From: Krzysztof Kolasa Date: Mon, 9 Dec 2019 13:02:35 +0000 (+0100) Subject: lz4: fix system halt at boot kernel on x86_64 X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~1078 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5d90ff79542ab9c6eebe5c315c68c196bcf353b9;p=xen.git lz4: fix system halt at boot kernel on x86_64 Sometimes, on x86_64, decompression fails with the following error: Decompressing Linux... Decoding failed -- System halted This condition is not needed for a 64bit kernel(from commit d5e7caf): if( ... || (op + COPYLENGTH) > oend) goto _output_error macro LZ4_SECURE_COPY() tests op and does not copy any data when op exceeds the value. added by analogy to lz4_uncompress_unknownoutputsize(...) Signed-off-by: Krzysztof Kolasa [Linux commit 99b7e93c95c78952724a9783de6c78def8fbfc3f] The offending commit in our case is fcc17f96c277 ("LZ4 : fix the data abort issue"). Signed-off-by: Jan Beulich Acked-by: Andrew Cooper --- diff --git a/xen/common/lz4/decompress.c b/xen/common/lz4/decompress.c index 938c7009ad..3caedb3d5d 100644 --- a/xen/common/lz4/decompress.c +++ b/xen/common/lz4/decompress.c @@ -133,8 +133,12 @@ static int INIT lz4_uncompress(const unsigned char *source, unsigned char *dest, /* Error: request to write beyond destination buffer */ if (cpy > oend) goto _output_error; +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else if ((ref + COPYLENGTH) > oend || (op + COPYLENGTH) > oend) +#endif goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) @@ -262,7 +266,13 @@ static int lz4_uncompress_unknownoutputsize(const unsigned char *source, if (cpy > oend - COPYLENGTH) { if (cpy > oend) goto _output_error; /* write outside of buf */ - +#if LZ4_ARCH64 + if ((ref + COPYLENGTH) > oend) +#else + if ((ref + COPYLENGTH) > oend || + (op + COPYLENGTH) > oend) +#endif + goto _output_error; LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH)); while (op < cpy) *op++ = *ref++;