From patchwork Thu Feb 22 09:21:19 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "yang.zhang" <gaoshanliukou@163.com>
X-Patchwork-Id: 204631
Return-Path: <linux-kernel+bounces-76207-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7300:aa16:b0:108:e6aa:91d0 with SMTP id
 by22csp132436dyb;
        Thu, 22 Feb 2024 01:22:12 -0800 (PST)
X-Forwarded-Encrypted: i=3;
 AJvYcCVoL07Qe17t4IXNTYCsgaL1lwk0szaH1VcdHnHKjjsiCr1xDaHUBR1bLp0l/IaDDyj3PmjMXs+ZRjk1ZeE96m1LEzurwQ==
X-Google-Smtp-Source: 
 AGHT+IFI0YCkl5kbqDjGDD5A5Qylo5XH6g+OdgCDev2ZwhK6hz294eYhJtLuXrzPRiEcKM5h/Pxw
X-Received: by 2002:a17:906:c319:b0:a3e:d251:f5d7 with SMTP id
 s25-20020a170906c31900b00a3ed251f5d7mr7161324ejz.33.1708593731990;
        Thu, 22 Feb 2024 01:22:11 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708593731; cv=pass;
        d=google.com; s=arc-20160816;
        b=gcSsVdQqsqBBmvKBX2DpqDtXGl462CBMki2BSFy5SWynTqTe33dqrELcQtQoaIR1pB
         ITt4AedVv6U+do59ERqw0CFhYfMTmqnFx9nk/qUKK3p1K0GLdsKYNNo0AWELIqEDFx52
         4aGG/K03aNJzJzjEz+INPurFB5OL03Q+1mOIZGwQD4GQdW7VzJoLuOUM/zJXE487exNf
         vDag9gplwVN8EbCktwz+6C73vfyBgKfuGsiWT7Xrnavi1chOY93EwR7tWpIs49FzXYUj
         B3df87zXVThsuWJ0C6iLaWdC4EbzWvKpQx70E+Tyx+2zI89WfyO6rTZ3Oh5qZmDIzrpW
         tx2A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=oCVceRJ4c78MPAjhinbj8feHNV7TeUxfiGEfqf5K8ws=;
        fh=HvUiEEezgAcGMOeznawpZrmIdS4SZ8LRLgbYp+vsaFA=;
        b=B5bweBAQvDcYiJE8Xoey8di2D3cnsIj6dB+BZcNe0jdRwyvf3yvA8uYN//6F+O4JzZ
         VaduAxn7nUbQs4yz/ga5upPJ6qPj0hmbmy5K1fId2o7yBEBeX5cq3ZIPREr2cwHyKN4q
         2DyGgCkhsVBxst86UobRoA57Ex5I4LoOW+uGYzIOMXA7JjBjAjqDd1OyJFFbSxGL5NO/
         PxpVlu2d/0vNfai7tnUpR2vGMu/GzzQ8lQFBp7korFMZ8v76YOX/h9P1s9NyQoHYVPaH
         OxOGxengPzmT9caImxSZbQX6rD8Z2Tq62YvSBLh6rwy3XyMgaNWeqEDJmkqBrTUDyhuh
         Eyig==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=bh4IqpA6;
       arc=pass (i=1 spf=pass spfdomain=163.com dkim=pass dkdomain=163.com
 dmarc=pass fromdomain=163.com);
       spf=pass (google.com: domain of
 linux-kernel+bounces-76207-ouuuleilei=gmail.com@vger.kernel.org designates
 2604:1380:4601:e00::3 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-76207-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org.
 [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id
 qw37-20020a1709066a2500b00a3d1e75f8a1si5492153ejc.6.2024.02.22.01.22.11
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 22 Feb 2024 01:22:11 -0800 (PST)
Received-SPF: pass (google.com: domain of
 linux-kernel+bounces-76207-ouuuleilei=gmail.com@vger.kernel.org designates
 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@163.com header.s=s110527 header.b=bh4IqpA6;
       arc=pass (i=1 spf=pass spfdomain=163.com dkim=pass dkdomain=163.com
 dmarc=pass fromdomain=163.com);
       spf=pass (google.com: domain of
 linux-kernel+bounces-76207-ouuuleilei=gmail.com@vger.kernel.org designates
 2604:1380:4601:e00::3 as permitted sender)
 smtp.mailfrom="linux-kernel+bounces-76207-ouuuleilei=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=163.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
