lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87cylvy8bv.fsf@miraculix.mork.no>
Date: Mon, 26 Aug 2024 10:52:36 +0200
From: Bjørn Mork <bjorn@...k.no>
To: "Maciej W. Rozycki" <macro@...am.me.uk>
Cc: Jiaxun Yang <jiaxun.yang@...goat.com>,
        Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
        "linux-mips@...r.kernel.org" <linux-mips@...r.kernel.org>,
        linux-kernel@...r.kernel.org,
        "stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [PATCH] MIPS: fw: Gracefully handle unknown firmware protocols

"Maciej W. Rozycki" <macro@...am.me.uk> writes:

> Even those that do use the function have a choice to override the default 
> handler by setting CONFIG_HAVE_PLAT_FW_INIT_CMDLINE.  Perhaps it's what 
> you need to do for your platform too.

Considered that, but this problem isn't directly platform-related, is
it?  Many of the firmware implementations are multi-platform. And they
support many of the same platforms.

My concrete eample showed up on the "realtek" (rtl838x and rtl93xx SoCs)
platform in OpenWrt, where a large number of boards from assorted
vendors are currently supported. The current implementation works fine
for most of them because they using U-Boot. But it failed in what I
consider the ugliest way possible (no ooops, no error message, just
hanging) on the boards from HPE because they use Bootware.

FWIW, there is also a vendor using BootBase for pretty much the same
hardware.  But that's still unsupported in OpenWrt for various reasons.

So yes, this could be worked around by having a platform specific
fw_init_cmdline().  Or even another out-of-tree OpenWrt specific patch.
But whatever the solution is, it can't drop the U-Boot support since
most of the boards actually use U-Boot.  Which is why I believe it's
much better to solve this problem at the root, for the benefit of
everyone else.

But of course, if necessary it would be possible to build X kernels with
dfferent fw_init_cmdline() implementations to support the same hardware
booted from X different boot firmwares.

>  It's clear to me that this mess has to be cleaned up.  Not all kinds of 
> firmware permit the setting of arbitrary environment variables (or ones 
> that survive a reboot) though.

Yes.  And I believe it can be solved by improving the pointer validation
that's already there.  All we need is to reject argument values passed
by other firmwares.

But it's probably better to create an inline valid_fw_arg(() or similar
function as proposed by Jiaxun, allowing the XKPHYS range too on 64 bit
systems.

If necessary we can improve further by adding an alignment requirement,
which was a proposal that came up in the OpenWrt discussions.

Another option is to connect the validation of all 4 arguments.  There
is for example no reason to interpret the Bootware fw_arg2 value as an
enviroment pointer after we've already rejected fw_arg1 as cmdline.

It's also possible to validate command line argument pointers and
environment variable pointers (except for alignment, I guess?), refusing
anything which ends ut pointing outsde KSEG1 or XKPHYS.

How complicated you want this is all a matter of taste IMHO.  I tried to
make this a simple solution matching the current "forgiving"
implementation.

Another improvement would be a pr_info() dumping the fw_argX values. It
would make it possible to understand why the code is hanging when the
firmware does something unexpected. I don't think pr_debug() helps much
in this particular case.



Bjørn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