From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757685AbcCVHc4 (ORCPT ); Tue, 22 Mar 2016 03:32:56 -0400 Received: from mx1.redhat.com ([209.132.183.28]:41243 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755897AbcCVHcf (ORCPT ); Tue, 22 Mar 2016 03:32:35 -0400 From: Baoquan He To: linux-kernel@vger.kernel.org Cc: yinghai@kernel.org, keescook@chromium.org, hpa@zytor.com, mingo@redhat.com, bp@alien8.de, vgoyal@redhat.com, luto@kernel.org, lasse.collin@tukaani.org, akpm@linux-foundation.org, dyoung@redhat.com, Baoquan He Subject: [PATCH v4 02/20] x86, kaslr: Fix a bug that relocation can not be handled when kernel is loaded above 2G Date: Tue, 22 Mar 2016 15:31:59 +0800 Message-Id: <1458631937-14593-3-git-send-email-bhe@redhat.com> In-Reply-To: <1458631937-14593-1-git-send-email-bhe@redhat.com> References: <1458631937-14593-1-git-send-email-bhe@redhat.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When process 32 bit relocation tables a local variable 'extended' is defined to calculate the physical address of relocs entry. However its type is 'int' which is enough for i386, but not enough for x86_64. That's why relocation can only be handled under 2G. Otherwise a overflow will happen and cause system hang. Here change it to 'long' as 32 bit inverse relocation processing does, and this change is safe for i386 relocation handling. Signed-off-by: Baoquan He Acked-by: Kees Cook --- arch/x86/boot/compressed/misc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index f35ad9e..c4477d5 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -295,7 +295,7 @@ static void handle_relocations(void *output, unsigned long output_len) * So we work backwards from the end of the decompressed image. */ for (reloc = output + output_len - sizeof(*reloc); *reloc; reloc--) { - int extended = *reloc; + long extended = *reloc; extended += map; ptr = (unsigned long)extended; -- 2.5.0