forked from Minki/linux
2d3862d26e
When loading x86 64bit kernel above 4GiB with patched grub2, got kernel
gunzip error.
| early console in decompress_kernel
| decompress_kernel:
| input: [0x807f2143b4-0x807ff61aee]
| output: [0x807cc00000-0x807f3ea29b] 0x027ea29c: output_len
| boot via startup_64
| KASLR using RDTSC...
| new output: [0x46fe000000-0x470138cfff] 0x0338d000: output_run_size
| decompress: [0x46fe000000-0x47007ea29b] <=== [0x807f2143b4-0x807ff61aee]
|
| Decompressing Linux... gz...
|
| uncompression error
|
| -- System halted
the new buffer is at 0x46fe000000ULL, decompressor_gzip is using
0xffffffb901ffffff as out_len. gunzip in lib/zlib_inflate/inflate.c cap
that len to 0x01ffffff and decompress fails later.
We could hit this problem with crashkernel booting that uses kexec loading
kernel above 4GiB.
We have decompress_* support:
1. inbuf[]/outbuf[] for kernel preboot.
2. inbuf[]/flush() for initramfs
3. fill()/flush() for initrd.
This bug only affect kernel preboot path that use outbuf[].
Add __decompress and take real out_buf_len for gunzip instead of guessing
wrong buf size.
Fixes: 1431574a1c (lib/decompressors: fix "no limit" output buffer length)
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Cc: Alexandre Courbot <acourbot@nvidia.com>
Cc: Jon Medhurst <tixy@linaro.org>
Cc: Stephen Warren <swarren@wwwdotorg.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
175 lines
3.7 KiB
C
175 lines
3.7 KiB
C
/*
|
|
* Definitions and wrapper functions for kernel decompressor
|
|
*
|
|
* Copyright IBM Corp. 2010
|
|
*
|
|
* Author(s): Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
*/
|
|
|
|
#include <asm/uaccess.h>
|
|
#include <asm/page.h>
|
|
#include <asm/sclp.h>
|
|
#include <asm/ipl.h>
|
|
#include "sizes.h"
|
|
|
|
/*
|
|
* gzip declarations
|
|
*/
|
|
#define STATIC static
|
|
|
|
#undef memset
|
|
#undef memcpy
|
|
#undef memmove
|
|
#define memmove memmove
|
|
#define memzero(s, n) memset((s), 0, (n))
|
|
|
|
/* Symbols defined by linker scripts */
|
|
extern char input_data[];
|
|
extern int input_len;
|
|
extern char _text, _end;
|
|
extern char _bss, _ebss;
|
|
|
|
static void error(char *m);
|
|
|
|
static unsigned long free_mem_ptr;
|
|
static unsigned long free_mem_end_ptr;
|
|
|
|
#ifdef CONFIG_HAVE_KERNEL_BZIP2
|
|
#define HEAP_SIZE 0x400000
|
|
#else
|
|
#define HEAP_SIZE 0x10000
|
|
#endif
|
|
|
|
#ifdef CONFIG_KERNEL_GZIP
|
|
#include "../../../../lib/decompress_inflate.c"
|
|
#endif
|
|
|
|
#ifdef CONFIG_KERNEL_BZIP2
|
|
#include "../../../../lib/decompress_bunzip2.c"
|
|
#endif
|
|
|
|
#ifdef CONFIG_KERNEL_LZ4
|
|
#include "../../../../lib/decompress_unlz4.c"
|
|
#endif
|
|
|
|
#ifdef CONFIG_KERNEL_LZMA
|
|
#include "../../../../lib/decompress_unlzma.c"
|
|
#endif
|
|
|
|
#ifdef CONFIG_KERNEL_LZO
|
|
#include "../../../../lib/decompress_unlzo.c"
|
|
#endif
|
|
|
|
#ifdef CONFIG_KERNEL_XZ
|
|
