* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 [not found] <55114A1D.7030508@winsoft.pl> @ 2015-03-25 0:44 ` David Sterba 2015-03-25 7:04 ` Krzysztof Kolasa 0 siblings, 1 reply; 17+ messages in thread From: David Sterba @ 2015-03-25 0:44 UTC (permalink / raw) To: Krzysztof Kolasa; +Cc: tom.yeon, gregkh, linux-kernel On Tue, Mar 24, 2015 at 12:27:25PM +0100, Krzysztof Kolasa wrote: > lz4: fix system halted at boot kernel x86_64 compressed lz4 > > Decompression process ends with an error when loading kernel: > > Decoding failed > -- System halted Serious regression detected ... > > This condition is probably not needed ( from the last commit d5e7caf) : The offending patch is on the way to stable trees, so it would be best to postpone it for now. > if( ... || > (op + COPYLENGTH) > oend) > goto _output_error > > macro LZ4_SECURE_COPY() tests op and does not copy any data > when op exceeds the value, decompression process is continued. > > added by analogy security for the ref: > > if ((ref + COPYLENGTH) > oend... > > to lz4_uncompress_unknownoutputsize(...) I did only a quick check, your analysis seems correct. Reviewing the lz4 patches is tedious as the kernel implementations do not match the upstream one line-by-line besides that I've missed the side effects of the macro. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-03-25 0:44 ` lz4: fix system halted at boot kernel x86_64 compressed lz4 David Sterba @ 2015-03-25 7:04 ` Krzysztof Kolasa 2015-03-31 15:22 ` Greg KH 0 siblings, 1 reply; 17+ messages in thread From: Krzysztof Kolasa @ 2015-03-25 7:04 UTC (permalink / raw) To: dsterba, tom.yeon, gregkh, linux-kernel On 25.03.2015 01:44, David Sterba wrote: > On Tue, Mar 24, 2015 at 12:27:25PM +0100, Krzysztof Kolasa wrote: >> lz4: fix system halted at boot kernel x86_64 compressed lz4 >> >> Decompression process ends with an error when loading kernel: >> >> Decoding failed >> -- System halted > Serious regression detected ... > >> This condition is probably not needed ( from the last commit d5e7caf) : > The offending patch is on the way to stable trees, so it would be best > to postpone it for now. > >> if( ... || >> (op + COPYLENGTH) > oend) >> goto _output_error >> >> macro LZ4_SECURE_COPY() tests op and does not copy any data >> when op exceeds the value, decompression process is continued. >> >> added by analogy security for the ref: >> >> if ((ref + COPYLENGTH) > oend... >> >> to lz4_uncompress_unknownoutputsize(...) > I did only a quick check, your analysis seems correct. Reviewing the lz4 > patches is tedious as the kernel implementations do not match the > upstream one line-by-line besides that I've missed the side effects of > the macro. > Add patch source for review (send to LKML) : --------------------- lz4: fix system halted at boot kernel x86_64 compressed lz4 Decompression process ends with an error when loading kernel: Decoding failed -- System halted This condition is probably not needed ( from the last commit d5e7caf) : if( ... || (op + COPYLENGTH) > oend) goto _output_error macro LZ4_SECURE_COPY() tests op and does not copy any data when op exceeds the value, decompression process is continued. added by analogy security for the ref: if ((ref + COPYLENGTH) > oend... to lz4_uncompress_unknownoutputsize(...) Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> --- lib/lz4/lz4_decompress.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c index f0f5c5c..e248c4e 100644 --- a/lib/lz4/lz4_decompress.c +++ b/lib/lz4/lz4_decompress.c @@ -139,8 +139,7 @@ static int lz4_uncompress(const char *source, char *dest, int osize) /* Error: request to write beyond destination buffer */ if (cpy > oend) goto _output_error; - if ((ref + COPYLENGTH) > oend || - (op + COPYLENGTH) > oend) + if ((ref + COPYLENGTH) > oend) goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) @@ -270,6 +269,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, if (cpy > oend - COPYLENGTH) { if (cpy > oend) goto _output_error; /* write outside of buf */ + if ((ref + COPYLENGTH) > oend) + goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) -- 2.3.3.dirty ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-03-25 7:04 ` Krzysztof Kolasa @ 2015-03-31 15:22 ` Greg KH 2015-04-03 11:33 ` Krzysztof Kolasa 0 siblings, 1 reply; 17+ messages in thread From: Greg KH @ 2015-03-31 15:22 UTC (permalink / raw) To: Krzysztof Kolasa; +Cc: dsterba, tom.yeon, linux-kernel On Wed, Mar 25, 2015 at 08:04:59AM +0100, Krzysztof Kolasa wrote: > On 25.03.2015 01:44, David Sterba wrote: > > On Tue, Mar 24, 2015 at 12:27:25PM +0100, Krzysztof Kolasa wrote: > >> lz4: fix system halted at boot kernel x86_64 compressed lz4 > >> > >> Decompression process ends with an error when loading kernel: > >> > >> Decoding failed > >> -- System halted > > Serious regression detected ... > > > >> This condition is probably not needed ( from the last commit d5e7caf) : > > The offending patch is on the way to stable trees, so it would be best > > to postpone it for now. > > > >> if( ... || > >> (op + COPYLENGTH) > oend) > >> goto _output_error > >> > >> macro LZ4_SECURE_COPY() tests op and does not copy any data > >> when op exceeds the value, decompression process is continued. > >> > >> added by analogy security for the ref: > >> > >> if ((ref + COPYLENGTH) > oend... > >> > >> to lz4_uncompress_unknownoutputsize(...) > > I did only a quick check, your analysis seems correct. Reviewing the lz4 > > patches is tedious as the kernel implementations do not match the > > upstream one line-by-line besides that I've missed the side effects of > > the macro. > > > Add patch source for review (send to LKML) : > --------------------- > > lz4: fix system halted at boot kernel x86_64 compressed lz4 > > Decompression process ends with an error when loading kernel: > > Decoding failed > -- System halted > > This condition is probably not needed ( from the last commit d5e7caf) : > > if( ... || > (op + COPYLENGTH) > oend) > goto _output_error > > macro LZ4_SECURE_COPY() tests op and does not copy any data > when op exceeds the value, decompression process is continued. > > added by analogy security for the ref: > > if ((ref + COPYLENGTH) > oend... > > to lz4_uncompress_unknownoutputsize(...) > > Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> > --- > lib/lz4/lz4_decompress.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c > index f0f5c5c..e248c4e 100644 > --- a/lib/lz4/lz4_decompress.c > +++ b/lib/lz4/lz4_decompress.c > @@ -139,8 +139,7 @@ static int lz4_uncompress(const char *source, char *dest, int osize) > /* Error: request to write beyond destination buffer */ > if (cpy > oend) > goto _output_error; > - if ((ref + COPYLENGTH) > oend || > - (op + COPYLENGTH) > oend) > + if ((ref + COPYLENGTH) > oend) > goto _output_error; > LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); > while (op < cpy) > @@ -270,6 +269,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, > if (cpy > oend - COPYLENGTH) { > if (cpy > oend) > goto _output_error; /* write outside of buf */ > + if ((ref + COPYLENGTH) > oend) > + goto _output_error; > > LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); > while (op < cpy) > -- 2.3.3.dirty I'm confused, what is the problem here? What went wrong with the original patch that was posted, which is a mirror of what the lz4 code looks like "upstream"? Why make this change? Does it need to go into 4.0-final, or should I just revert the original patch? confused, greg k-h ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-03-31 15:22 ` Greg KH @ 2015-04-03 11:33 ` Krzysztof Kolasa 2015-04-03 13:17 ` Greg KH 0 siblings, 1 reply; 17+ messages in thread From: Krzysztof Kolasa @ 2015-04-03 11:33 UTC (permalink / raw) To: Greg KH; +Cc: dsterba, tom.yeon, linux-kernel On 31.03.2015 17:22, Greg KH wrote: > On Wed, Mar 25, 2015 at 08:04:59AM +0100, Krzysztof Kolasa wrote: >> On 25.03.2015 01:44, David Sterba wrote: >>> On Tue, Mar 24, 2015 at 12:27:25PM +0100, Krzysztof Kolasa wrote: >>>> lz4: fix system halted at boot kernel x86_64 compressed lz4 >>>> >>>> Decompression process ends with an error when loading kernel: >>>> >>>> Decoding failed >>>> -- System halted >>> Serious regression detected ... >>> >>>> This condition is probably not needed ( from the last commit d5e7caf) : >>> The offending patch is on the way to stable trees, so it would be best >>> to postpone it for now. >>> >>>> if( ... || >>>> (op + COPYLENGTH) > oend) >>>> goto _output_error >>>> >>>> macro LZ4_SECURE_COPY() tests op and does not copy any data >>>> when op exceeds the value, decompression process is continued. >>>> >>>> added by analogy security for the ref: >>>> >>>> if ((ref + COPYLENGTH) > oend... >>>> >>>> to lz4_uncompress_unknownoutputsize(...) >>> I did only a quick check, your analysis seems correct. Reviewing the lz4 >>> patches is tedious as the kernel implementations do not match the >>> upstream one line-by-line