 [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id E82801F25495
	for <ouuuleilei@gmail.com>; Thu, 22 Feb 2024 09:22:01 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id EC88D37710;
	Thu, 22 Feb 2024 09:21:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=163.com header.i=@163.com
 header.b="bh4IqpA6"
Received: from m16.mail.163.com (m16.mail.163.com [220.197.31.3])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 5D1902375F
	for <linux-kernel@vger.kernel.org>; Thu, 22 Feb 2024 09:21:43 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=220.197.31.3
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708593707; cv=none;
 b=LkK6bl/v0NH/FfmTOsRhT0xpJwLFHlshUS9ffT+enQCXsi8CupMQtuKQf3/erda8tqLKWB6DaHD9MZAQRY3052dLCL0Yq9SgixnBcSCMu1Y0yUUDn6c50Q564lph8nnCaC/YETKMT3SKrbLrcVqbgCWsTkWBENaelKL+U4cmOTA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708593707; c=relaxed/simple;
	bh=Gp6ifRhXtu6IzNFdn/+ncdfl38xS/UkvsM6DFjdqeBo=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
 b=Cwsp/jw8obi76SXqUivbncaGJgk8xy8ZKGuQYCRuUzn3OX4KeMTL/kyCMF+dIidGmAezZjbwrL/yMFGcMyu78P58x0rWSEnQXzCG/DUi0e5r6vbOTPcABpjM4hqlXaiJcFNLe3F8Mgji2tGtMSezUhD6Md6WOhlUfLYhCveG6F0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=163.com;
 spf=pass smtp.mailfrom=163.com;
 dkim=pass (1024-bit key) header.d=163.com header.i=@163.com
 header.b=bh4IqpA6; arc=none smtp.client-ip=220.197.31.3
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=163.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=163.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;
	s=s110527; h=From:Subject:Date:Message-Id:MIME-Version; bh=oCVce
	RJ4c78MPAjhinbj8feHNV7TeUxfiGEfqf5K8ws=; b=bh4IqpA6DUBrOMjpjwuIg
	a9XQAhUt7C9PAcjYXAq/cu4Ie4lnQ3ABCb8R6fwdqCY1+7yDrJU8PJkjMM4nTKqR
	BW0fQ0o/c40PIt4KJVKghjw4XuVh4VLh1/fOZRizSj5chzACLmGRMNJMqxDZwzdF
	kdEsvnUMBXV5URm5pbWyGY=
Received: from yangzhang2020.localdomain (unknown [60.27.226.204])
	by gzga-smtp-mta-g1-5 (Coremail) with SMTP id
 _____wDXD4USEtdlSNHNDg--.2170S2;
	Thu, 22 Feb 2024 17:21:23 +0800 (CST)
From: "yang.zhang" <gaoshanliukou@163.com>
To: ebiederm@xmission.com
Cc: linux-kernel@vger.kernel.org,
	kexec@lists.infradead.org,
	bhe@redhat.com,
	"yang.zhang" <yang.zhang@hexintek.com>
Subject: [PATCH V3] kexec: copy only happens before uchunk goes to zero
Date: Thu, 22 Feb 2024 17:21:19 +0800
Message-Id: <20240222092119.5602-1-gaoshanliukou@163.com>
X-Mailer: git-send-email 2.25.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-CM-TRANSID: _____wDXD4USEtdlSNHNDg--.2170S2
X-Coremail-Antispam: 1Uf129KBjvJXoWxCFyfXFykCw4rJF1DXF4rAFb_yoW5XFyxp3
	9xGr1FkrW8Jr9rXr1ktF15CayfJ3s7GryrurW7CF95KrnI93Wvq34S93Wj93yUKryFkrn5
	Jw4qkF9Iga4UX37anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
	9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jgR6rUUUUU=
X-CM-SenderInfo: pjdr2x5dqox3xnrxqiywtou0bp/xtbB0BmM8mWXwByflwAAsR
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1791590381050786472
X-GMAIL-MSGID: 1791590381050786472

