| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210303181651.GE19713@willie-the-truck>
Date: Wed, 3 Mar 2021 18:16:52 +0000
From: Will Deacon <will@...nel.org>
To: Christophe Leroy <christophe.leroy@...roup.eu>
Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Michael Ellerman <mpe@...erman.id.au>, danielwa@...co.com,
robh@...nel.org, daniel@...pelevich.san-francisco.ca.us,
linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-arch@...r.kernel.org, devicetree@...r.kernel.org
Subject: Re: [PATCH v2 1/7] cmdline: Add generic function to build command
line.
On Wed, Mar 03, 2021 at 06:57:09PM +0100, Christophe Leroy wrote:
> Le 03/03/2021 à 18:46, Will Deacon a écrit :
> > On Wed, Mar 03, 2021 at 06:38:16PM +0100, Christophe Leroy wrote:
> > > Le 03/03/2021 à 18:28, Will Deacon a écrit :
> > > > On Tue, Mar 02, 2021 at 05:25:17PM +0000, Christophe Leroy wrote:
> > > > > This code provides architectures with a way to build command line
> > > > > based on what is built in the kernel and what is handed over by the
> > > > > bootloader, based on selected compile-time options.
> > > > >
> > > > > Signed-off-by: Christophe Leroy <christophe.leroy@...roup.eu>
> > > > > ---
> > > > > include/linux/cmdline.h | 62 +++++++++++++++++++++++++++++++++++++++++
> > > > > 1 file changed, 62 insertions(+)
> > > > > create mode 100644 include/linux/cmdline.h
> > > > >
> > > > > diff --git a/include/linux/cmdline.h b/include/linux/cmdline.h
> > > > > new file mode 100644
> > > > > index 000000000000..ae3610bb0ee2
> > > > > --- /dev/null
> > > > > +++ b/include/linux/cmdline.h
> > > > > @@ -0,0 +1,62 @@
> > > > > +/* SPDX-License-Identifier: GPL-2.0 */
> > > > > +#ifndef _LINUX_CMDLINE_H
> > > > > +#define _LINUX_CMDLINE_H
> > > > > +
> > > > > +static __always_inline size_t cmdline_strlen(const char *s)
> > > > > +{
> > > > > + const char *sc;
> > > > > +
> > > > > + for (sc = s; *sc != '\0'; ++sc)
> > > > > + ; /* nothing */
> > > > > + return sc - s;
> > > > > +}
> > > > > +
> > > > > +static __always_inline size_t cmdline_strlcat(char *dest, const char *src, size_t count)
> > > > > +{
> > > > > + size_t dsize = cmdline_strlen(dest);
> > > > > + size_t len = cmdline_strlen(src);
> > > > > + size_t res = dsize + len;
> > > > > +
> > > > > + /* This would be a bug */
> > > > > + if (dsize >= count)
> > > > > + return count;
> > > > > +
> > > > > + dest += dsize;
> > > > > + count -= dsize;
> > > > > + if (len >= count)
> > > > > + len = count - 1;
> > > > > + memcpy(dest, src, len);
> > > > > + dest[len] = 0;
> > > > > + return res;
> > > > > +}
> > > >
> > > > Why are these needed instead of using strlen and strlcat directly?
> > >
> > > Because on powerpc (at least), it will be used in prom_init, it is very
> > > early in the boot and KASAN shadow memory is not set up yet so calling
> > > generic string functions would crash the board.
> >
> > Hmm. We deliberately setup a _really_ early shadow on arm64 for this, can
> > you not do something similar? Failing that, I think it would be better to
> > offer the option for an arch to implement cmdline_*, but have then point to
> > the normal library routines by default.
>
> I don't think it is possible to setup an earlier early shadow.
>
> At the point we are in prom_init, the code is not yet relocated at the
> address it was linked for, and it is running with the MMU set by the
> bootloader, I can't imagine being able to setup MMU entries for the early
> shadow KASAN yet without breaking everything.
That's very similar to us; we're not relocated, although we are at least
in control of the MMU (which is using a temporary set of page-tables).
> Is it really worth trying to point to the normal library routines by default
> ? It is really only a few lines of code hence only not many bytes, and
> anyway they are in __init section so they get discarded at the end.
I would prefer to use the normal routines by default and allow architectures
to override them based on their needs, otherwise we'll end up trying to
maintain a "lowest-common-dominator" set of string routines that can be
safely run in whatever different constraints different architectures have.
Will
Powered by blists - more mailing lists