besides that I've missed the side effects of >>> the macro. >>> >> Add patch source for review (send to LKML) : >> --------------------- >> >> lz4: fix system halted at boot kernel x86_64 compressed lz4 >> >> Decompression process ends with an error when loading kernel: >> >> Decoding failed >> -- System halted >> >> This condition is probably not needed ( from the last commit d5e7caf) : >> >> if( ... || >> (op + COPYLENGTH) > oend) >> goto _output_error >> >> macro LZ4_SECURE_COPY() tests op and does not copy any data >> when op exceeds the value, decompression process is continued. >> >> added by analogy security for the ref: >> >> if ((ref + COPYLENGTH) > oend... >> >> to lz4_uncompress_unknownoutputsize(...) >> >> Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> >> --- >> lib/lz4/lz4_decompress.c | 5 +++-- >> 1 file changed, 3 insertions(+), 2 deletions(-) >> >> diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c >> index f0f5c5c..e248c4e 100644 >> --- a/lib/lz4/lz4_decompress.c >> +++ b/lib/lz4/lz4_decompress.c >> @@ -139,8 +139,7 @@ static int lz4_uncompress(const char *source, char *dest, int osize) >> /* Error: request to write beyond destination buffer */ >> if (cpy > oend) >> goto _output_error; >> - if ((ref + COPYLENGTH) > oend || >> - (op + COPYLENGTH) > oend) >> + if ((ref + COPYLENGTH) > oend) >> goto _output_error; >> LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); >> while (op < cpy) >> @@ -270,6 +269,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, >> if (cpy > oend - COPYLENGTH) { >> if (cpy > oend) >> goto _output_error; /* write outside of buf */ >> + if ((ref + COPYLENGTH) > oend) >> + goto _output_error; >> >> LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); >> while (op < cpy) >> -- 2.3.3.dirty > I'm confused, what is the problem here? What went wrong with the x86_64 lz4 kernel halted system... > original patch that was posted, which is a mirror of what the lz4 code > looks like "upstream"? > > Why make this change? Does it need to go into 4.0-final, or should I > just revert the original patch? > > confused, > > greg k-h > OK, after further tests have modified the previous patch, please check and analyze: [PATCH] lz4: fix system halted at boot kernel x86_64 compressed lz4 Decompression process ends with an error when loading 64bit lz4 kernel: Decoding failed -- System halted This condition is not needed for 64bit kernel ( from the last commit d5e7caf ) if( ... || (op + COPYLENGTH) > oend) goto _output_error macro LZ4_SECURE_COPY() tests op and does not copy any data when op exceeds the value, decompression process is continued. added by analogy to lz4_uncompress_unknownoutputsize(...) Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> --- lib/lz4/lz4_decompress.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c index f0f5c5c..8a742b1 100644 --- a/lib/lz4/lz4_decompress.c +++ b/lib/lz4/lz4_decompress.c @@ -139,8 +139,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize) /* Error: request to write beyond destination buffer */ if (cpy > oend) goto _output_error; +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else if ((ref + COPYLENGTH) > oend || (op + COPYLENGTH) > oend) +#endif goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) @@ -270,7 +274,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, if (cpy > oend - COPYLENGTH) { if (cpy > oend) goto _output_error; /* write outside of buf */ - +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else + if ((ref + COPYLENGTH) > oend || + (op + COPYLENGTH) > oend) +#endif + goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) *op++ = *ref++; -- 2.4.0.rc0.dirty ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 11:33 ` Krzysztof Kolasa @ 2015-04-03 13:17 ` Greg KH 2015-04-03 13:58 ` Krzysztof Kolasa 0 siblings, 1 reply; 17+ messages in thread From: Greg KH @ 2015-04-03 13:17 UTC (permalink / raw) To: Krzysztof Kolasa; +Cc: dsterba, tom.yeon, linux-kernel On Fri, Apr 03, 2015 at 01:33:54PM +0200, Krzysztof Kolasa wrote: > On 31.03.2015 17:22, Greg KH wrote: > > On Wed, Mar 25, 2015 at 08:04:59AM +0100, Krzysztof Kolasa wrote: > >> On 25.03.2015 01:44, David Sterba wrote: > >>> On Tue, Mar 24, 2015 at 12:27:25PM +0100, Krzysztof Kolasa wrote: > >>>> lz4: fix system halted at boot kernel x86_64 compressed lz4 > >>>> > >>>> Decompression process ends with an error when loading kernel: > >>>> > >>>> Decoding failed > >>>> -- System halted > >>> Serious regression detected ... > >>> > >>>> This condition is probably not needed ( from the last commit d5e7caf) : > >>> The offending patch is on the way to stable trees, so it would be best > >>> to postpone it for now. > >>> > >>>> if( ... || > >>>> (op + COPYLENGTH) > oend) > >>>> goto _output_error > >>>> > >>>> macro LZ4_SECURE_COPY() tests op and does not copy any data > >>>> when op exceeds the value, decompression process is continued. > >>>> > >>>> added by analogy security for the ref: > >>>> > >>>> if ((ref + COPYLENGTH) > oend... > >>>> > >>>> to lz4_uncompress_unknownoutputsize(...) > >>> I did only a quick check, your analysis seems correct. Reviewing the lz4 > >>> patches is tedious as the kernel implementations do not match the > >>> upstream one line-by-line besides that I've missed the side effects of > >>> the macro. > >>> > >> Add patch source for review (send to LKML) : > >> --------------------- > >> > >> lz4: fix system halted at boot kernel x86_64 compressed lz4 > >> > >> Decompression process ends with an error when loading kernel: > >> > >> Decoding failed > >> -- System halted > >> > >> This condition is probably not needed ( from the last commit d5e7caf) : > >> > >> if( ... || > >> (op + COPYLENGTH) > oend) > >> goto _output_error > >> > >> macro LZ4_SECURE_COPY() tests op and does not copy any data > >> when op exceeds the value, decompression process is continued. > >> > >> added by analogy security for the ref: > >> > >> if ((ref + COPYLENGTH) > oend... > >> > >> to lz4_uncompress_unknownoutputsize(...) > >> > >> Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> > >> --- > >> lib/lz4/lz4_decompress.c | 5 +++-- > >> 1 file changed, 3 insertions(+), 2 deletions(-) > >> > >> diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c > >> index f0f5c5c..e248c4e 100644 > >> --- a/lib/lz4/lz4_decompress.c > >> +++ b/lib/lz4/lz4_decompress.c > >> @@ -139,8 +139,7 @@ static int lz4_uncompress(const char *source, char *dest, int osize) > >> /* Error: request to write beyond destination buffer */ > >> if (cpy > oend) > >> goto _output_error; > >> - if ((ref + COPYLENGTH) > oend || > >> - (op + COPYLENGTH) > oend) > >> + if ((ref + COPYLENGTH) > oend) > >> goto _output_error; > >> LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); > >> while (op < cpy) > >> @@ -270,6 +269,8 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, > >> if (cpy > oend - COPYLENGTH) { > >> if (cpy > oend) > >> goto _output_error; /* write outside of buf */ > >> + if ((ref + COPYLENGTH) > oend) > >> + goto _output_error; > >> > >> LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); > >> while (op < cpy) > >> -- 2.3.3.dirty > > I'm confused, what is the problem here? What went wrong with the > x86_64 lz4 kernel halted system... > > original patch that was posted, which is a mirror of what the lz4 code > > looks like "upstream"? > > > > Why make this change? Does it need to go into 4.0-final, or should I > > just revert the original patch? > > > > confused, > > > > greg k-h > > > OK, after further tests have modified the previous patch, please check and analyze: What "previous patch"? None of my questions were answered here, so I have no idea what is going on at all. I'm going to have to just revert the original patch as obviously something is wrong, but no one will tell me what, so I'll just go back to the old behavior... thanks, greg k-h ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 13:17 ` Greg KH @ 2015-04-03 13:58 ` Krzysztof Kolasa 2015-04-03 14:17 ` Alexander Kuleshov 0 siblings, 1 reply; 17+ messages in thread From: Krzysztof Kolasa @ 2015-04-03 13:58 UTC (permalink / raw) To: Greg KH; +Cc: dsterba, tom.yeon, linux-kernel On 03.04.2015 15:17, Greg KH wrote: > What "previous patch"? None of my questions were answered here, so I have no idea what is going on at all. I'm going to have to just revert the original patch as obviously something is wrong, but no one will tell me what, so I'll just go back to the old behavior... thanks, greg k-h again from the beginning: commit: https://github.com/torvalds/linux/commit/d5e7cafd69da24e6d6cc988fab6ea313a2577efc halted my system on boot x86_64 kernel lz4 ( decompress error ) revert this commit is not required ( This patch improves security ), only slight changes I have proposed in my first patch, modified this patch today and I send again to LKML and CC to overview. This is a simple change to the analysis I do not believe that