[GIT PULL] s390 fixes for 6.2-rc7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Linus,

please pull a couple of s390 fixes.

Thanks,
Heiko

The following changes since commit 41e1992665a2701fa025a8b76970c43b4148446f:

  s390: workaround invalid gcc-11 out of bounds read warning (2023-01-17 19:00:59 +0100)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git tags/s390-6.2-4

for you to fetch changes up to 7ab41c2c08a32132ba8c14624910e2fe8ce4ba4b:

  s390/decompressor: specify __decompress() buf len to avoid overflow (2023-01-31 18:54:21 +0100)

----------------------------------------------------------------
s390 fixes for 6.2-rc7

- With CONFIG_VMAP_STACK enabled it is not possible to load the s390
  specific diag288_wdt watchdog module. Reason is that a pointer to a
  string is passed to an inline assembly; this string however is located on
  the stack, while the instruction within the inline assembly expects a
  physicial address. Fix this by copying the string to a kmalloc'ed buffer.

- The diag288_wdt watchdog module does not indicate that it accesses memory
  from an inline assembly, which it does. Add "memory" to the clobber list
  to prevent the compiler from optimizing code incorrectly away.

- Pass size of the uncompressed kernel image to __decompress() call.
  Otherwise the kernel image decompressor may corrupt/overwrite an
  initrd. This was reported to happen on s390 after commit 2aa14b1ab2c4
  ("zstd: import usptream v1.5.2").

----------------------------------------------------------------
Alexander Egorenkov (2):
      watchdog: diag288_wdt: do not use stack buffers for hardware data
      watchdog: diag288_wdt: fix __diag288() inline assembly

Vasily Gorbik (1):
      s390/decompressor: specify __decompress() buf len to avoid overflow

 arch/s390/boot/decompressor.c  |  2 +-
 drivers/watchdog/diag288_wdt.c | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/arch/s390/boot/decompressor.c b/arch/s390/boot/decompressor.c
index 8dcd7af2911a..b519a1f045d8 100644
--- a/arch/s390/boot/decompressor.c
+++ b/arch/s390/boot/decompressor.c
@@ -80,6 +80,6 @@ void *decompress_kernel(void)
 	void *output = (void *)decompress_offset;
 
 	__decompress(_compressed_start, _compressed_end - _compressed_start,
-		     NULL, NULL, output, 0, NULL, error);
+		     NULL, NULL, output, vmlinux.image_size, NULL, error);
 	return output;
 }
diff --git a/drivers/watchdog/diag288_wdt.c b/drivers/watchdog/diag288_wdt.c
index 4cb10877017c..6ca5d9515d85 100644
--- a/drivers/watchdog/diag288_wdt.c
+++ b/drivers/watchdog/diag288_wdt.c
@@ -86,7 +86,7 @@ static int __diag288(unsigned int func, unsigned int timeout,
 		"1:\n"
 		EX_TABLE(0b, 1b)
 		: "+d" (err) : "d"(__func), "d"(__timeout),
-		  "d"(__action), "d"(__len) : "1", "cc");
+		  "d"(__action), "d"(__len) : "1", "cc", "memory");
 	return err;
 }
 
@@ -268,12 +268,21 @@ static int __init diag288_init(void)
 	char ebc_begin[] = {
 		194, 197, 199, 201, 213
 	};
+	char *ebc_cmd;
 
 	watchdog_set_nowayout(&wdt_dev, nowayout_info);
 
 	if (MACHINE_IS_VM) {
-		if (__diag288_vm(WDT_FUNC_INIT, 15,
-				 ebc_begin, sizeof(ebc_begin)) != 0) {
+		ebc_cmd = kmalloc(sizeof(ebc_begin), GFP_KERNEL);
+		if (!ebc_cmd) {
+			pr_err("The watchdog cannot be initialized\n");
+			return -ENOMEM;
+		}
+		memcpy(ebc_cmd, ebc_begin, sizeof(ebc_begin));
+		ret = __diag288_vm(WDT_FUNC_INIT, 15,
+				   ebc_cmd, sizeof(ebc_begin));
+		kfree(ebc_cmd);
+		if (ret != 0) {
 			pr_err("The watchdog cannot be initialized\n");
 			return -EINVAL;
 		}



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux