[S390] correct ipl parameter block safe guard

The 'output' variable is passed from decompress_kernel to check_ipl_parmblock before it is initialized. That disables the safe guard against the overwrite of the ipl parameter block. Fix this by passing the correct value to check_ipl_parmblock. Reported-by: N David Binderman <dcb314@hotmail.com> Signed-off-by: N Martin Schwidefsky <schwidefsky@de.ibm.com>

[S390] correct ipl parameter block safe guard
The 'output' variable is passed from decompress_kernel to check_ipl_parmblock before it is initialized. That disables the safe guard against the overwrite of the ipl parameter block. Fix this by passing the correct value to check_ipl_parmblock. Reported-by: N David Binderman <dcb314@hotmail.com> Signed-off-by: N Martin Schwidefsky <schwidefsky@de.ibm.com>
a8c8d7c6 · Martin Schwidefsky · Martin Schwidefsky · 03e3b5a0 · a8c8d7c6
显示空白变更内容
内联并排

Showing with 3 addition and 2 deletion

arch/s390/boot/compressed/misc.c arch/s390/boot/compressed/misc.c +3 -2

未找到文件。
--- a/arch/s390/boot/compressed/misc.c
+++ b/arch/s390/boot/compressed/misc.c
@@ -133,11 +133,12 @@ unsigned long decompress_kernel(void)
 	unsigned long output_addr;
 	unsigned char *output;
-	check_ipl_parmblock((void *) 0, (unsigned long) output + SZ__bss_start);
+	output_addr = ((unsigned long) &_end + HEAP_SIZE + 4095UL) & -4096UL;
+	check_ipl_parmblock((void *) 0, output_addr + SZ__bss_start);
 	memset(&_bss, 0, &_ebss - &_bss);
 	free_mem_ptr = (unsigned long)&_end;
 	free_mem_end_ptr = free_mem_ptr + HEAP_SIZE;
-	output = (unsigned char *) ((free_mem_end_ptr + 4095UL) & -4096UL);
+	output = (unsigned char *) output_addr;
 #ifdef CONFIG_BLK_DEV_INITRD
 	/*