only I have a problem with the 64-bit kernel compressed in lz4. Krzysztof ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 13:58 ` Krzysztof Kolasa @ 2015-04-03 14:17 ` Alexander Kuleshov 2015-04-03 14:23 ` Greg KH 0 siblings, 1 reply; 17+ messages in thread From: Alexander Kuleshov @ 2015-04-03 14:17 UTC (permalink / raw) To: Krzysztof Kolasa; +Cc: Greg KH, dsterba, tom.yeon, linux-kernel On 3 April 2015 at 19:58, Krzysztof Kolasa <kkolasa@winsoft.pl> wrote: > > I do not believe that only I have a problem with the 64-bit kernel compressed in lz4. Hello all, I can confirm that the same problem occurs for me. Tested current mainline kernel with the Krzysztof's patch on qemu and real hardware, it solves the problem. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 14:17 ` Alexander Kuleshov @ 2015-04-03 14:23 ` Greg KH 2015-04-03 14:30 ` Krzysztof Kolasa 0 siblings, 1 reply; 17+ messages in thread From: Greg KH @ 2015-04-03 14:23 UTC (permalink / raw) To: Alexander Kuleshov; +Cc: Krzysztof Kolasa, dsterba, tom.yeon, linux-kernel On Fri, Apr 03, 2015 at 08:17:40PM +0600, Alexander Kuleshov wrote: > On 3 April 2015 at 19:58, Krzysztof Kolasa <kkolasa@winsoft.pl> wrote: > > > > I do not believe that only I have a problem with the 64-bit kernel compressed in lz4. > > Hello all, > > I can confirm that the same problem occurs for me. Tested current > mainline kernel with the Krzysztof's patch on qemu and real hardware, > it solves the problem. Ok, can someone send me the updated patch in a format that I can apply it in? Please add your tested-by line to the patch as well. thanks, greg k-h ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 14:23 ` Greg KH @ 2015-04-03 14:30 ` Krzysztof Kolasa 2015-04-03 14:44 ` Greg KH 0 siblings, 1 reply; 17+ messages in thread From: Krzysztof Kolasa @ 2015-04-03 14:30 UTC (permalink / raw) To: Greg KH, Alexander Kuleshov; +Cc: dsterba, tom.yeon, linux-kernel On 03.04.2015 16:23, Greg KH wrote: > On Fri, Apr 03, 2015 at 08:17:40PM +0600, Alexander Kuleshov wrote: >> On 3 April 2015 at 19:58, Krzysztof Kolasa <kkolasa@winsoft.pl> wrote: >>> I do not believe that only I have a problem with the 64-bit kernel compressed in lz4. >> Hello all, >> >> I can confirm that the same problem occurs for me. Tested current >> mainline kernel with the Krzysztof's patch on qemu and real hardware, >> it solves the problem. > Ok, can someone send me the updated patch in a format that I can apply > it in? Please add your tested-by line to the patch as well. > > thanks, > > greg k-h > [PATCHv2] lz4: fix system halted at boot kernel x86_64 compressed lz4 Decompression process ends with an error when loading 64bit lz4 kernel: Decoding failed -- System halted This condition is not needed for 64bit kernel ( from the last commit d5e7caf ) if( ... || (op + COPYLENGTH) > oend) goto _output_error macro LZ4_SECURE_COPY() tests op and does not copy any data when op exceeds the value, decompression process is continued. added by analogy to lz4_uncompress_unknownoutputsize(...) Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> --- lib/lz4/lz4_decompress.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c index f0f5c5c..8a742b1 100644 --- a/lib/lz4/lz4_decompress.c +++ b/lib/lz4/lz4_decompress.c @@ -139,8 +139,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize) /* Error: request to write beyond destination buffer */ if (cpy > oend) goto _output_error; +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else if ((ref + COPYLENGTH) > oend || (op + COPYLENGTH) > oend) +#endif goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) @@ -270,7 +274,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, if (cpy > oend - COPYLENGTH) { if (cpy > oend) goto _output_error; /* write outside of buf */ - +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else + if ((ref + COPYLENGTH) > oend || + (op + COPYLENGTH) > oend) +#endif + goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) *op++ = *ref++; -- 2.4.0.rc0.dirty ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 14:30 ` Krzysztof Kolasa @ 2015-04-03 14:44 ` Greg KH 2015-04-03 15:12 ` [PATCHv2] " Krzysztof Kolasa 0 siblings, 1 reply; 17+ messages in thread From: Greg KH @ 2015-04-03 14:44 UTC (permalink / raw) To: Krzysztof Kolasa; +Cc: Alexander Kuleshov, dsterba, tom.yeon, linux-kernel On Fri, Apr 03, 2015 at 04:30:40PM +0200, Krzysztof Kolasa wrote: > On 03.04.2015 16:23, Greg KH wrote: > > On Fri, Apr 03, 2015 at 