diff options
| author | Chen Liu <chenliu@asset.uwaterloo.ca> | 2011-03-23 05:14:58 -0400 |
|---|---|---|
| committer | Martin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com> | 2011-03-23 05:15:14 -0400 |
| commit | 69ac43b05eef4b8555e84ad51ceb6c58b5a3bc75 (patch) | |
| tree | 6726f92050140df58b1ddf5958304bc2852612fa /arch/s390 | |
| parent | 6447f55da90b77faec1697d499ed7986bb4f6de6 (diff) | |
[S390] early: Fix possible overlapping data buffer
This patch fixed bugzilla #12965:
https://bugzilla.kernel.org/show_bug.cgi?id=12965
The original code contains some inproper use of sprintf
function where a buffer is used both as input string
as well as output string. It should remember the written
bytes in the previous and use that as the offset for
later writing. Also replace sprintf with snprintf.
Signed-off-by: Chen Liu <chenliu@asset.uwaterloo.ca>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'arch/s390')
| -rw-r--r-- | arch/s390/kernel/early.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/arch/s390/kernel/early.c b/arch/s390/kernel/early.c index 3b7e7dddc324..668138ee85d9 100644 --- a/arch/s390/kernel/early.c +++ b/arch/s390/kernel/early.c | |||
| @@ -94,6 +94,7 @@ static noinline __init void create_kernel_nss(void) | |||
| 94 | unsigned int sinitrd_pfn, einitrd_pfn; | 94 | unsigned int sinitrd_pfn, einitrd_pfn; |
| 95 | #endif | 95 | #endif |
| 96 | int response; | 96 | int response; |
| 97 | int hlen; | ||
| 97 | size_t len; | 98 | size_t len; |
| 98 | char *savesys_ptr; | 99 | char *savesys_ptr; |
| 99 | char defsys_cmd[DEFSYS_CMD_SIZE]; | 100 | char defsys_cmd[DEFSYS_CMD_SIZE]; |
| @@ -124,22 +125,24 @@ static noinline __init void create_kernel_nss(void) | |||
| 124 | end_pfn = PFN_UP(__pa(&_end)); | 125 | end_pfn = PFN_UP(__pa(&_end)); |
| 125 | min_size = end_pfn << 2; | 126 | min_size = end_pfn << 2; |
| 126 | 127 | ||
| 127 | sprintf(defsys_cmd, "DEFSYS %s 00000-%.5X EW %.5X-%.5X SR %.5X-%.5X", | 128 | hlen = snprintf(defsys_cmd, DEFSYS_CMD_SIZE, |
| 128 | kernel_nss_name, stext_pfn - 1, stext_pfn, eshared_pfn - 1, | 129 | "DEFSYS %s 00000-%.5X EW %.5X-%.5X SR %.5X-%.5X", |
| 129 | eshared_pfn, end_pfn); | 130 | kernel_nss_name, stext_pfn - 1, stext_pfn, |
| 131 | eshared_pfn - 1, eshared_pfn, end_pfn); | ||
| 130 | 132 | ||
| 131 | #ifdef CONFIG_BLK_DEV_INITRD | 133 | #ifdef CONFIG_BLK_DEV_INITRD |
| 132 | if (INITRD_START && INITRD_SIZE) { | 134 | if (INITRD_START && INITRD_SIZE) { |
| 133 | sinitrd_pfn = PFN_DOWN(__pa(INITRD_START)); | 135 | sinitrd_pfn = PFN_DOWN(__pa(INITRD_START)); |
| 134 | einitrd_pfn = PFN_UP(__pa(INITRD_START + INITRD_SIZE)); | 136 | einitrd_pfn = PFN_UP(__pa(INITRD_START + INITRD_SIZE)); |
| 135 | min_size = einitrd_pfn << 2; | 137 | min_size = einitrd_pfn << 2; |
| 136 | sprintf(defsys_cmd, "%s EW %.5X-%.5X", defsys_cmd, | 138 | hlen += snprintf(defsys_cmd + hlen, DEFSYS_CMD_SIZE - hlen, |
| 137 | sinitrd_pfn, einitrd_pfn); | 139 | " EW %.5X-%.5X", sinitrd_pfn, einitrd_pfn); |
| 138 | } | 140 | } |
| 139 | #endif | 141 | #endif |
| 140 | 142 | ||
| 141 | sprintf(defsys_cmd, "%s EW MINSIZE=%.7iK PARMREGS=0-13", | 143 | snprintf(defsys_cmd + hlen, DEFSYS_CMD_SIZE - hlen, |
| 142 | defsys_cmd, min_size); | 144 | " EW MINSIZE=%.7iK PARMREGS=0-13", min_size); |
| 145 | defsys_cmd[DEFSYS_CMD_SIZE - 1] = '\0'; | ||
| 143 | sprintf(savesys_cmd, "SAVESYS %s \n IPL %s", | 146 | sprintf(savesys_cmd, "SAVESYS %s \n IPL %s", |
| 144 | kernel_nss_name, kernel_nss_name); | 147 | kernel_nss_name, kernel_nss_name); |
| 145 | 148 | ||