Am 15.03.2018 um 06:19 hat Jack Schwartz geschrieben:
> Hi Kevin.
>
> My comments are inline...
>
> On 2018-03-14 10:32, Kevin Wolf wrote:
> > The code path with a manually set mh_load_addr in the Multiboot header
> > checks that load_end_addr <= load_addr, but the path where load_end_addr
> > is automatically detected if 0 is given in the header misses the
> > corresponding check.
> 1) The code checks that load_end_addr >= load_addr (before letting it
> through).
>
> 2) load_end_addr is used only when it is read in as non-zero, so no check is
> needed if zero. (It gets debug-printed even when zero, but is used only to
> calculate mb_load_size and only when non-zero.)
Oops, good point. I'll change the start of the commit message as follows:
The code path with a manually set mh_load_end_addr in the Multiboot
header checks that mh_load_end_addr >= mh_load_addr, but the path where
mh_load_end_addr is 0 in the header and therefore automatically
calculated from the file size misses the corresponding check.
Does this look better?
> > If the kernel binary size is larger than can fit in
> > the address space after load_addr, we ended up with a kernel_size that
> > is smaller than load_size, which means that we read the file into a too
> > small buffer.
> >
> > Add a check to reject kernel files with such Multiboot headers.
> Code itself looks fine.
>
> Modulo above comments:
> Reviewed-by: Jack Schwartz <jack.schwa...@oracle.com>
Thanks for your review of the series!
Kevin
