forked from luck/tmp_suning_uos_patched
kexec: ensure user memory sizes do not wrap
Ensure that user memory sizes do not wrap around when validating the user input, which can lead to the following input validation working incorrectly. [akpm@linux-foundation.org: fix it for kexec-return-error-number-directly.patch] Link: http://lkml.kernel.org/r/E1b8koF-0004HM-5x@rmk-PC.armlinux.org.uk Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Reviewed-by: Pratyush Anand <panand@redhat.com> Acked-by: Baoquan He <bhe@redhat.com> Cc: Keerthy <j-keerthy@ti.com> Cc: Vitaly Andrianov <vitalya@ti.com> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Dave Young <dyoung@redhat.com> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Simon Horman <horms@verge.net.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
dc5cccacf4
commit
465d377701
|
@ -168,6 +168,8 @@ int sanity_check_segment_list(struct kimage *image)
|
|||
|
||||
mstart = image->segment[i].mem;
|
||||
mend = mstart + image->segment[i].memsz;
|
||||
if (mstart > mend)
|
||||
return -EADDRNOTAVAIL;
|
||||
if ((mstart & ~PAGE_MASK) || (mend & ~PAGE_MASK))
|
||||
return -EADDRNOTAVAIL;
|
||||
if (mend >= KEXEC_DESTINATION_MEMORY_LIMIT)
|
||||
|
|
Loading…
Reference in New Issue
Block a user