• Yinghai Lu's avatar
    lib/decompressors: use real out buf size for gunzip with kernel · a068f26d
    Yinghai Lu authored
    commit 2d3862d2 upstream.
    
    When loading x86 64bit kernel above 4GiB with patched grub2, got kernel
    gunzip error.
    
    | early console in decompress_kernel
    | decompress_kernel:
    |       input: [0x807f2143b4-0x807ff61aee]
    |      output: [0x807cc00000-0x807f3ea29b] 0x027ea29c: output_len
    | boot via startup_64
    | KASLR using RDTSC...
    |  new output: [0x46fe000000-0x470138cfff] 0x0338d000: output_run_size
    |  decompress: [0x46fe000000-0x47007ea29b] <=== [0x807f2143b4-0x807ff61aee]
    |
    | Decompressing Linux... gz...
    |
    | uncompression error
    |
    | -- System halted
    
    the new buffer is at 0x46fe000000ULL, decompressor_gzip is using
    0xffffffb901ffffff as out_len.  gunzip in lib/zlib_inflate/inflate.c cap
    that len to 0x01ffffff and decompress fails later.
    
    We could hit this problem with crashkernel booting that uses kexec loading
    kernel above 4GiB.
    
    We have decompress_* support:
        1. inbuf[]/outbuf[] for kernel preboot.
        2. inbuf[]/flush() for initramfs
        3. fill()/flush() for initrd.
    This bug only affect kernel preboot path that use outbuf[].
    
    Add __decompress and take real out_buf_len for gunzip instead of guessing
    wrong buf size.
    
    Fixes: 1431574a (lib/decompressors: fix "no limit" output buffer length)
    Signed-off-by: default avatarYinghai Lu <yinghai@kernel.org>
    Cc: Alexandre Courbot <acourbot@nvidia.com>
    Cc: Jon Medhurst <tixy@linaro.org>
    Cc: Stephen Warren <swarren@wwwdotorg.org>
    Cc: "H. Peter Anvin" <hpa@zytor.com>
    Cc: Thomas Gleixner <tglx@linutronix.de>
    Cc: Ingo Molnar <mingo@redhat.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    [ kamal: backport to 3.19-stable: no arch/h8300/ ]
    Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
    a068f26d
decompress_inflate.c 4.42 KB