From: Martin Schwidefsky Date: Thu, 17 Feb 2011 12:13:57 +0000 (+0100) Subject: [S390] correct ipl parameter block safe guard X-Git-Tag: firefly_0821_release~7613^2~2406^2~2 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=a8c8d7c683419d059e302373afc6998244f5f60f;p=firefly-linux-kernel-4.4.55.git [S390] correct ipl parameter block safe guard The 'output' variable is passed from decompress_kernel to check_ipl_parmblock before it is initialized. That disables the safe guard against the overwrite of the ipl parameter block. Fix this by passing the correct value to check_ipl_parmblock. Reported-by: David Binderman Signed-off-by: Martin Schwidefsky --- diff --git a/arch/s390/boot/compressed/misc.c b/arch/s390/boot/compressed/misc.c index 0851eb1e919e..2751b3a8a66f 100644 --- a/arch/s390/boot/compressed/misc.c +++ b/arch/s390/boot/compressed/misc.c @@ -133,11 +133,12 @@ unsigned long decompress_kernel(void) unsigned long output_addr; unsigned char *output; - check_ipl_parmblock((void *) 0, (unsigned long) output + SZ__bss_start); + output_addr = ((unsigned long) &_end + HEAP_SIZE + 4095UL) & -4096UL; + check_ipl_parmblock((void *) 0, output_addr + SZ__bss_start); memset(&_bss, 0, &_ebss - &_bss); free_mem_ptr = (unsigned long)&_end; free_mem_end_ptr = free_mem_ptr + HEAP_SIZE; - output = (unsigned char *) ((free_mem_end_ptr + 4095UL) & -4096UL); + output = (unsigned char *) output_addr; #ifdef CONFIG_BLK_DEV_INITRD /*