Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2d3862d2 authored Sep 09, 2015 by Yinghai Lu Committed by Linus Torvalds Sep 10, 2015

lib/decompressors: use real out buf size for gunzip with kernel



When loading x86 64bit kernel above 4GiB with patched grub2, got kernel
gunzip error.

| early console in decompress_kernel
| decompress_kernel:
|       input: [0x807f2143b4-0x807ff61aee]
|      output: [0x807cc00000-0x807f3ea29b] 0x027ea29c: output_len
| boot via startup_64
| KASLR using RDTSC...
|  new output: [0x46fe000000-0x470138cfff] 0x0338d000: output_run_size
|  decompress: [0x46fe000000-0x47007ea29b] <=== [0x807f2143b4-0x807ff61aee]
|
| Decompressing Linux... gz...
|
| uncompression error
|
| -- System halted

the new buffer is at 0x46fe000000ULL, decompressor_gzip is using
0xffffffb901ffffff as out_len.  gunzip in lib/zlib_inflate/inflate.c cap
that len to 0x01ffffff and decompress fails later.

We could hit this problem with crashkernel booting that uses kexec loading
kernel above 4GiB.

We have decompress_* support:
    1. inbuf[]/outbuf[] for kernel preboot.
    2. inbuf[]/flush() for initramfs
    3. fill()/flush() for initrd.
This bug only affect kernel preboot path that use outbuf[].

Add __decompress and take real out_buf_len for gunzip instead of guessing
wrong buf size.

Fixes: 1431574a (lib/decompressors: fix "no limit" output buffer length)
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Cc: Alexandre Courbot <acourbot@nvidia.com>
Cc: Jon Medhurst <tixy@linaro.org>
Cc: Stephen Warren <swarren@wwwdotorg.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent e852d82a

arch/arm/boot/compressed/decompress.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -57,5 +57,5 @@ extern char * strstr(const char * s1, const char *s2);

		int do_decompress(u8 input, int len, u8 output, void (error)(char x))
		{
		return decompress(input, len, NULL, NULL, output, NULL, error);
		return __decompress(input, len, NULL, NULL, output, 0, NULL, error);
		}

arch/h8300/boot/compressed/misc.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -70,5 +70,5 @@ void decompress_kernel(void)
		free_mem_ptr = (unsigned long)&_end;
		free_mem_end_ptr = free_mem_ptr + HEAP_SIZE;

		decompress(input_data, input_len, NULL, NULL, output, NULL, error);
		__decompress(input_data, input_len, NULL, NULL, output, 0, NULL, error);
		}

arch/m32r/boot/compressed/misc.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -86,6 +86,7 @@ decompress_kernel(int mmu_on, unsigned char *zimage_data,
		free_mem_end_ptr = free_mem_ptr + BOOT_HEAP_SIZE;

		puts("\nDecompressing Linux... ");
		decompress(input_data, input_len, NULL, NULL, output_data, NULL, error);
		__decompress(input_data, input_len, NULL, NULL, output_data, 0,
		NULL, error);
		puts("done.\nBooting the kernel.\n");
		}

arch/mips/boot/compressed/decompress.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -111,8 +111,8 @@ void decompress_kernel(unsigned long boot_heap_start)
		puts("\n");

		/* Decompress the kernel with according algorithm */
		decompress((char *)zimage_start, zimage_size, 0, 0,
		(void *)VMLINUX_LOAD_ADDRESS_ULL, 0, error);
		__decompress((char *)zimage_start, zimage_size, 0, 0,
		(void *)VMLINUX_LOAD_ADDRESS_ULL, 0, 0, error);

		/* FIXME: should we flush cache here? */
		puts("Now, booting the kernel...\n");

arch/s390/boot/compressed/misc.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -167,7 +167,7 @@ unsigned long decompress_kernel(void)
		#endif

		puts("Uncompressing Linux... ");
		decompress(input_data, input_len, NULL, NULL, output, NULL, error);
		__decompress(input_data, input_len, NULL, NULL, output, 0, NULL, error);
		puts("Ok, booting the kernel.\n");
		return (unsigned long) output;
		}