• WANG Chao's avatar
    vmcore: fix PT_NOTE n_namesz, n_descsz overflow issue · 34b47764
    WANG Chao authored
    When updating PT_NOTE header size (ie.  p_memsz), an overflow issue
    happens with the following bogus note entry:
      n_namesz = 0xFFFFFFFF
      n_descsz = 0x0
      n_type   = 0x0
    This kind of note entry should be dropped during updating p_memsz.  But
    because n_namesz is 32bit, after (n_namesz + 3) & (~3), it's overflow to
    0x0, the note entry size looks sane and reserved.
    When userspace (eg.  crash utility) is trying to access such bogus note,
    it could lead to an unexpected behavior (eg.  crash utility segment fault
    because it's reading bogus address).
    The source of bogus note hasn't been identified yet.  At least we could
    drop the bogus note so user space wouldn't be surprised.
    Signed-off-by: default avatarWANG Chao <chaowang@redhat.com>
    Cc: Dave Anderson <anderson@redhat.com>
    Cc: Baoquan He <bhe@redhat.com>
    Cc: Randy Wright <rwright@hp.com>
    Cc: Vivek Goyal <vgoyal@redhat.com>
    Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
    Cc: Fabian Frederick <fabf@skynet.be>
    Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
    Cc: Rashika Kheria <rashika.kheria@gmail.com>
    Cc: Greg Pearson <greg.pearson@hp.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>