Re: [PATCH v2] kexec: add restriction on kexec_load() segment sizes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 27 Jul 2016 21:17:54 +0800 zhongjiang <zhongjiang@xxxxxxxxxx> wrote:

> --- a/kernel/kexec_core.c
> +++ b/kernel/kexec_core.c
> @@ -140,6 +140,7 @@ int kexec_should_crash(struct task_struct *p)
>   * allocating pages whose destination address we do not care about.
>   */
>  #define KIMAGE_NO_DEST (-1UL)
> +#define PAGE_COUNT(x) (((x) + PAGE_SIZE - 1) >> PAGE_SHIFT)
>  
>  static struct page *kimage_alloc_page(struct kimage *image,
>  				       gfp_t gfp_mask,
> @@ -149,6 +150,7 @@ int sanity_check_segment_list(struct kimage *image)
>  {
>  	int result, i;
>  	unsigned long nr_segments = image->nr_segments;
> +	unsigned long total_pages = 0;
>  
>  	/*
>  	 * Verify we have good destination addresses.  The caller is
> @@ -210,6 +212,22 @@ int sanity_check_segment_list(struct kimage *image)
>  	}
>  
> +	/*
> +	 * Verify that no segment is larger than half of memory.
> +	 * If a segment from userspace is too large, a large amount
> +	 * of time will be wasted allocating pages, which can cause
> +	 * * a soft lockup.
> +	 */
> +	for (i = 0; i < nr_segments; i++) {
> +		if (PAGE_COUNT(image->segment[i].memsz) > totalram_pages / 2)
> +			return result;
> +
> +		total_pages += PAGE_COUNT(image->segment[i].memsz);
> +	}
> +
> +	if (total_pages > totalram_pages / 2)
> +		return result;
> +

eh, that'll do ;)

Updates:

--- a/kernel/kexec_core.c~kexec-add-restriction-on-kexec_load-segment-sizes-fix
+++ a/kernel/kexec_core.c
@@ -217,20 +217,19 @@ int sanity_check_segment_list(struct kim
 	}
 
 	/*
-	 * Verify that no segment is larger than half of memory.
-	 * If a segment from userspace is too large, a large amount
-	 * of time will be wasted allocating pages, which can cause
-	 * * a soft lockup.
+	 * Verify that no more than half of memory will be consumed. If the
+	 * request from userspace is too large, a large amount of time will be
+	 * wasted allocating pages, which can cause a soft lockup.
 	 */
 	for (i = 0; i < nr_segments; i++) {
 		if (PAGE_COUNT(image->segment[i].memsz) > totalram_pages / 2)
-			return result;
+			return -EINVAL;
 
 		total_pages += PAGE_COUNT(image->segment[i].memsz);
 	}
 
 	if (total_pages > totalram_pages / 2)
-		return result;
+		return -EINVAL;
 
 	/*
 	 * Verify we have good destination addresses.  Normally
_

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]