| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Feb 2023 21:08:46 +0100
From: Heiko Carstens <hca@...ux.ibm.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Vasily Gorbik <gor@...ux.ibm.com>,
Alexander Gordeev <agordeev@...ux.ibm.com>,
Wim Van Sebroeck <wim@...ux-watchdog.org>,
Guenter Roeck <linux@...ck-us.net>,
linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org
Subject: [GIT PULL] s390 fixes for 6.2-rc7
Hello Linus,
please pull a couple of s390 fixes.
Thanks,
Heiko
The following changes since commit 41e1992665a2701fa025a8b76970c43b4148446f:
s390: workaround invalid gcc-11 out of bounds read warning (2023-01-17 19:00:59 +0100)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux.git tags/s390-6.2-4
for you to fetch changes up to 7ab41c2c08a32132ba8c14624910e2fe8ce4ba4b:
s390/decompressor: specify __decompress() buf len to avoid overflow (2023-01-31 18:54:21 +0100)
----------------------------------------------------------------
s390 fixes for 6.2-rc7
- With CONFIG_VMAP_STACK enabled it is not possible to load the s390
specific diag288_wdt watchdog module. Reason is that a pointer to a
string is passed to an inline assembly; this string however is located on
the stack, while the instruction within the inline assembly expects a
physicial address. Fix this by copying the string to a kmalloc'ed buffer.
- The diag288_wdt watchdog module does not indicate that it accesses memory
from an inline assembly, which it does. Add "memory" to the clobber list
to prevent the compiler from optimizing code incorrectly away.
- Pass size of the uncompressed kernel image to __decompress() call.
Otherwise the kernel image decompressor may corrupt/overwrite an
initrd. This was reported to happen on s390 after commit 2aa14b1ab2c4
("zstd: import usptream v1.5.2").
----------------------------------------------------------------
Alexander Egorenkov (2):
watchdog: diag288_wdt: do not use stack buffers for hardware data
watchdog: diag288_wdt: fix __diag288() inline assembly
Vasily Gorbik (1):
s390/decompressor: specify __decompress() buf len to avoid overflow
arch/s390/boot/decompressor.c | 2 +-
drivers/watchdog/diag288_wdt.c | 15 ++++++++++++---
2 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/arch/s390/boot/decompressor.c b/arch/s390/boot/decompressor.c
index 8dcd7af2911a..b519a1f045d8 100644
--- a/arch/s390/boot/decompressor.c
+++ b/arch/s390/boot/decompressor.c
@@ -80,6 +80,6 @@ void *decompress_kernel(void)
void *output = (void *)decompress_offset;
__decompress(_compressed_start, _compressed_end - _compressed_start,
- NULL, NULL, output, 0, NULL, error);
+ NULL, NULL, output, vmlinux.image_size, NULL, error);
return output;
}
diff --git a/drivers/watchdog/diag288_wdt.c b/drivers/watchdog/diag288_wdt.c
index 4cb10877017c..6ca5d9515d85 100644
--- a/drivers/watchdog/diag288_wdt.c
+++ b/drivers/watchdog/diag288_wdt.c
@@ -86,7 +86,7 @@ static int __diag288(unsigned int func, unsigned int timeout,
"1:\n"
EX_TABLE(0b, 1b)
: "+d" (err) : "d"(__func), "d"(__timeout),
- "d"(__action), "d"(__len) : "1", "cc");
+ "d"(__action), "d"(__len) : "1", "cc", "memory");
return err;
}
@@ -268,12 +268,21 @@ static int __init diag288_init(void)
char ebc_begin[] = {
194, 197, 199, 201, 213
};
+ char *ebc_cmd;
watchdog_set_nowayout(&wdt_dev, nowayout_info);
if (MACHINE_IS_VM) {
- if (__diag288_vm(WDT_FUNC_INIT, 15,
- ebc_begin, sizeof(ebc_begin)) != 0) {
+ ebc_cmd = kmalloc(sizeof(ebc_begin), GFP_KERNEL);
+ if (!ebc_cmd) {
+ pr_err("The watchdog cannot be initialized\n");
+ return -ENOMEM;
+ }
+ memcpy(ebc_cmd, ebc_begin, sizeof(ebc_begin));
+ ret = __diag288_vm(WDT_FUNC_INIT, 15,
+ ebc_cmd, sizeof(ebc_begin));
+ kfree(ebc_cmd);
+ if (ret != 0) {
pr_err("The watchdog cannot be initialized\n");
return -EINVAL;
}
Powered by blists - more mailing lists