Re: [PATCH v2 4/4] kexec_file: Fix the issue of mismatch between loop variable types
From: Qiang Ma
Date: Wed Nov 05 2025 - 02:07:44 EST
在 2025/11/5 14:56, Baoquan He 写道:
On 11/05/25 at 11:47am, Qiang Ma wrote:Oh, then this patch is really not necessary.
在 2025/11/5 11:05, Baoquan He 写道:Please check kexec_add_buffer(), there's checking for the value which
On 11/03/25 at 02:34pm, Qiang Ma wrote:If image->nr_segments is large enough, 'i' overflow causes an infinite loop.
The type of the struct kimage member variable nr_segments is unsigned long.I can't see what's meaningful with this change. nr_segments is unsigned
Correct the loop variable i and the print format specifier type.
long, but it's the range 'i' will loop. If so, we need change all for
loop of the int iterator.
upper limit is restricted to 16.
if (kbuf->image->nr_segments >= KEXEC_SEGMENT_MAX)
return -EINVAL;
Signed-off-by: Qiang Ma <maqianga@xxxxxxxxxxxxx>
---
kernel/kexec_file.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index 4a24aadbad02..7afdaa0efc50 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -366,7 +366,8 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
int image_type = (flags & KEXEC_FILE_ON_CRASH) ?
KEXEC_TYPE_CRASH : KEXEC_TYPE_DEFAULT;
struct kimage **dest_image, *image;
- int ret = 0, i;
+ int ret = 0;
+ unsigned long i;
/* We only trust the superuser with rebooting the system. */
if (!kexec_load_permitted(image_type))
@@ -432,7 +433,7 @@ SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd,
struct kexec_segment *ksegment;
ksegment = &image->segment[i];
- kexec_dprintk("segment[%d]: buf=0x%p bufsz=0x%zx mem=0x%lx memsz=0x%zx\n",
+ kexec_dprintk("segment[%lu]: buf=0x%p bufsz=0x%zx mem=0x%lx memsz=0x%zx\n",
i, ksegment->buf, ksegment->bufsz, ksegment->mem,
ksegment->memsz);
--
2.20.1