lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130611184113.GA2288@www.outflux.net>
Date:	Tue, 11 Jun 2013 11:41:13 -0700
From:	Kees Cook <keescook@...omium.org>
To:	linux-kernel@...r.kernel.org
Cc:	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
	Yinghai Lu <yinghai@...nel.org>,
	Gokul Caushik <caushik1@...il.com>,
	Kees Cook <keescook@...omium.org>,
	Josh Triplett <josh@...htriplett.org>
Subject: [PATCH] x86, boot: access cmdline when loaded high

The __cmdline_find_option routine requires that the kernel cmdline be
located under 0x10000. When running the compressed boot code, if the
cmdline is loaded above this range, it will be ignored. This breaks
recognition of things like "earlyprintk=...". Since the compressed boot
code is already tricking the cmdline routines about locations, take it all
the way and access the cmdline via offset instead of via actual location.

Signed-off-by: Kees Cook <keescook@...omium.org>
---
 arch/x86/boot/compressed/cmdline.c |   21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/arch/x86/boot/compressed/cmdline.c b/arch/x86/boot/compressed/cmdline.c
index bffd73b..2e39280 100644
--- a/arch/x86/boot/compressed/cmdline.c
+++ b/arch/x86/boot/compressed/cmdline.c
@@ -2,32 +2,29 @@
 
 #ifdef CONFIG_EARLY_PRINTK
 
+/*
+ * We know where the cmdline is, so just retain it, and use a non-zero
+ * offset to trick __cmdline_find_option into running.
+ */
 static unsigned long fs;
 static inline void set_fs(unsigned long seg)
 {
-	fs = seg << 4;  /* shift it back */
+	fs = real_mode->hdr.cmd_line_ptr;
+	fs |= (u64)real_mode->ext_cmd_line_ptr << 32;
 }
 typedef unsigned long addr_t;
 static inline char rdfs8(addr_t addr)
 {
-	return *((char *)(fs + addr));
+	return *((char *)(fs + addr - 0x1));
 }
 #include "../cmdline.c"
-static unsigned long get_cmd_line_ptr(void)
-{
-	unsigned long cmd_line_ptr = real_mode->hdr.cmd_line_ptr;
-
-	cmd_line_ptr |= (u64)real_mode->ext_cmd_line_ptr << 32;
-
-	return cmd_line_ptr;
-}
 int cmdline_find_option(const char *option, char *buffer, int bufsize)
 {
-	return __cmdline_find_option(get_cmd_line_ptr(), option, buffer, bufsize);
+	return __cmdline_find_option(0x1, option, buffer, bufsize);
 }
 int cmdline_find_option_bool(const char *option)
 {
-	return __cmdline_find_option_bool(get_cmd_line_ptr(), option);
+	return __cmdline_find_option_bool(0x1, option);
 }
 
 #endif
-- 
1.7.9.5


-- 
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