Skip to content

GitLab

An error occurred while fetching folder content.
Switch branch/tag
History Find file
Clone
x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access
Mike Galbraith authored 
Commit in Fixes: added support for kexec-ing a kernel on panic using a
new system call. As part of it, it does prepare a memory map for the new
kernel.

However, while doing so, it wrongly accesses memory it has not
allocated: it accesses the first element of the cmem->ranges[] array in
memmap_exclude_ranges() but it has not allocated the memory for it in
crash_setup_memmap_entries(). As KASAN reports:

  BUG: KASAN: vmalloc-out-of-bounds in crash_setup_memmap_entries+0x17e/0x3a0
  Write of size 8 at addr ffffc90000426008 by task kexec/1187

  (gdb) list *crash_setup_memmap_entries+0x17e
  0xffffffff8107cafe is in crash_setup_memmap_entries (arch/x86/kernel/crash.c:322).
  317                                      unsigned long long mend)
  318     {
  319             unsigned long start, end;
  320
  321             cmem->ranges[0].start = mstart;
  322             cmem->ranges[0].end = mend;
  323             cmem->nr_ranges = 1;
  324
  32...
5849cdf8
Name Last commit Last update
..
acpi kasan: remove redundant config option
apic x86/apic/of: Fix CPU devicetree-node lookups
cpu Merge tag 'x86-entry-2021-02-24' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
fpu x86/fpu/xstate: Use sizeof() instead of a constant
kprobes ftrace: Fix spelling mistake "disabed" -> "disabled"
.gitignore .gitignore: add SPDX License Identifier
Makefile x86/apb_timer: Remove driver for deprecated platform
alternative.c Merge tag 'x86_cleanups_for_v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
amd_gart_64.c dma-mapping: split <linux/dma-mapping.h>
amd_nb.c x86/CPU/AMD: Remove amd_get_nb_id()
aperture_64.c x86/gart: Exclude GART aperture from kcore
apm_32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 118
asm-offsets.c x86/head/64: Remove unused GET_CR2_INTO() macro
asm-offsets_32.c Merge tag 'x86-entry-2020-03-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
asm-offsets_64.c x86/xen: Drop USERGS_SYSRET64 paravirt call
audit_64.c x86/audit: Fix a -Wmissing-prototypes warning for ia32_classify_syscall()
bootflag.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license
check.c x86/headers: Fix -Wmissing-prototypes warning
cpuid.c smp: Cleanup smp_call_function*()
crash.c x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access
crash_core_32.c mm: reorder includes after introduction of linux/pgtable.h
crash_core_64.c mm: reorder includes after introduction of linux/pgtable.h
crash_dump_32.c x86/crashdump/32: Simplify copy_oldmem_page()
crash_dump_64.c fs/core/vmcore: Move sev_active() reference to x86 arch code
devicetree.c x86/devicetree: Fix the ioapic interrupt type table
doublefault_32.c
dumpstack.c
dumpstack_32.c
dumpstack_64.c
e820.c
early-quirks.c
early_printk.c
ebda.c
eisa.c
espfix_64.c
ftrace.c
ftrace_32.S
ftrace_64.S
head32.c
head64.c
head_32.S
head_64.S
hpet.c
hw_breakpoint.c
i8237.c
i8253.c
i8259.c
idt.c
io_delay.c
ioport.c
irq.c
irq_32.c
irq_64.c
irq_work.c
irqflags.S
irqinit.c
itmt.c
jailhouse.c
jump_label.c
kdebugfs.c
kexec-bzimage64.c
kgdb.c
ksysfs.c
kvm.c
kvmclock.c
ldt.c
machine_kexec_32.c
machine_kexec_64.c
mmconf-fam10h_64.c
module.c
mpparse.c
msr.c
nmi.c
nmi_selftest.c
paravirt-spinlocks.c
paravirt.c
paravirt_patch.c
pci-dma.c
pci-iommu_table.c
pci-swiotlb.c
pcspeaker.c
perf_regs.c
platform-quirks.c
pmem.c
probe_roms.c
process.c
process.h
process_32.c
process_64.c
ptrace.c
pvclock.c
quirks.c
reboot.c
reboot_fixups_32.c
relocate_kernel_32.S
relocate_kernel_64.S
resource.c
rtc.c
setup.c
setup_percpu.c