0o/c40PIt4KJVKghjw4XuVh4VLh1/fOZRizSj5chzACLmGRMNJMqxDZwzdF
	kdEsvnUMBXV5URm5pbWyGY=
Received: from yangzhang2020.localdomain (unknown [60.27.226.204])
	by gzga-smtp-mta-g1-5 (Coremail) with SMTP id _____wDXD4USEtdlSNHNDg--.2170S2;
	Thu, 22 Feb 2024 17:21:23 +0800 (CST)
From: "yang.zhang" <gaoshanliukou@163.com>
To: ebiederm@xmission.com
Cc: linux-kernel@vger.kernel.org,
	kexec@lists.infradead.org,
	bhe@redhat.com,
	"yang.zhang" <yang.zhang@hexintek.com>
Subject: [PATCH V3] kexec: copy only happens before uchunk goes to zero
Date: Thu, 22 Feb 2024 17:21:19 +0800
Message-Id: <20240222092119.5602-1-gaoshanliukou@163.com>
X-Mailer: git-send-email 2.25.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-CM-TRANSID:_____wDXD4USEtdlSNHNDg--.2170S2
X-Coremail-Antispam: 1Uf129KBjvJXoWxCFyfXFykCw4rJF1DXF4rAFb_yoW5XFyxp3
	9xGr1FkrW8Jr9rXr1ktF15CayfJ3s7GryrurW7CF95KrnI93Wvq34S93Wj93yUKryFkrn5
	Jw4qkF9Iga4UX37anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
	9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jgR6rUUUUU=
X-CM-SenderInfo: pjdr2x5dqox3xnrxqiywtou0bp/xtbB0BmM8mWXwByflwAAsR

From: "yang.zhang" <yang.zhang@hexintek.com>

When loading segments, ubytes is <= mbytes. When ubytes is exhausted,
there could be remaining mbytes. Then in the while loop, the buf pointer
advancing with mchunk will causing meaningless reading even though it
doesn't harm.

So let's change to make sure that all of the copying and the rest only
happens before uchunk goes to zero.

Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: yang.zhang <yang.zhang@hexintek.com>

---
V2 -> V3:
- Add more detailed description in the commit message
v1 -> v2:
- Only copy before uchunk goes to zero

V1: https://lore.kernel.org/lkml/20240130101802.23850-1-gaoshanliukou@163.com/
---
 kernel/kexec_core.c | 44 ++++++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
index d08fc7b5db97..2fc3d0e3715a 100644
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c
@@ -800,22 +800,24 @@ static int kimage_load_normal_segment(struct kimage *image,
 				PAGE_SIZE - (maddr & ~PAGE_MASK));
 		uchunk = min(ubytes, mchunk);
 
-		/* For file based kexec, source pages are in kernel memory */
-		if (image->file_mode)
-			memcpy(ptr, kbuf, uchunk);
-		else
-			result = copy_from_user(ptr, buf, uchunk);
+		if (uchunk) {
+			/* For file based kexec, source pages are in kernel memory */
+			if (image->file_mode)
+				memcpy(ptr, kbuf, uchunk);
+			else
+				result = copy_from_user(ptr, buf, uchunk);
+			ubytes -= uchunk;
+			if (image->file_mode)
+				kbuf += uchunk;
+			else
+				buf += uchunk;
+		}
 		kunmap_local(ptr);
 		if (result) {
 			result = -EFAULT;
 			goto out;
 		}
-		ubytes -= uchunk;
 		maddr  += mchunk;
-		if (image->file_mode)
-			kbuf += mchunk;
-		else
-			buf += mchunk;
 		mbytes -= mchunk;
 
 		cond_resched();
@@ -866,11 +868,18 @@ static int kimage_load_crash_segment(struct kimage *image,
 			memset(ptr + uchunk, 0, mchunk - uchunk);
 		}
 
-		/* For file based kexec, source pages are in kernel memory */
-		if (image->file_mode)
-			memcpy(ptr, kbuf, uchunk);
-		else
-			result = copy_from_user(ptr, buf, uchunk);
+		if (uchunk) {
+			/* For file based kexec, source pages are in kernel memory */
+			if (image->file_mode)
+				memcpy(ptr, kbuf, uchunk);
+			else
+				result = copy_from_user(ptr, buf, uchunk);
+			ubytes -= uchunk;
+			if (image->file_mode)
+				kbuf += uchunk;
+			else
+				buf += uchunk;
+		}
 		kexec_flush_icache_page(page);
 		kunmap_local(ptr);
 		arch_kexec_pre_free_pages(page_address(page), 1);
@@ -878,12 +887,7 @@ static int kimage_load_crash_segment(struct kimage *image,
 			result = -EFAULT;
 			goto out;
 		}
-		ubytes -= uchunk;
 		maddr  += mchunk;
-		if (image->file_mode)
-			kbuf += mchunk;
-		else
-			buf += mchunk;
 		mbytes -= mchunk;
 
 		cond_resched();
-- 
2.25.1