lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240824144133.1464835-1-bjorn@mork.no>
Date: Sat, 24 Aug 2024 16:41:33 +0200
From: Bjørn Mork <bjorn@...k.no>
To: Thomas Bogendoerfer <tsbogend@...ha.franken.de>
Cc: "Steven J . Hill" <Steven.Hill@...tec.com>, linux-mips@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Bjørn Mork <bjorn@...k.no>, stable@...r.kernel.org
Subject: [PATCH] MIPS: fw: Gracefully handle unknown firmware protocols

Boards based on the same SoC family can use different boot loaders.
These may pass numeric arguments which we erroneously interpret as
command line or environment pointers. Such errors will cause boot
to halt at an early stage since commit 056a68cea01e ("mips: allow
firmware to pass RNG seed to kernel").

One known example of this issue is a HPE switch using a BootWare
boot loader.  It was found to pass these arguments to the kernel:

  0x00020000 0x00060000 0xfffdffff 0x0000416c

We can avoid hanging by validating that both passed pointers are in
KSEG1 as expected.

Cc: stable@...r.kernel.org
Fixes: 14aecdd41921 ("MIPS: FW: Add environment variable processing.")
Signed-off-by: Bjørn Mork <bjorn@...k.no>
---
 arch/mips/fw/lib/cmdline.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/mips/fw/lib/cmdline.c b/arch/mips/fw/lib/cmdline.c
index 892765b742bb..51238c4f9455 100644
--- a/arch/mips/fw/lib/cmdline.c
+++ b/arch/mips/fw/lib/cmdline.c
@@ -22,7 +22,7 @@ void __init fw_init_cmdline(void)
 	int i;
 
 	/* Validate command line parameters. */
-	if ((fw_arg0 >= CKSEG0) || (fw_arg1 < CKSEG0)) {
+	if (fw_arg0 >= CKSEG0 || fw_arg1 < CKSEG0 || fw_arg1 >= CKSEG2) {
 		fw_argc = 0;
 		_fw_argv = NULL;
 	} else {
@@ -31,7 +31,7 @@ void __init fw_init_cmdline(void)
 	}
 
 	/* Validate environment pointer. */
-	if (fw_arg2 < CKSEG0)
+	if (fw_arg2 < CKSEG0 || fw_arg2 >= CKSEG2)
 		_fw_envp = NULL;
 	else
 		_fw_envp = (int *)fw_arg2;
-- 
2.39.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