On Mon, Mar 20, 2023 at 11:32:02AM +0100, Sven Schnelle wrote:
> The code which handles the ipl report is searching for a free location
> in memory where it could copy the component and certificate entries to.
> It checks for intersection between the sections required for the kernel
> and the component/certificate data area, but fails to check whether
> the data structures linking these data areas together intersect.
>
> This might cause the iplreport copy code to overwrite the iplreport
> itself. Fix this by adding two addtional intersection checks.
>
> Cc: <stable@xxxxxxxxxxxxxxx>
> Fixes: 9641b8cc733f ("s390/ipl: read IPL report at early boot")
> Signed-off-by: Sven Schnelle <svens@xxxxxxxxxxxxx>
> Reviewed-by: Vasily Gorbik <gor@xxxxxxxxxxxxx>
> Signed-off-by: Vasily Gorbik <gor@xxxxxxxxxxxxx>
> (cherry picked from commit a52e5cdbe8016d4e3e6322fd93d71afddb9a5af9)
> Signed-off-by: Sven Schnelle <svens@xxxxxxxxxxxxx>
> ---
> arch/s390/boot/ipl_report.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
Both now queued up, thanks.
greg k-h