08:17:40PM +0600, Alexander Kuleshov wrote: > >> On 3 April 2015 at 19:58, Krzysztof Kolasa <kkolasa@winsoft.pl> wrote: > >>> I do not believe that only I have a problem with the 64-bit kernel compressed in lz4. > >> Hello all, > >> > >> I can confirm that the same problem occurs for me. Tested current > >> mainline kernel with the Krzysztof's patch on qemu and real hardware, > >> it solves the problem. > > Ok, can someone send me the updated patch in a format that I can apply > > it in? Please add your tested-by line to the patch as well. > > > > thanks, > > > > greg k-h > > > > > [PATCHv2] lz4: fix system halted at boot kernel x86_64 compressed lz4 > > Decompression process ends with an error when loading 64bit lz4 kernel: <snip> I have to edit this by hand to remove the stuff above, please resend so that I can just pass the email to 'git am' directly. I deal with hundreds of patches a week, and can not waste time hand-editing them all... thanks, greg k-h ^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCHv2] lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 14:44 ` Greg KH @ 2015-04-03 15:12 ` Krzysztof Kolasa 2015-04-03 17:36 ` Greg KH 0 siblings, 1 reply; 17+ messages in thread From: Krzysztof Kolasa @ 2015-04-03 15:12 UTC (permalink / raw) To: Greg KH; +Cc: Alexander Kuleshov, dsterba, tom.yeon, linux-kernel Decompression process ends with an error when loading 64bit lz4 kernel: Decoding failed -- System halted This condition is not needed for 64bit kernel( from the last commit d5e7caf ) if( ... || (op + COPYLENGTH) > oend) goto _output_error macro LZ4_SECURE_COPY() tests op and does not copy any data when op exceeds the value, decompression process is continued. added by analogy to lz4_uncompress_unknownoutputsize(...) Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> --- lib/lz4/lz4_decompress.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c index f0f5c5c..8a742b1 100644 --- a/lib/lz4/lz4_decompress.c +++ b/lib/lz4/lz4_decompress.c @@ -139,8 +139,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize) /* Error: request to write beyond destination buffer */ if (cpy > oend) goto _output_error; +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else if ((ref + COPYLENGTH) > oend || (op + COPYLENGTH) > oend) +#endif goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) @@ -270,7 +274,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, if (cpy > oend - COPYLENGTH) { if (cpy > oend) goto _output_error; /* write outside of buf */ - +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else + if ((ref + COPYLENGTH) > oend || + (op + COPYLENGTH) > oend) +#endif + goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) *op++ = *ref++; -- 2.4.0.rc0.dirty ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCHv2] lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 15:12 ` [PATCHv2] " Krzysztof Kolasa @ 2015-04-03 17:36 ` Greg KH 2015-04-03 18:03 ` Krzysztof Kolasa 2015-04-03 18:18 ` Alexander Kuleshov 0 siblings, 2 replies; 17+ messages in thread From: Greg KH @ 2015-04-03 17:36 UTC (permalink / raw) To: Krzysztof Kolasa; +Cc: Alexander Kuleshov, dsterba, tom.yeon, linux-kernel On Fri, Apr 03, 2015 at 05:12:47PM +0200, Krzysztof Kolasa wrote: > Decompression process ends with an error when loading 64bit lz4 kernel: > > Decoding failed > -- System halted > > This condition is not needed for 64bit kernel( from the last commit d5e7caf ) > > if( ... || > (op + COPYLENGTH) > oend) > goto _output_error > > macro LZ4_SECURE_COPY() tests op and does not copy any data > when op exceeds the value, decompression process is continued. > > added by analogy to lz4_uncompress_unknownoutputsize(...) > > Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> > Tested-by: Alexander Kuleshov <alex0xax@gmail.com> > --- > lib/lz4/lz4_decompress.