lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Feb 2017 12:19:40 +0000 From: Daniel Thompson <daniel.thompson@...aro.org> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Daniel Thompson <daniel.thompson@...aro.org>, linux-kernel@...r.kernel.org, patches@...aro.org Subject: [PATCH] initramfs: Provide a way to ignore image provided by bootloader Many "embedded" architectures provide CMDLINE_FORCE to allow the kernel to override the command line provided by an inflexible bootloader. However there is currrently no way for the kernel to override the initramfs image provided by the bootloader meaning there are still ways for bootloaders to make things difficult for us. Fix this by introducing INITRAMFS_FORCE which can prevent the kernel from loading the bootloader supplied image. We use CMDLINE_FORCE (and its friend CMDLINE_EXTEND) to imply that the system has an inflexible bootloader. This allow us to avoid presenting this config option to users of systems where inflexible bootloaders aren't usually a problem. Signed-off-by: Daniel Thompson <daniel.thompson@...aro.org> --- init/initramfs.c | 2 +- usr/Kconfig | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/init/initramfs.c b/init/initramfs.c index b32ad7d97ac9..cc9d9ec4abba 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -610,7 +610,7 @@ static int __init populate_rootfs(void) char *err = unpack_to_rootfs(__initramfs_start, __initramfs_size); if (err) panic("%s", err); /* Failed to decompress INTERNAL initramfs */ - if (initrd_start) { + if (initrd_start && !IS_ENABLED(CONFIG_INITRAMFS_FORCE)) { #ifdef CONFIG_BLK_DEV_RAM int fd; printk(KERN_INFO "Trying to unpack rootfs image as initramfs...\n"); diff --git a/usr/Kconfig b/usr/Kconfig index 6278f135256d..c0c48507e44e 100644 --- a/usr/Kconfig +++ b/usr/Kconfig @@ -21,6 +21,16 @@ config INITRAMFS_SOURCE If you are not sure, leave it blank. +config INITRAMFS_FORCE + bool "Ignore the initramfs passed by the bootloader" + depends on CMDLINE_EXTEND || CMDLINE_FORCE + help + This option causes the kernel to ignore the initramfs image + (or initrd image) passed to it by the bootloader. This is + analogous to CMDLINE_FORCE, which is found on some architectures, + and is useful if you cannot or don't want to change the image + your bootloader passes to the kernel. + config INITRAMFS_ROOT_UID int "User ID to map to 0 (user root)" depends on INITRAMFS_SOURCE!="" -- 2.9.3
Powered by blists - more mailing lists