From: Cui GaoSheng <cuigaosheng1@huawei.com> Offering: HULK hulk inclusion category: bugfix bugzilla: 172972 https://gitee.com/openeuler/kernel/issues/I4DDEL ----------------------------------------------------------------- The value returned by get_region_number may exceed the usable memory positions indexed by bitmap, it will cause probabilistic boot failure in images which enabled kaslr. Fixes: 156b9ca54d0d ("[Backport] ARM: decompressor: add KASLR support") Signed-off-by: Cui GaoSheng <cuigaosheng1@huawei.com> Reviewed-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Chen Jun <chenjun102@huawei.com> --- arch/arm/boot/compressed/kaslr.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/arch/arm/boot/compressed/kaslr.c b/arch/arm/boot/compressed/kaslr.c index 7cab9a670b94..ff81a2c31233 100644 --- a/arch/arm/boot/compressed/kaslr.c +++ b/arch/arm/boot/compressed/kaslr.c @@ -178,13 +178,18 @@ static u32 count_suitable_regions(const void *fdt, struct regions *regions, return ret; } -static u32 get_region_number(u32 num, u32 *bitmap) +/* The caller ensures that num is within the range of regions.*/ +static u32 get_region_number(u32 num, u32 *bitmap, u32 size) { - u32 i; + u32 i, cnt = size * BITS_PER_BYTE * sizeof(u32); + + for (i = 0; i < cnt; i++) { + if (bitmap[i >> 5] & BIT(i & 0x1f)) + continue; + if (num-- == 0) + break; + } - for (i = 0; num > 0; i++) - if (!(bitmap[i >> 5] & BIT(i & 0x1f))) - num--; return i; } @@ -453,7 +458,7 @@ u32 kaslr_early_init(u32 *kaslr_offset, u32 image_base, u32 image_size, num = ((u16)seed * count) >> 16; puthex32(num); - *kaslr_offset = get_region_number(num, bitmap) * SZ_2M; + *kaslr_offset = get_region_number(num, bitmap, sizeof(bitmap) / sizeof(u32)) * SZ_2M; puthex32(*kaslr_offset); return *kaslr_offset; -- 2.20.1