git.ipfire.org Git - thirdparty/ipxe.git/commit

author	Michael Brown <mcb30@ipxe.org>
	Mon, 28 Apr 2025 14:20:43 +0000 (15:20 +0100)
committer	Michael Brown <mcb30@ipxe.org>
	Mon, 28 Apr 2025 14:35:55 +0000 (15:35 +0100)
commit	412ad56012f116c8e3923b0928d2767713931eb4
tree	c9b8b0547ea474c188a4397df8816060c49b3d60	tree
parent	ef3827cf1461eef731f89dfbb4000188853b53f6	commit \| diff

[initrd] Use physical addresses for calculations on initrd locations

Commit ef03849 ("[uaccess] Remove redundant userptr_add() and
userptr_diff()") exposed a signedness bug in the comparison of initrd
locations, since the expression (initrd->data - current) was
effectively no longer coerced to a signed type.

In particular, the common case will be that the top of the initrd
region is the start of the iPXE .textdata region, which has virtual
address zero. This causes initrd->data to compare as being above the
top of the initrd region for all images, when this bug would
previously have been limited to affecting only initrds placed 2GB or
more below the start of .textdata.

Fix by using physical addresses for all comparisons on initrd
locations.

Reported-by: Sven Dreyer <sven@dreyer-net.de>
Reported-by: Harald Jensås <hjensas@redhat.com>
Reported-by: Jan ONDREJ (SAL) <ondrejj@salstar.sk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/arch/x86/image/bzimage.c		diff \| blob \| blame \| history
src/arch/x86/image/initrd.c		diff \| blob \| blame \| history
src/arch/x86/include/initrd.h		diff \| blob \| blame \| history