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > > diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c > index f0f5c5c..8a742b1 100644 > --- a/lib/lz4/lz4_decompress.c > +++ b/lib/lz4/lz4_decompress.c > @@ -139,8 +139,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize) > /* Error: request to write beyond destination buffer */ > if (cpy > oend) > goto _output_error; > +#if LZ4_ARCH64 > + if ((ref + COPYLENGTH) > oend) > +#else > if ((ref + COPYLENGTH) > oend || > (op + COPYLENGTH) > oend) > +#endif > goto _output_error; > LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); > while (op < cpy) > @@ -270,7 +274,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, > if (cpy > oend - COPYLENGTH) { > if (cpy > oend) > goto _output_error; /* write outside of buf */ > - > +#if LZ4_ARCH64 > + if ((ref + COPYLENGTH) > oend) > +#else > + if ((ref + COPYLENGTH) > oend || > + (op + COPYLENGTH) > oend) > +#endif > + goto _output_error; > LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); > while (op < cpy) > *op++ = *ref++; All whitespace is messed up, and this patch can not be applied :( ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCHv2] lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 17:36 ` Greg KH @ 2015-04-03 18:03 ` Krzysztof Kolasa 2015-04-03 18:06 ` Greg KH 2015-04-03 18:18 ` Alexander Kuleshov 1 sibling, 1 reply; 17+ messages in thread From: Krzysztof Kolasa @ 2015-04-03 18:03 UTC (permalink / raw) To: Greg KH; +Cc: Alexander Kuleshov, dsterba, tom.yeon, linux-kernel Decompression process ends with an error when loading 64bit lz4 kernel: Decoding failed -- System halted This condition is not needed for 64bit kernel( from the last commit d5e7caf ) if( ... || (op + COPYLENGTH) > oend) goto _output_error macro LZ4_SECURE_COPY() tests op and does not copy any data when op exceeds the value, decompression process is continued. added by analogy to lz4_uncompress_unknownoutputsize(...) Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> --- lib/lz4/lz4_decompress.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c index f0f5c5c..8a742b1 100644 --- a/lib/lz4/lz4_decompress.c +++ b/lib/lz4/lz4_decompress.c @@ -139,8 +139,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize) /* Error: request to write beyond destination buffer */ if (cpy > oend) goto _output_error; +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else if ((ref + COPYLENGTH) > oend || (op + COPYLENGTH) > oend) +#endif goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) @@ -270,7 +274,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, if (cpy > oend - COPYLENGTH) { if (cpy > oend) goto _output_error; /* write outside of buf */ - +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else + if ((ref + COPYLENGTH) > oend || + (op + COPYLENGTH) > oend) +#endif + goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) *op++ = *ref++; -- 2.4.0.rc0.dirty ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCHv2] lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 18:03 ` Krzysztof Kolasa @ 2015-04-03 18:06 ` Greg KH 0 siblings, 0 replies; 17+ messages in thread From: Greg KH @ 2015-04-03 18:06 UTC (permalink / raw) To: Krzysztof Kolasa; +Cc: Alexander Kuleshov, dsterba, tom.yeon, linux-kernel On Fri, Apr 03, 2015 at 08:03:33PM +0200, Krzysztof Kolasa wrote: > Decompression process ends with an error when loading 64bit lz4 kernel: > > Decoding failed > -- System halted > > This condition is not needed for 64bit kernel( from the last commit d5e7caf ) > > if( ... || > (op + COPYLENGTH) > oend) > goto _output_error > > macro LZ4_SECURE_COPY() tests op and does not copy any data > when op exceeds the value, decompression process is continued. > > added by analogy to lz4_uncompress_unknownoutputsize(...) > > Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> > --- > lib/lz4/lz4_decompress.c | 12 +++++++++++- > 1 file changed, 11 insertions(+), 1 deletion(-) > > diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c > index f0f5c5c..8a742b1 100644 > --- a/lib/lz4/lz4_decompress.c > +++ b/lib/lz4/lz4_decompress.c > @@ -139,8 +139,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize) > /* Error: request to write beyond destination buffer */ > if (cpy > oend) > goto _output_error; > +#if LZ4_ARCH64 > + if ((ref + COPYLENGTH) > oend) > +#else > if ((ref + COPYLENGTH) > oend || > (op + COPYLENGTH) > oend) > +#endif > goto _output_error; > LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); > while (op < cpy) > @@ -270,7 +274,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest, > if (cpy > oend - COPYLENGTH) { > if (cpy > oend) > goto _output_error; /* write outside of buf */ > - > +#if LZ4_ARCH64 > + if ((ref + COPYLENGTH) > oend) > +#else > + if ((ref + COPYLENGTH) > oend || > + (op + COPYLENGTH) > oend) > +#endif > + goto _output_error; > LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); > while (op < cpy) > *op++ = *ref++; > -- > 2.4.0.rc0.dirty Still all tabs turned to spaces :( ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCHv2] lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 