[PATCH 09/12] kexec: ensure user memory sizes do not wrap

[PATCH 00/12] Fixing TI Keystone2 kexec · Russell King - ARM Linux <hidden> · 2016-04-28
[PATCH 01/12] ARM: kexec: fix crashkernel= handling · Russell King <hidden> · 2016-04-28
[PATCH 02/12] ARM: provide improved virt_to_idmap() functionality · Russell King <hidden> · 2016-04-28
[PATCH 03/12] ARM: kexec: remove 512MB restriction on kexec crashdump · Russell King <hidden> · 2016-04-28
Re: [PATCH 03/12] ARM: kexec: remove 512MB restriction on kexec crashdump · Pratyush Anand <hidden> · 2016-04-29
[PATCH 04/12] ARM: provide arm_has_idmap_alias() helper · Russell King <hidden> · 2016-04-28
Re: [PATCH 04/12] ARM: provide arm_has_idmap_alias() helper · Pratyush Anand <hidden> · 2016-04-29
[PATCH 05/12] ARM: kdump: advertise boot aliased crash kernel resource · Russell King <hidden> · 2016-04-28
[PATCH 06/12] ARM: kexec: advertise location of bootable RAM · Russell King <hidden> · 2016-04-28
Re: [PATCH 06/12] ARM: kexec: advertise location of bootable RAM · Pratyush Anand <hidden> · 2016-04-29
Re: [PATCH 06/12] ARM: kexec: advertise location of bootable RAM · Russell King - ARM Linux <hidden> · 2016-04-29
Re: [PATCH 06/12] ARM: kexec: advertise location of bootable RAM · Pratyush Anand <hidden> · 2016-04-30
Re: [PATCH 06/12] ARM: kexec: advertise location of bootable RAM · Russell King - ARM Linux <hidden> · 2016-04-30
Re: [PATCH 06/12] ARM: kexec: advertise location of bootable RAM · Pratyush Anand <hidden> · 2016-05-02
Re: [PATCH 06/12] ARM: kexec: advertise location of bootable RAM · Russell King - ARM Linux <hidden> · 2016-05-02
Re: [PATCH 06/12] ARM: kexec: advertise location of bootable RAM · Pratyush Anand <hidden> · 2016-05-02
[PATCH 07/12] ARM: keystone: dts: add psci command definition · Russell King <hidden> · 2016-04-28
[PATCH 08/12] kexec: don't invoke OOM-killer for control page allocation · Russell King <hidden> · 2016-04-28
Re: [PATCH 08/12] kexec: don't invoke OOM-killer for control page allocation · Pratyush Anand <hidden> · 2016-04-29
[PATCH 09/12] kexec: ensure user memory sizes do not wrap · Russell King <hidden> · 2016-04-28
[PATCH 10/12] kexec: arrange for paddr_vmcoreinfo_note() to return phys_addr_t · Russell King <hidden> · 2016-04-28
Re: [PATCH 10/12] kexec: arrange for paddr_vmcoreinfo_note() to return phys_addr_t · Pratyush Anand <hidden> · 2016-04-29
Re: [PATCH 10/12] kexec: arrange for paddr_vmcoreinfo_note() to return phys_addr_t · Mark Rutland <mark.rutland@arm.com> · 2016-04-29
Re: [PATCH 10/12] kexec: arrange for paddr_vmcoreinfo_note() to return phys_addr_t · Pratyush Anand <hidden> · 2016-04-29
Re: [PATCH 10/12] kexec: arrange for paddr_vmcoreinfo_note() to return phys_addr_t · Baoquan He <bhe@redhat.com> · 2016-05-03
Re: [PATCH 10/12] kexec: arrange for paddr_vmcoreinfo_note() to return phys_addr_t · Pratyush Anand <hidden> · 2016-05-03
Re: [PATCH 10/12] kexec: arrange for paddr_vmcoreinfo_note() to return phys_addr_t · Baoquan He <bhe@redhat.com> · 2016-05-03
Re: [PATCH 10/12] kexec: arrange for paddr_vmcoreinfo_note() to return phys_addr_t · Russell King - ARM Linux <hidden> · 2016-04-29
Re: [PATCH 10/12] kexec: arrange for paddr_vmcoreinfo_note() to return phys_addr_t · Pratyush Anand <hidden> · 2016-04-30
[PATCH 11/12] kexec: allow architectures to override boot mapping · Russell King <hidden> · 2016-04-28
Re: [PATCH 11/12] kexec: allow architectures to override boot mapping · Pratyush Anand <hidden> · 2016-04-29
Re: [PATCH 11/12] kexec: allow architectures to override boot mapping · Russell King - ARM Linux <hidden> · 2016-04-29
Re: [PATCH 11/12] kexec: allow architectures to override boot mapping · Russell King - ARM Linux <linux@armlinux.org.uk> · 2016-05-11
Re: [PATCH 11/12] kexec: allow architectures to override boot mapping · Baoquan He <bhe@redhat.com> · 2016-05-12
Re: [PATCH 11/12] kexec: allow architectures to override boot mapping · Russell King - ARM Linux <linux@armlinux.org.uk> · 2016-05-12
[PATCH 12/12] ARM: kexec: fix kexec for Keystone 2 · Russell King <hidden> · 2016-04-28
Re: [PATCH 00/12] Fixing TI Keystone2 kexec · Simon Horman <horms@verge.net.au> · 2016-04-28
Re: [PATCH 00/12] Fixing TI Keystone2 kexec · Dave Young <hidden> · 2016-05-11
Re: [PATCH 00/12] Fixing TI Keystone2 kexec · Russell King - ARM Linux <linux@armlinux.org.uk> · 2016-05-11
Re: [PATCH 00/12] Fixing TI Keystone2 kexec · Dave Young <hidden> · 2016-05-11
Re: [PATCH 00/12] Fixing TI Keystone2 kexec · Russell King - ARM Linux <linux@armlinux.org.uk> · 2016-05-11

STALE3654d

From: Russell King <hidden>
Date: 2016-04-28 09:28:30
Also in: kexec, linux-arm-kernel
Subsystem: kexec, the rest · Maintainers: Andrew Morton, Baoquan He, Mike Rapoport, Pasha Tatashin, Pratyush Yadav, Linus Torvalds

Ensure that user memory sizes do not wrap around when validating the
user input, which can lead to the following input validation working
incorrectly.

Signed-off-by: Russell King <redacted>
---
 kernel/kexec_core.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
index 8d34308ea449..d719a4d0ef55 100644
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c

@@ -169,6 +169,8 @@ int sanity_check_segment_list(struct kimage *image)
 
 		mstart = image->segment[i].mem;
 		mend   = mstart + image->segment[i].memsz;
+		if (mstart > mend)
+			return result;
 		if ((mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK))
 			return result;
 		if (mend >= KEXEC_DESTINATION_MEMORY_LIMIT)

-- 
2.1.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help