Petr Tesarik <petr.tesarik@xxxxxxxx> writes:
> From: Petr Tesarik <ptesarik@xxxxxxxx>
>
> Fix the condition to exclude the elfcorehdr segment from the SHA digest
> calculation.
>
> The j iterator is an index into the output sha_regions[] array, not into
> the input image->segment[] array. Once it reaches image->elfcorehdr_index,
> all subsequent segments are excluded. Besides, if the purgatory segment
> precedes the elfcorehdr segment, the elfcorehdr may be wrongly included in
> the calculation.
I would rather make CONFIG_CRASH_HOTPLUG depend on broken.
The hash is supposed to include everything we depend upon so when
a borken machine corrupts something we can detect that corruption
and not attempt to take a crash dump.
The elfcorehdr is definitely something that needs to be part of the
hash.
So please go back to the drawing board and find a way to include the
program header in the hash even with CONFIG_CRASH_HOTPLUG.
Eric
> Fixes: f7cc804a9fd4 ("kexec: exclude elfcorehdr from the segment digest")
> Cc: stable@xxxxxxxxxx
> Signed-off-by: Petr Tesarik <ptesarik@xxxxxxxx>
> ---
> kernel/kexec_file.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
> index 3d64290d24c9..3eedb8c226ad 100644
> --- a/kernel/kexec_file.c
> +++ b/kernel/kexec_file.c
> @@ -752,7 +752,7 @@ static int kexec_calculate_store_digests(struct kimage *image)
>
> #ifdef CONFIG_CRASH_HOTPLUG
> /* Exclude elfcorehdr segment to allow future changes via hotplug */
> - if (j == image->elfcorehdr_index)
> + if (i == image->elfcorehdr_index)
> continue;
> #endif
_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec
