From 56550e400eace8edffc0e147b9f674e9d266e1de Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Fri, 28 Sep 2007 01:23:06 +0100 Subject: [PATCH] Redefine bzimage_exec_context::mem_limit to be the highest permissible byte, rather than the number of permissible bytes (i.e. subtract one from the value under the previous definition to get the value under the new definition). This avoids integer overflow on 64-bit kernels, where bzhdr.initrd_addr_max may be 0xffffffffffffffff; under the old behaviour we set mem_limit equal to initrd_addr_max+1, which meant it ended up as zero. Kernel loads would fail with ENOBUFS. --- src/arch/i386/image/bzimage.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/arch/i386/image/bzimage.c b/src/arch/i386/image/bzimage.c index ad2a04cf..439153e2 100644 --- a/src/arch/i386/image/bzimage.c +++ b/src/arch/i386/image/bzimage.c @@ -141,6 +141,7 @@ static int bzimage_parse_cmdline ( struct image *image, "terminator '%c'\n", image, *mem ); break; } + exec_ctx->mem_limit -= 1; } return 0; @@ -266,7 +267,7 @@ static int bzimage_load_initrds ( struct image *image, return -ENOBUFS; } /* Check that we are within the kernel's range */ - if ( ( address + total_len ) > exec_ctx->mem_limit ) + if ( ( address + total_len - 1 ) > exec_ctx->mem_limit ) continue; /* Prepare and verify segment */ if ( ( rc = prep_segment ( phys_to_user ( address ), 0, @@ -315,9 +316,9 @@ static int bzimage_exec ( struct image *image ) { ( bzhdr.heap_end_ptr + 0x200 ); exec_ctx.vid_mode = bzhdr.vid_mode; if ( bzhdr.version >= 0x0203 ) { - exec_ctx.mem_limit = ( bzhdr.initrd_addr_max + 1 ); + exec_ctx.mem_limit = bzhdr.initrd_addr_max; } else { - exec_ctx.mem_limit = ( BZI_INITRD_MAX + 1 ); + exec_ctx.mem_limit = BZI_INITRD_MAX; } /* Parse command line for bootloader parameters */