[S390] correct ipl parameter block safe guard
Martin Schwidefsky [Thu, 17 Feb 2011 12:13:57 +0000 (13:13 +0100)]
The 'output' variable is passed from decompress_kernel to
check_ipl_parmblock before it is initialized. That disables the
safe guard against the overwrite of the ipl parameter block.
Fix this by passing the correct value to check_ipl_parmblock.

Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

arch/s390/boot/compressed/misc.c

index 0851eb1..2751b3a 100644 (file)
@@ -133,11 +133,12 @@ unsigned long decompress_kernel(void)
        unsigned long output_addr;
        unsigned char *output;
 
-       check_ipl_parmblock((void *) 0, (unsigned long) output + SZ__bss_start);
+       output_addr = ((unsigned long) &_end + HEAP_SIZE + 4095UL) & -4096UL;
+       check_ipl_parmblock((void *) 0, output_addr + SZ__bss_start);
        memset(&_bss, 0, &_ebss - &_bss);
        free_mem_ptr = (unsigned long)&_end;
        free_mem_end_ptr = free_mem_ptr + HEAP_SIZE;
-       output = (unsigned char *) ((free_mem_end_ptr + 4095UL) & -4096UL);
+       output = (unsigned char *) output_addr;
 
 #ifdef CONFIG_BLK_DEV_INITRD
        /*