diff options
| author | Russell King <rmk+kernel@arm.linux.org.uk> | 2016-06-16 09:44:42 +1000 |
|---|---|---|
| committer | Stephen Rothwell <sfr@canb.auug.org.au> | 2016-06-16 09:44:42 +1000 |
| commit | 39cbea5a6f6e00580da594d627f7257100b1ef2a (patch) | |
| tree | e7f243622a29f4f7d2db9c553d0a911f78c8859f | |
| parent | 6091200ac7123695e12ea9cd8ea51d500d37f214 (diff) | |
| download | linux-39cbea5a6f6e00580da594d627f7257100b1ef2a.tar.gz linux-39cbea5a6f6e00580da594d627f7257100b1ef2a.tar.xz | |
kexec: ensure user memory sizes do not wrap
Ensure that user memory sizes do not wrap around when validating the user
input, which can lead to the following input validation working
incorrectly.
Link: http://lkml.kernel.org/r/E1b8koF-0004HM-5x@rmk-PC.armlinux.org.uk
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Reviewed-by: Pratyush Anand <panand@redhat.com>
Acked-by: Baoquan He <bhe@redhat.com>
Cc: Keerthy <j-keerthy@ti.com>
Cc: Vitaly Andrianov <vitalya@ti.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Simon Horman <horms@verge.net.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
| -rw-r--r-- | kernel/kexec_core.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c index 23311c803b1b..e0f74ebf1f8b 100644 --- a/kernel/kexec_core.c +++ b/kernel/kexec_core.c @@ -168,6 +168,8 @@ int sanity_check_segment_list(struct kimage *image) mstart = image->segment[i].mem; mend = mstart + image->segment[i].memsz; + if (mstart > mend) + return result; if ((mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK)) return -EADDRNOTAVAIL; if (mend >= KEXEC_DESTINATION_MEMORY_LIMIT) |