On 06/27/17 at 10:34am, Ingo Molnar wrote: > > * Baoquan He <b...@redhat.com> wrote: > > > As you suggested, we can add a checking to see if the virt_addr is > > bigger than 1G, and print warning if exceed or hang there with error > > message. > > Could you try a patch for that, and see whether it catches this particular > bug? > (before the fix is applied.)
Sure, below code change should catch it. Just I am struggling to decide if I should add a new local variable and assign max(output_len, kernel_total_size) to it, and the name of the new local variable is really hard to choose. Let me run a test on below code. diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c index c945acd8fa33..00241c815524 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -390,6 +390,8 @@ asmlinkage __visible void *extract_kernel(void *rmode, memptr heap, #ifdef CONFIG_X86_64 if (heap > 0x3fffffffffffUL) error("Destination address too large"); + if (virt_addr + max(output_len, kernel_total_size) > KERNEL_IMAGE_SIZE) + error("Destination virtual address is beyond the kernel mapping area"); #else if (heap > ((-__PAGE_OFFSET-(128<<20)-1) & 0x7fffffff)) error("Destination address too large");