From 7a576da125f14bc9b0c7fc4ecf41fd740f6f56b0 Mon Sep 17 00:00:00 2001 From: Łukasz Stelmach Date: Tue, 2 Jun 2020 12:40:34 +0200 Subject: arm: Increase zImage length after getting the tag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Increase the size of the zImage after seeking for the tag to avoid reading past the end of the supplied buffer should there be not tag in the zImage. Fixes: f57f0bf8975d24fe1e7c4936fdfb5c3b123ab75f Signed-off-by: Łukasz Stelmach Cc: Russell King Signed-off-by: Simon Horman --- kexec/arch/arm/kexec-zImage-arm.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/kexec/arch/arm/kexec-zImage-arm.c b/kexec/arch/arm/kexec-zImage-arm.c index ff609e2..925a9be 100644 --- a/kexec/arch/arm/kexec-zImage-arm.c +++ b/kexec/arch/arm/kexec-zImage-arm.c @@ -543,6 +543,14 @@ int zImage_arm_load(int argc, char **argv, const char *buf, off_t len, */ kernel_mem_size = len + 4; + /* + * Check for a kernel size extension, and set or validate the + * image size. This is the total space needed to avoid the + * boot kernel BSS, so other data (such as initrd) does not get + * overwritten. + */ + tag = find_extension_tag(buf, len, ZIMAGE_TAG_KRNL_SIZE); + /* * The zImage length does not include its stack (4k) or its * malloc space (64k). Include this. @@ -551,13 +559,6 @@ int zImage_arm_load(int argc, char **argv, const char *buf, off_t len, dbgprintf("zImage requires 0x%08llx bytes\n", (unsigned long long)len); - /* - * Check for a kernel size extension, and set or validate the - * image size. This is the total space needed to avoid the - * boot kernel BSS, so other data (such as initrd) does not get - * overwritten. - */ - tag = find_extension_tag(buf, len, ZIMAGE_TAG_KRNL_SIZE); if (tag) { uint32_t *p = (void *)buf + le32_to_cpu(tag->u.krnl_size.size_ptr); uint32_t edata_size = le32_to_cpu(get_unaligned(p)); -- cgit