aboutsummaryrefslogtreecommitdiffstats
path: root/arch/s390/boot
diff options
context:
space:
mode:
authorMartin Schwidefsky <schwidefsky@de.ibm.com>2011-02-17 07:13:57 -0500
committerMartin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com>2011-02-17 07:13:59 -0500
commita8c8d7c683419d059e302373afc6998244f5f60f (patch)
tree6c194395808bd1021a6f2ff3808e054e0c3f6b7f /arch/s390/boot
parent03e3b5a0f18c53560de1984fbbfca146d31da2a5 (diff)
[S390] correct ipl parameter block safe guard
The 'output' variable is passed from decompress_kernel to check_ipl_parmblock before it is initialized. That disables the safe guard against the overwrite of the ipl parameter block. Fix this by passing the correct value to check_ipl_parmblock. Reported-by: David Binderman <dcb314@hotmail.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390/boot')
-rw-r--r--arch/s390/boot/compressed/misc.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/arch/s390/boot/compressed/misc.c b/arch/s390/boot/compressed/misc.c
index 0851eb1e919e..2751b3a8a66f 100644
--- a/arch/s390/boot/compressed/misc.c
+++ b/arch/s390/boot/compressed/misc.c
@@ -133,11 +133,12 @@ unsigned long decompress_kernel(void)
133 unsigned long output_addr; 133 unsigned long output_addr;
134 unsigned char *output; 134 unsigned char *output;
135 135
136 check_ipl_parmblock((void *) 0, (unsigned long) output + SZ__bss_start); 136 output_addr = ((unsigned long) &_end + HEAP_SIZE + 4095UL) & -4096UL;
137 check_ipl_parmblock((void *) 0, output_addr + SZ__bss_start);
137 memset(&_bss, 0, &_ebss - &_bss); 138 memset(&_bss, 0, &_ebss - &_bss);
138 free_mem_ptr = (unsigned long)&_end; 139 free_mem_ptr = (unsigned long)&_end;
139 free_mem_end_ptr = free_mem_ptr + HEAP_SIZE; 140 free_mem_end_ptr = free_mem_ptr + HEAP_SIZE;
140 output = (unsigned char *) ((free_mem_end_ptr + 4095UL) & -4096UL); 141 output = (unsigned char *) output_addr;
141 142
142#ifdef CONFIG_BLK_DEV_INITRD 143#ifdef CONFIG_BLK_DEV_INITRD
143 /* 144 /*