Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752664AbcD2AJR (ORCPT <rfc822;w@1wt.eu>);
	Thu, 28 Apr 2016 20:09:17 -0400
Received: from mail-pa0-f51.google.com ([209.85.220.51]:34355 "EHLO
	mail-pa0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752323AbcD2AJP (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 28 Apr 2016 20:09:15 -0400
From: Kees Cook <keescook@chromium.org>
To: Ingo Molnar <mingo@kernel.org>
Cc: Kees Cook <keescook@chromium.org>, Baoquan He <bhe@redhat.com>,
        Ingo Molnar <mingo@redhat.com>, Yinghai Lu <yinghai@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>, Borislav Petkov <bp@alien8.de>,
        Vivek Goyal <vgoyal@redhat.com>, Andy Lutomirski <luto@kernel.org>,
        lasse.collin@tukaani.org, Andrew Morton <akpm@linux-foundation.org>,
        Dave Young <dyoung@redhat.com>, LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH 1/6] x86/KASLR: Handle kernel relocation above 2G
Date: Thu, 28 Apr 2016 17:09:03 -0700
Message-Id: <1461888548-32439-2-git-send-email-keescook@chromium.org>
X-Mailer: git-send-email 2.6.3
In-Reply-To: <1461888548-32439-1-git-send-email-keescook@chromium.org>
References: <1461888548-32439-1-git-send-email-keescook@chromium.org>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1216
Lines: 31

From: Baoquan He <bhe@redhat.com>

When processing the relocation table, the offset used to calculate the
relocation is an int. This is sufficient for calculating the physical
address of the relocs entry on 32-bit systems and on 64-bit systems when
the relocation is under 2G. To handle relocations above 2G (seen in
situations like kexec, netboot, etc), this offset needs to be calculated
using a long to avoid wrapping and miscalculating the relocation.

Signed-off-by: Baoquan He <bhe@redhat.com>
[kees: rewrote changelog]
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/x86/boot/compressed/misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
index 6dde6ccdf00e..45145149c07d 100644
--- a/arch/x86/boot/compressed/misc.c
+++ b/arch/x86/boot/compressed/misc.c
@@ -232,7 +232,7 @@ static void handle_relocations(void *output, unsigned long output_len)
 	 * So we work backwards from the end of the decompressed image.
 	 */
 	for (reloc = output + output_len - sizeof(*reloc); *reloc; reloc--) {
-		int extended = *reloc;
+		long extended = *reloc;
 		extended += map;
 
 		ptr = (unsigned long)extended;
-- 
2.6.3