diff options
| author | He Zhe <zhe.he@windriver.com> | 2018-08-14 11:33:42 -0400 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2018-09-10 08:47:32 -0400 |
| commit | ccde460b9ae5c2bd5e4742af0a7f623c2daad566 (patch) | |
| tree | 60eb714828b5c42f29593f565f5692e9a0dfdc10 | |
| parent | 11da3a7f84f19c26da6f86af878298694ede0804 (diff) | |
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
memory_corruption_check[{_period|_size}]()'s handlers do not check input
argument before passing it to kstrtoul() or simple_strtoull(). The argument
would be a NULL pointer if each of the kernel parameters, without its
value, is set in command line and thus cause the following panic.
PANIC: early exception 0xe3 IP 10:ffffffff73587c22 error 0 cr2 0x0
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.18-rc8+ #2
[ 0.000000] RIP: 0010:kstrtoull+0x2/0x10
...
[ 0.000000] Call Trace
[ 0.000000] ? set_corruption_check+0x21/0x49
[ 0.000000] ? do_early_param+0x4d/0x82
[ 0.000000] ? parse_args+0x212/0x330
[ 0.000000] ? rdinit_setup+0x26/0x26
[ 0.000000] ? parse_early_options+0x20/0x23
[ 0.000000] ? rdinit_setup+0x26/0x26
[ 0.000000] ? parse_early_param+0x2d/0x39
[ 0.000000] ? setup_arch+0x2f7/0xbf4
[ 0.000000] ? start_kernel+0x5e/0x4c2
[ 0.000000] ? load_ucode_bsp+0x113/0x12f
[ 0.000000] ? secondary_startup_64+0xa5/0xb0
This patch adds checks to prevent the panic.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: gregkh@linuxfoundation.org
Cc: kstewart@linuxfoundation.org
Cc: pombredanne@nexb.com
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/1534260823-87917-1-git-send-email-zhe.he@windriver.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
| -rw-r--r-- | arch/x86/kernel/check.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/arch/x86/kernel/check.c b/arch/x86/kernel/check.c index 33399426793e..cc8258a5378b 100644 --- a/arch/x86/kernel/check.c +++ b/arch/x86/kernel/check.c | |||
| @@ -31,6 +31,11 @@ static __init int set_corruption_check(char *arg) | |||
| 31 | ssize_t ret; | 31 | ssize_t ret; |
| 32 | unsigned long val; | 32 | unsigned long val; |
| 33 | 33 | ||
| 34 | if (!arg) { | ||
| 35 | pr_err("memory_corruption_check config string not provided\n"); | ||
| 36 | return -EINVAL; | ||
| 37 | } | ||
| 38 | |||
| 34 | ret = kstrtoul(arg, 10, &val); | 39 | ret = kstrtoul(arg, 10, &val); |
| 35 | if (ret) | 40 | if (ret) |
| 36 | return ret; | 41 | return ret; |
| @@ -45,6 +50,11 @@ static __init int set_corruption_check_period(char *arg) | |||
| 45 | ssize_t ret; | 50 | ssize_t ret; |
| 46 | unsigned long val; | 51 | unsigned long val; |
| 47 | 52 | ||
| 53 | if (!arg) { | ||
| 54 | pr_err("memory_corruption_check_period config string not provided\n"); | ||
| 55 | return -EINVAL; | ||
| 56 | } | ||
| 57 | |||
| 48 | ret = kstrtoul(arg, 10, &val); | 58 | ret = kstrtoul(arg, 10, &val); |
| 49 | if (ret) | 59 | if (ret) |
| 50 | return ret; | 60 | return ret; |
| @@ -59,6 +69,11 @@ static __init int set_corruption_check_size(char *arg) | |||
| 59 | char *end; | 69 | char *end; |
| 60 | unsigned size; | 70 | unsigned size; |
| 61 | 71 | ||
| 72 | if (!arg) { | ||
| 73 | pr_err("memory_corruption_check_size config string not provided\n"); | ||
| 74 | return -EINVAL; | ||
| 75 | } | ||
| 76 | |||
| 62 | size = memparse(arg, &end); | 77 | size = memparse(arg, &end); |
| 63 | 78 | ||
| 64 | if (*end == '\0') | 79 | if (*end == '\0') |