diff options
| author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2017-01-11 11:07:39 +0100 |
|---|---|---|
| committer | Martin Schwidefsky <schwidefsky@de.ibm.com> | 2017-01-16 07:27:55 +0100 |
| commit | f0319748599183fa71a1e8792317385313ed946b (patch) | |
| tree | 5617c5161fce65aeeb19f85ea153e3213ef914f1 | |
| parent | s390/sclp: make early sclp irq handler more robust (diff) | |
| download | linux-f0319748599183fa71a1e8792317385313ed946b.tar.xz linux-f0319748599183fa71a1e8792317385313ed946b.zip | |
s390/sclp: always stay within bounds of the early sccb
Make sure the _sclp_print_lm function stays within bounds of the early
sccb, even if the passed string is very long. If the string is too
long, the remaining characters will be dropped.
Suggested-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
| -rw-r--r-- | arch/s390/kernel/sclp.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/arch/s390/kernel/sclp.c b/arch/s390/kernel/sclp.c index 745324349a7b..53e391fe8577 100644 --- a/arch/s390/kernel/sclp.c +++ b/arch/s390/kernel/sclp.c @@ -132,16 +132,21 @@ static void _sclp_print_lm(const char *str) 0x10, 0x00, /* 4 */ 0x00, 0x00, 0x00, 0x00 /* 6 */ }; - unsigned char *ptr, ch; + unsigned char *ptr, *end_ptr, ch; unsigned int count; memcpy(_sclp_work_area, write_head, sizeof(write_head)); ptr = _sclp_work_area + sizeof(write_head); + end_ptr = _sclp_work_area + sizeof(_sclp_work_area) - 1; do { + if (ptr + sizeof(write_mto) > end_ptr) + break; memcpy(ptr, write_mto, sizeof(write_mto)); for (count = sizeof(write_mto); (ch = *str++) != 0; count++) { if (ch == 0x0a) break; + if (ptr > end_ptr) + break; ptr[count] = _ascebc[ch]; } /* Update length fields in mto, mdb, evbuf and sccb */ |