17:36 ` Greg KH 2015-04-03 18:03 ` Krzysztof Kolasa @ 2015-04-03 18:18 ` Alexander Kuleshov 2015-04-03 19:01 ` Greg KH 1 sibling, 1 reply; 17+ messages in thread From: Alexander Kuleshov @ 2015-04-03 18:18 UTC (permalink / raw) To: Greg KH; +Cc: Krzysztof Kolasa, dsterba, tom.yeon, linux-kernel On 3 April 2015 at 23:36, Greg KH <gregkh@linuxfoundation.org> wrote: > On Fri, Apr 03, 2015 at 05:12:47PM +0200, Krzysztof Kolasa wrote: >> added by analogy to lz4_uncompress_unknownoutputsize(...) >> >> Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> >> Tested-by: Alexander Kuleshov <alex0xax@gmail.com> I'm not sure that my testing was important in this case, but if you'd to add my name, please use another email as: Tested-by: Alexander Kuleshov <kuleshovmail@gmail.com> ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCHv2] lz4: fix system halted at boot kernel x86_64 compressed lz4 2015-04-03 18:18 ` Alexander Kuleshov @ 2015-04-03 19:01 ` Greg KH 0 siblings, 0 replies; 17+ messages in thread From: Greg KH @ 2015-04-03 19:01 UTC (permalink / raw) To: Alexander Kuleshov; +Cc: Krzysztof Kolasa, dsterba, tom.yeon, linux-kernel On Sat, Apr 04, 2015 at 12:18:07AM +0600, Alexander Kuleshov wrote: > On 3 April 2015 at 23:36, Greg KH <gregkh@linuxfoundation.org> wrote: > > On Fri, Apr 03, 2015 at 05:12:47PM +0200, Krzysztof Kolasa wrote: > >> added by analogy to lz4_uncompress_unknownoutputsize(...) > >> > >> Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl> > >> Tested-by: Alexander Kuleshov <alex0xax@gmail.com> > > I'm not sure that my testing was important in this case, but if you'd > to add my name, please use another email as: > > Tested-by: Alexander Kuleshov <kuleshovmail@gmail.com> Thanks, will do so. If I ever get a patch that can be applied :) ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCHv2] lz4: fix system halted at boot kernel x86_64 compressed lz4
@ 2015-04-06 10:12 Krzysztof Kolasa
0 siblings, 0 replies; 17+ messages in thread
From: Krzysztof Kolasa @ 2015-04-06 10:12 UTC (permalink / raw)
To: gregkh; +Cc: tom.yeon, dsterba, linux-kernel, Krzysztof Kolasa
Decompression process ends with an error when loading 64bit lz4 kernel:
Decoding failed
-- System halted
This condition is not needed for 64bit kernel from the last
commit d5e7cafd69da ("LZ4 : fix the data abort issue")
if( ... ||
(op + COPYLENGTH) > oend)
goto _output_error
macro LZ4_SECURE_COPY() tests op and does not copy any data
when op exceeds the value, decompression process is continued.
added by analogy to lz4_uncompress_unknownoutputsize(...)
Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
---
lib/lz4/lz4_decompress.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
index f0f5c5c..8a742b1 100644
--- a/lib/lz4/lz4_decompress.c
+++ b/lib/lz4/lz4_decompress.c
@@ -139,8 +139,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize)
/* Error: request to write beyond destination buffer */
if (cpy > oend)
goto _output_error;
+#if LZ4_ARCH64
+ if ((ref + COPYLENGTH) > oend)
+#else
if ((ref + COPYLENGTH) > oend ||
(op + COPYLENGTH) > oend)
+#endif
goto _output_error;
LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
while (op < cpy)
@@ -270,7 +274,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
if (cpy > oend - COPYLENGTH) {
if (cpy > oend)
goto _output_error; /* write outside of buf */
-
+#if LZ4_ARCH64
+ if ((ref + COPYLENGTH) > oend)
+#else
+ if ((ref + COPYLENGTH) > oend ||
+ (op + COPYLENGTH) > oend)
+#endif
+ goto _output_error;
LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
while (op < cpy)
*op++ = *ref++;
--
2.4.0.rc1
^ permalink raw reply related [flat|nested] 17+ messages in threadend of thread, other threads:[~2015-04-06 10:12 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <55114A1D.7030508@winsoft.pl>
2015-03-25 0:44 ` lz4: fix system halted at boot kernel x86_64 compressed lz4 David Sterba
2015-03-25 7:04 ` Krzysztof Kolasa
2015-03-31 15:22 ` Greg KH
2015-04-03 11:33 ` Krzysztof Kolasa
2015-04-03 13:17 ` Greg KH
2015-04-03 13:58 ` Krzysztof Kolasa
2015-04-03 14:17 ` Alexander Kuleshov
2015-04-03 14:23 ` Greg KH
2015-04-03 14:30 ` Krzysztof Kolasa
2015-04-03 14:44 ` Greg KH
2015-04-03 15:12 ` [PATCHv2] " Krzysztof Kolasa
2015-04-03 17:36 ` Greg KH
2015-04-03 18:03 ` Krzysztof Kolasa
2015-04-03 18:06 ` Greg KH
2015-04-03 18:18 ` Alexander Kuleshov
2015-04-03 19:01 ` Greg KH
2015-04-06 10:12 Krzysztof Kolasa
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox