[PATCH 3.18 05/90] x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided

Mon, 19 Nov 2018 09:05:45 -0800 

3.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: He Zhe <zhe...@windriver.com>

commit ccde460b9ae5c2bd5e4742af0a7f623c2daad566 upstream.

memory_corruption_check[{_period|_size}]()'s handlers do not check input
argument before passing it to kstrtoul() or simple_strtoull(). The argument
would be a NULL pointer if each of the kernel parameters, without its
value, is set in command line and thus cause the following panic.

PANIC: early exception 0xe3 IP 10:ffffffff73587c22 error 0 cr2 0x0
[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.18-rc8+ #2
[    0.000000] RIP: 0010:kstrtoull+0x2/0x10
...
[    0.000000] Call Trace
[    0.000000]  ? set_corruption_check+0x21/0x49
[    0.000000]  ? do_early_param+0x4d/0x82
[    0.000000]  ? parse_args+0x212/0x330
[    0.000000]  ? rdinit_setup+0x26/0x26
[    0.000000]  ? parse_early_options+0x20/0x23
[    0.000000]  ? rdinit_setup+0x26/0x26
[    0.000000]  ? parse_early_param+0x2d/0x39
[    0.000000]  ? setup_arch+0x2f7/0xbf4
[    0.000000]  ? start_kernel+0x5e/0x4c2
[    0.000000]  ? load_ucode_bsp+0x113/0x12f
[    0.000000]  ? secondary_startup_64+0xa5/0xb0

This patch adds checks to prevent the panic.

Signed-off-by: He Zhe <zhe...@windriver.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Cc: gre...@linuxfoundation.org
Cc: kstew...@linuxfoundation.org
Cc: pombreda...@nexb.com
Cc: sta...@vger.kernel.org
Link: 
http://lkml.kernel.org/r/1534260823-87917-1-git-send-email-zhe...@windriver.com
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>

---
 arch/x86/kernel/check.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

--- a/arch/x86/kernel/check.c
+++ b/arch/x86/kernel/check.c
@@ -30,6 +30,11 @@ static __init int set_corruption_check(c
        ssize_t ret;
        unsigned long val;
 
+       if (!arg) {
+               pr_err("memory_corruption_check config string not provided\n");
+               return -EINVAL;
+       }
+
        ret = kstrtoul(arg, 10, &val);
        if (ret)
                return ret;
@@ -44,6 +49,11 @@ static __init int set_corruption_check_p
        ssize_t ret;
        unsigned long val;
 
+       if (!arg) {
+               pr_err("memory_corruption_check_period config string not 
provided\n");
+               return -EINVAL;
+       }
+
        ret = kstrtoul(arg, 10, &val);
        if (ret)
                return ret;
@@ -58,6 +68,11 @@ static __init int set_corruption_check_s
        char *end;
        unsigned size;
 
+       if (!arg) {
+               pr_err("memory_corruption_check_size config string not 
provided\n");
+               return -EINVAL;
+       }
+
        size = memparse(arg, &end);
 
        if (*end == '\0')

Reply via email to