#include "../../../../lib/decompress_unxz.c"
|
|
#endif
|
|
|
|
static int puts(const char *s)
|
|
{
|
|
_sclp_print_early(s);
|
|
return 0;
|
|
}
|
|
|
|
void *memset(void *s, int c, size_t n)
|
|
{
|
|
char *xs;
|
|
|
|
xs = s;
|
|
while (n--)
|
|
*xs++ = c;
|
|
return s;
|
|
}
|
|
|
|
void *memcpy(void *dest, const void *src, size_t n)
|
|
{
|
|
const char *s = src;
|
|
char *d = dest;
|
|
|
|
while (n--)
|
|
*d++ = *s++;
|
|
return dest;
|
|
}
|
|
|
|
void *memmove(void *dest, const void *src, size_t n)
|
|
{
|
|
const char *s = src;
|
|
char *d = dest;
|
|
|
|
if (d <= s) {
|
|
while (n--)
|
|
*d++ = *s++;
|
|
} else {
|
|
d += n;
|
|
s += n;
|
|
while (n--)
|
|
*--d = *--s;
|
|
}
|
|
return dest;
|
|
}
|
|
|
|
static void error(char *x)
|
|
{
|
|
unsigned long long psw = 0x000a0000deadbeefULL;
|
|
|
|
puts("\n\n");
|
|
puts(x);
|
|
puts("\n\n -- System halted");
|
|
|
|
asm volatile("lpsw %0" : : "Q" (psw));
|
|
}
|
|
|
|
/*
|
|
* Safe guard the ipl parameter block against a memory area that will be
|
|
* overwritten. The validity check for the ipl parameter block is complex
|
|
* (see cio_get_iplinfo and ipl_save_parameters) but if the pointer to
|
|
* the ipl parameter block intersects with the passed memory area we can
|
|
* safely assume that we can read from that memory. In that case just copy
|
|
* the memory to IPL_PARMBLOCK_ORIGIN even if there is no ipl parameter
|
|
* block.
|
|
*/
|
|
static void check_ipl_parmblock(void *start, unsigned long size)
|
|
{
|
|
void *src, *dst;
|
|
|
|
src = (void *)(unsigned long) S390_lowcore.ipl_parmblock_ptr;
|
|
if (src + PAGE_SIZE <= start || src >= start + size)
|
|
return;
|
|
dst = (void *) IPL_PARMBLOCK_ORIGIN;
|
|
memmove(dst, src, PAGE_SIZE);
|
|
S390_lowcore.ipl_parmblock_ptr = IPL_PARMBLOCK_ORIGIN;
|
|
}
|
|
|
|
unsigned long decompress_kernel(void)
|
|
{
|
|
unsigned long output_addr;
|
|
unsigned char *output;
|
|
|
|
output_addr = ((unsigned long) &_end + HEAP_SIZE + 4095UL) & -4096UL;
|
|
check_ipl_parmblock((void *) 0, output_addr + SZ__bss_start);
|
|
memset(&_bss, 0, &_ebss - &_bss);
|
|
free_mem_ptr = (unsigned long)&_end;
|
|
free_mem_end_ptr = free_mem_ptr + HEAP_SIZE;
|
|
output = (unsigned char *) output_addr;
|
|
|
|
#ifdef CONFIG_BLK_DEV_INITRD
|
|
/*
|
|
* Move the initrd right behind the end of the decompressed
|
|
* kernel image.
|
|
*/
|
|
if (INITRD_START && INITRD_SIZE &&
|
|
INITRD_START < (unsigned long) output + SZ__bss_start) {
|
|
check_ipl_parmblock(output + SZ__bss_start,
|
|
INITRD_START + INITRD_SIZE);
|
|
memmove(output + SZ__bss_start,
|
|
(void *) INITRD_START, INITRD_SIZE);
|
|
INITRD_START = (unsigned long) output + SZ__bss_start;
|
|
}
|
|
#endif
|
|
|
|
puts("Uncompressing Linux... ");
|
|
__decompress(input_data, input_len, NULL, NULL, output, 0, NULL, error);
|
|
puts("Ok, booting the kernel.\n");
|
|
return (unsigned long) output;
|
|
}
|
|
|