a6baaf
From 93ddbd8ba056141dd68d973d534b67dad9882052 Mon Sep 17 00:00:00 2001
a6baaf
From: Thomas Huth <thuth@redhat.com>
a6baaf
Date: Thu, 24 Jun 2021 14:50:45 -0400
a6baaf
Subject: [PATCH 1/3] pc-bios/s390-ccw: fix off-by-one error
a6baaf
a6baaf
RH-Author: Thomas Huth <thuth@redhat.com>
a6baaf
Message-id: <20210624145047.483112-2-thuth@redhat.com>
a6baaf
Patchwork-id: 101764
a6baaf
O-Subject: [RHEL-8.2.0.z / RHEL-8.4.0.z qemu-kvm PATCH 1/3] pc-bios/s390-ccw: fix off-by-one error
a6baaf
Bugzilla: 1975679
a6baaf
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
a6baaf
RH-Acked-by: Jon Maloy <jmaloy@redhat.com>
a6baaf
RH-Acked-by: Cornelia Huck <cohuck@redhat.com>
a6baaf
a6baaf
This error takes effect when the magic value "zIPL" is located at the
a6baaf
end of a block. For example if s2_cur_blk = 0x7fe18000 and the magic
a6baaf
value "zIPL" is located at 0x7fe18ffc - 0x7fe18fff.
a6baaf
a6baaf
Fixes: ba831b25262a ("s390-ccw: read stage2 boot loader data to find menu")
a6baaf
Reviewed-by: Collin Walling <walling@linux.ibm.com>
a6baaf
Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com>
a6baaf
Message-Id: <20200924085926.21709-2-mhartmay@linux.ibm.com>
a6baaf
Reviewed-by: Thomas Huth <thuth@redhat.com>
a6baaf
[thuth: Use "<= ... - 4" instead of "< ... - 3"]
a6baaf
Signed-off-by: Thomas Huth <thuth@redhat.com>
a6baaf
(cherry picked from commit 5f97ba0c74ccace0a4014460de9751ff3c6f454a)
a6baaf
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
a6baaf
---
a6baaf
 pc-bios/s390-ccw/bootmap.c | 2 +-
a6baaf
 1 file changed, 1 insertion(+), 1 deletion(-)
a6baaf
a6baaf
diff --git a/pc-bios/s390-ccw/bootmap.c b/pc-bios/s390-ccw/bootmap.c
a6baaf
index e91ea719ff..bb6e003270 100644
a6baaf
--- a/pc-bios/s390-ccw/bootmap.c
a6baaf
+++ b/pc-bios/s390-ccw/bootmap.c
a6baaf
@@ -163,7 +163,7 @@ static bool find_zipl_boot_menu_banner(int *offset)
a6baaf
     int i;
a6baaf
 
a6baaf
     /* Menu banner starts with "zIPL" */
a6baaf
-    for (i = 0; i < virtio_get_block_size() - 4; i++) {
a6baaf
+    for (i = 0; i <= virtio_get_block_size() - 4; i++) {
a6baaf
         if (magic_match(s2_cur_blk + i, ZIPL_MAGIC_EBCDIC)) {
a6baaf
             *offset = i;
a6baaf
             return true;
a6baaf
-- 
a6baaf
2.27.0
a6baaf