kernel/crash_core.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
Because memory ranges in mem->ranges are stored in ascending order, when we
detect `p_end < start`, we can break the for loop early, as the subsequent
memory ranges must also be outside the range we are looking for.
Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
---
Hi Andrew,
Patch "[PATCH 2/2] crash_core: fix out-of-bounds access check in
crash_exclude_mem_range()" can be ignored, use this patch instead.
kernel/crash_core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/crash_core.c b/kernel/crash_core.c
index 9a219a918638..d425c4a106cd 100644
--- a/kernel/crash_core.c
+++ b/kernel/crash_core.c
@@ -575,9 +575,12 @@ int crash_exclude_mem_range(struct crash_mem *mem,
p_start = mstart;
p_end = mend;
- if (p_start > end || p_end < start)
+ if (p_start > end)
continue;
+ if (p_end < start)
+ break;
+
/* Truncate any area outside of range */
if (p_start < start)
p_start = start;
--
2.43.0On Wed, 20 Dec 2023 00:34:18 +0800 Yuntao Wang <ytcoode@gmail.com> wrote: > Because memory ranges in mem->ranges are stored in ascending order, when we > detect `p_end < start`, we can break the for loop early, as the subsequent > memory ranges must also be outside the range we are looking for. > > Signed-off-by: Yuntao Wang <ytcoode@gmail.com> > --- > Hi Andrew, > > Patch "[PATCH 2/2] crash_core: fix out-of-bounds access check in > crash_exclude_mem_range()" can be ignored, use this patch instead. > Some reviewer input on this would be helpful please? > --- a/kernel/crash_core.c > +++ b/kernel/crash_core.c > @@ -575,9 +575,12 @@ int crash_exclude_mem_range(struct crash_mem *mem, > p_start = mstart; > p_end = mend; > > - if (p_start > end || p_end < start) > + if (p_start > end) > continue; > > + if (p_end < start) > + break; > + > /* Truncate any area outside of range */ > if (p_start < start) > p_start = start; > -- > 2.43.0
On 12/29/23 at 12:10pm, Andrew Morton wrote: > On Wed, 20 Dec 2023 00:34:18 +0800 Yuntao Wang <ytcoode@gmail.com> wrote: > > > Because memory ranges in mem->ranges are stored in ascending order, when we > > detect `p_end < start`, we can break the for loop early, as the subsequent > > memory ranges must also be outside the range we are looking for. > > > > Signed-off-by: Yuntao Wang <ytcoode@gmail.com> > > --- > > Hi Andrew, > > > > Patch "[PATCH 2/2] crash_core: fix out-of-bounds access check in > > crash_exclude_mem_range()" can be ignored, use this patch instead. > > > > Some reviewer input on this would be helpful please? I suggested this in below discussion thread: https://lore.kernel.org/all/ZYEOshALGbDKwSdc@MiWiFi-R3L-srv/T/#u So it would be good if squashing this into patch 3 of another patch thread you are asking: [PATCH 3/3] crash_core: fix and simplify the logic of crash_exclude_mem_range() And I would suggest withdrawing Yuntao's below patch on your mm-nonmm-unstable branch. 961c69e9f1bf x86/crash: fix potential cmem->ranges array overflow Becase there's better one to fix the potential oob from fuqiang, although fuqiang need improve his patch log. [PATCH v3] x86/kexec: fix potential cmem->ranges out of bounds https://lore.kernel.org/all/20231222121855.148215-1-fuqiang.wang@easystack.cn/T/#u > > > --- a/kernel/crash_core.c > > +++ b/kernel/crash_core.c > > @@ -575,9 +575,12 @@ int crash_exclude_mem_range(struct crash_mem *mem, > > p_start = mstart; > > p_end = mend; > > > > - if (p_start > end || p_end < start) > > + if (p_start > end) > > continue; > > > > + if (p_end < start) > > + break; > > + > > /* Truncate any area outside of range */ > > if (p_start < start) > > p_start = start; > > -- > > 2.43.0 >
On Sat, 30 Dec 2023 18:28:06 +0800, Baoquan He <bhe@redhat.com> wrote: > On 12/29/23 at 12:10pm, Andrew Morton wrote: > > On Wed, 20 Dec 2023 00:34:18 +0800 Yuntao Wang <ytcoode@gmail.com> wrote: > > > > > Because memory ranges in mem->ranges are stored in ascending order, when we > > > detect `p_end < start`, we can break the for loop early, as the subsequent > > > memory ranges must also be outside the range we are looking for. > > > > > > Signed-off-by: Yuntao Wang <ytcoode@gmail.com> > > > --- > > > Hi Andrew, > > > > > > Patch "[PATCH 2/2] crash_core: fix out-of-bounds access check in > > > crash_exclude_mem_range()" can be ignored, use this patch instead. > > > > > > > Some reviewer input on this would be helpful please? > > > I suggested this in below discussion thread: > https://lore.kernel.org/all/ZYEOshALGbDKwSdc@MiWiFi-R3L-srv/T/#u > > So it would be good if squashing this into patch 3 of another patch > thread you are asking: > [PATCH 3/3] crash_core: fix and simplify the logic of crash_exclude_mem_range() > Hi all, I've squashed this patch into the patch: [PATCH 3/3] crash_core: fix and simplify the logic of crash_exclude_mem_range() The link to the new patch is: https://lore.kernel.org/lkml/20240102144905.110047-1-ytcoode@gmail.com/t/#m255d0d26148f2b384f6b7ab77eb38edf3f1bc0df > And I would suggest withdrawing Yuntao's below patch on your > mm-nonmm-unstable branch. > > 961c69e9f1bf x86/crash: fix potential cmem->ranges array overflow > > Becase there's better one to fix the potential oob from fuqiang, > although fuqiang need improve his patch log. > > [PATCH v3] x86/kexec: fix potential cmem->ranges out of bounds > https://lore.kernel.org/all/20231222121855.148215-1-fuqiang.wang@easystack.cn/T/#u > I'm okay with that. > > > > > --- a/kernel/crash_core.c > > > +++ b/kernel/crash_core.c > > > @@ -575,9 +575,12 @@ int crash_exclude_mem_range(struct crash_mem *mem, > > > p_start = mstart; > > > p_end = mend; > > > > > > - if (p_start > end || p_end < start) > > > + if (p_start > end) > > > continue; > > > > > > + if (p_end < start) > > > + break; > > > + > > > /* Truncate any area outside of range */ > > > if (p_start < start) > > > p_start = start; > > > -- > > > 2.43.0 > >
© 2016 - 2025 Red Hat, Inc.