| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Sep 2020 14:15:55 -0500
From: Tyler Hicks <tyhicks@...ux.microsoft.com>
To: Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>
Cc: Pavel Tatashin <pasha.tatashin@...een.com>,
Rob Herring <robh+dt@...nel.org>,
linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] arm64: Implement CONFIG_CMDLINE_EXTEND
Provide the CONFIG_CMDLINE_EXTEND config option for arm64 kernels. This
config option can be used to extend the kernel command line parameters,
specified by the bootloader, with additional command line parameters
specified in the kernel configuration.
This option addresses the following use cases:
1) Switching between stable and development kernel versions, where one
of the versions benefits from additional command line parameters,
such as debugging options.
2) Specifying additional command line parameters, for additional tuning
or debugging, when the bootloader does not offer an interactive mode.
After implementing these patches, I noticed that a previous attempt has
been made to upstream CONFIG_CMDLINE_EXTEND support in arm64:
https://lore.kernel.org/linux-arm-kernel/1447838885-9888-1-git-send-email-p.fedin@samsung.com/
I don't believe that the previous objection still holds as the generic
command line parsing series hasn't been revised in over a year.
This series is based on commit f322010a08da ("Merge branch
'for-next/mte' into for-next/core") of the for-next/core branch of the
arm64 tree.
Below is a summary of testing that I performed.
Upgrade testing:
* CONFIG_CMDLINE unset
- oldconfig target doesn't prompt,
* CONFIG_CMDLINE set, CONFIG_CMDLINE_FORCE unset
- oldconfig target prompts for command line type with default choice
set to CONFIG_CMDLINE_FROM_BOOTLOADER
* CONFIG_CMDLINE set, CONFIG_CMDLINE_FORCE set
- oldconfig target prompts for command line type with default choice
set to CONFIG_CMDLINE_FORCE
Functional testing:
* Set CONFIG_CMDLINE="nokaslr apparmor=0" and CONFIG_CMDLINE_EXTEND=y to
test early init parsing and regular parsing
- /proc/cmdline shows that "nokaslr apparmor=0" was appended to the
end of the bootloader supplied command line
- "KASLR disabled on command line" found in dmesg
- AppArmor is disabled. /sys/kernel/security/apparmor does not exist
and aa-status prints:
apparmor module is loaded.
apparmor filesystem is not mounted.
* Set CONFIG_CMDLINE="nokaslr apparmor=0",
CONFIG_CMDLINE_FROM_BOOTLOADER=y, and have the bootloader specify a
command line without those options
- The bootloader's command line is used and does not contain
CONFIG_CMDLINE's value
- AppArmor and KASLR are enabled
* Set CONFIG_CMDLINE="nokaslr apparmor=0" and CONFIG_CMDLINE_FORCE=y
- The CONFIG_CMDLINE value is used and does not contain the
bootloader's command line
- AppArmor and KASLR are disabled
Tyler
Tyler Hicks (2):
arm64: kaslr: Refactor early init command line parsing
arm64: Extend the kernel command line from the bootloader
arch/arm64/Kconfig | 23 ++++++++++++++++++++++-
arch/arm64/kernel/kaslr.c | 26 ++++++++++++++++++--------
2 files changed, 40 insertions(+), 9 deletions(-)
--
2.25.1
Powered by blists - more mailing lists