From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Vasily Gorbik <gor@linux.ibm.com>,
Alexander Egorenkov <egorenar@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Sasha Levin <sashal@kernel.org>,
agordeev@linux.ibm.com, terrelln@fb.com, masahiroy@kernel.org,
linux-s390@vger.kernel.org
Subject: [PATCH AUTOSEL 6.1 25/38] s390/decompressor: specify __decompress() buf len to avoid overflow
Date: Thu, 9 Feb 2023 06:14:44 -0500 [thread overview]
Message-ID: <20230209111459.1891941-25-sashal@kernel.org> (raw)
In-Reply-To: <20230209111459.1891941-1-sashal@kernel.org>
From: Vasily Gorbik <gor@linux.ibm.com>
[ Upstream commit 7ab41c2c08a32132ba8c14624910e2fe8ce4ba4b ]
Historically calls to __decompress() didn't specify "out_len" parameter
on many architectures including s390, expecting that no writes beyond
uncompressed kernel image are performed. This has changed since commit
2aa14b1ab2c4 ("zstd: import usptream v1.5.2") which includes zstd library
commit 6a7ede3dfccb ("Reduce size of dctx by reutilizing dst buffer
(#2751)"). Now zstd decompression code might store literal buffer in
the unwritten portion of the destination buffer. Since "out_len" is
not set, it is considered to be unlimited and hence free to use for
optimization needs. On s390 this might corrupt initrd or ipl report
which are often placed right after the decompressor buffer. Luckily the
size of uncompressed kernel image is already known to the decompressor,
so to avoid the problem simply specify it in the "out_len" parameter.
Link: https://github.com/facebook/zstd/commit/6a7ede3dfccb
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Tested-by: Alexander Egorenkov <egorenar@linux.ibm.com>
Link: https://lore.kernel.org/r/patch-1.thread-41c676.git-41c676c2d153.your-ad-here.call-01675030179-ext-9637@work.hours
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/boot/decompressor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/s390/boot/decompressor.c b/arch/s390/boot/decompressor.c
index e27c2140d6206..623f6775d01d7 100644
--- a/arch/s390/boot/decompressor.c
+++ b/arch/s390/boot/decompressor.c
@@ -80,6 +80,6 @@ void *decompress_kernel(void)
void *output = (void *)decompress_offset;
__decompress(_compressed_start, _compressed_end - _compressed_start,
- NULL, NULL, output, 0, NULL, error);
+ NULL, NULL, output, vmlinux.image_size, NULL, error);
return output;
}
--
2.39.0
next prev parent reply other threads:[~2023-02-09 11:18 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-09 11:14 [PATCH AUTOSEL 6.1 01/38] ASoC: amd: yc: Add DMI support for new acer/emdoor platforms Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 02/38] ASoC: SOF: sof-audio: start with the right widget type Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 03/38] ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 04/38] ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 05/38] ASoC: Intel: sof_cs42l42: " Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 06/38] ASoC: Intel: sof_nau8825: " Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 07/38] ASoC: Intel: sof_ssp_amp: " Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 08/38] selftests/bpf: Verify copy_register_state() preserves parent/live fields Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 09/38] ALSA: hda: Do not unset preset when cleaning up codec Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 10/38] ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 11/38] bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 12/38] ASoC: cs42l56: fix DT probe Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 13/38] tools/virtio: fix the vringh test for virtio ring changes Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 14/38] vdpa: ifcvf: Do proper cleanup if IFCVF init fails Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 15/38] net/rose: Fix to not accept on connected socket Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 16/38] selftest: net: Improve IPV6_TCLASS/IPV6_HOPLIMIT tests apparmor compatibility Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 17/38] powerpc/85xx: Fix unannotated intra-function call warning Sasha Levin
2023-02-10 11:25 ` Sathvika Vasireddy
2023-02-14 0:06 ` Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 18/38] powerpc/kvm: " Sasha Levin
2023-02-10 11:26 ` Sathvika Vasireddy
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 19/38] net: stmmac: do not stop RX_CLK in Rx LPI state for qcs404 SoC Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 20/38] powerpc/64: Fix perf profiling asynchronous interrupt handlers Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 21/38] fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work() Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 22/38] drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 23/38] net: ethernet: mtk_eth_soc: Avoid truncating allocation Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 24/38] net: sched: sch: Bounds check priority Sasha Levin
2023-02-09 11:14 ` Sasha Levin [this message]
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 26/38] nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 27/38] nvme: clear the request_queue pointers on failure in nvme_alloc_admin_tag_set Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 28/38] nvme: clear the request_queue pointers on failure in nvme_alloc_io_tag_set Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 29/38] drm/amd/display: Add missing brackets in calculation Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 30/38] drm/amd/display: Adjust downscaling limits for dcn314 Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 31/38] drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 32/38] drm/amd/display: Reset DMUB mailbox SW state after HW reset Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 33/38] drm/amdgpu: enable HDP SD for gfx 11.0.3 Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 34/38] drm/amdgpu: Enable vclk dclk node for gc11.0.3 Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 35/38] drm/amd/display: Properly handle additional cases where DCN is not supported Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 36/38] platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 37/38] ceph: move mount state enum to super.h Sasha Levin
2023-02-09 11:14 ` [PATCH AUTOSEL 6.1 38/38] ceph: blocklist the kclient when receiving corrupted snap trace Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230209111459.1891941-25-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=agordeev@linux.ibm.com \
--cc=egorenar@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=stable@vger.kernel.org \
--cc=terrelln@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox