Ensure that user memory sizes do not wrap around when validating the user input, which can lead to the following input validation working incorrectly. Acked-by: Baoquan He <bhe at redhat.com> Reviewed-by: Pratyush Anand <panand at redhat.com> Signed-off-by: Russell King <rmk+kernel at arm.linux.org.uk> --- kernel/kexec_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index 8d34308ea449..d719a4d0ef55 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -169,6 +169,8 @@ int sanity_check_segment_list(struct kimage *image) mstart = image->segment[i].mem; mend = mstart + image->segment[i].memsz; + if (mstart > mend) + return result; if ((mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK)) return result; if (mend >= KEXEC_DESTINATION_MEMORY_LIMIT) -- 2.1.0