From: "yang.zhang" <yang.zhang@hexintek.com>

When loading segments, ubytes is <= mbytes. When ubytes is exhausted,
there could be remaining mbytes. Then in the while loop, the buf pointer
advancing with mchunk will causing meaningless reading even though it
doesn't harm.

So let's change to make sure that all of the copying and the rest only
happens before uchunk goes to zero.

Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: yang.zhang <yang.zhang@hexintek.com>
---
V2 -> V3:
- Add more detailed description in the commit message
v1 -> v2:
- Only copy before uchunk goes to zero

V1: https://lore.kernel.org/lkml/20240130101802.23850-1-gaoshanliukou@163.com/
---
 kernel/kexec_core.c | 44 ++++++++++++++++++++++++--------------------
 1 file changed, 24 insertions(+), 20 deletions(-)

diff --git a/kernel/kexec_core.c b/kernel/kexec_core.c
index d08fc7b5db97..2fc3d0e3715a 100644
--- a/kernel/kexec_core.c
+++ b/kernel/kexec_core.c
@@ -800,22 +800,24 @@ static int kimage_load_normal_segment(struct kimage *image,
 				PAGE_SIZE - (maddr & ~PAGE_MASK));
 		uchunk = min(ubytes, mchunk);
 
-		/* For file based kexec, source pages are in kernel memory */
-		if (image->file_mode)
-			memcpy(ptr, kbuf, uchunk);
-		else
-			result = copy_from_user(ptr, buf, uchunk);
+		if (uchunk) {
+			/* For file based kexec, source pages are in kernel memory */
+			if (image->file_mode)
+				memcpy(ptr, kbuf, uchunk);
+			else
+				result = copy_from_user(ptr, buf, uchunk);
+			ubytes -= uchunk;
+			if (image->file_mode)
+				kbuf += uchunk;
+			else
+				buf += uchunk;
+		}
 		kunmap_local(ptr);
 		if (result) {
 			result = -EFAULT;
 			goto out;
 		}
-		ubytes -= uchunk;
 		maddr  += mchunk;
-		if (image->file_mode)
-			kbuf += mchunk;
-		else
-			buf += mchunk;
 		mbytes -= mchunk;
 
 		cond_resched();
@@ -866,11 +868,18 @@ static int kimage_load_crash_segment(struct kimage *image,
 			memset(ptr + uchunk, 0, mchunk - uchunk);
 		}
 
-		/* For file based kexec, source pages are in kernel memory */
-		if (image->file_mode)
-			memcpy(ptr, kbuf, uchunk);
-		else
-			result = copy_from_user(ptr, buf, uchunk);
+		if (uchunk) {
+			/* For file based kexec, source pages are in kernel memory */
+			if (image->file_mode)
+				memcpy(ptr, kbuf, uchunk);
+			else
+				result = copy_from_user(ptr, buf, uchunk);
+			ubytes -= uchunk;
+			if (image->file_mode)
+				kbuf += uchunk;
+			else
+				buf += uchunk;
+		}
 		kexec_flush_icache_page(page);
 		kunmap_local(ptr);
 		arch_kexec_pre_free_pages(page_address(page), 1);
@@ -878,12 +887,7 @@ static int kimage_load_crash_segment(struct kimage *image,
 			result = -EFAULT;
 			goto out;
 		}
-		ubytes -= uchunk;
 		maddr  += mchunk;
-		if (image->file_mode)
-			kbuf += mchunk;
-		else
-			buf += mchunk;
 		mbytes -= mchunk;
 
 		cond_resched();