Kexec command line length

nhorman@xxxxxxxxxxxxx (Neil Horman) · Mon, 28 Jan 2008 15:53:24 -0500

On Mon, Jan 28, 2008 at 03:20:41PM -0500, Vivek Goyal wrote:
> >  
> >  struct x86_linux_header {
> > @@ -206,7 +210,10 @@ struct x86_linux_header {
> >  #else
> >  	uint32_t kernel_alignment;		/* 0x230 */
> >  	uint8_t  relocatable_kernel;		/* 0x234 */
> > -	uint8_t  tail[32*1024 - 0x235];		/* 0x230 */
> > +	uint32_t cmdline_size;                  /* 0x235 */
> > +	uint32_t hardware_subarch;              /* 0x239 */
> > +	uint64_t hardware_subarch_data;         /* 0x23D */
> 
> We need a padding of 3 bytes here too between relocatable kernel and
> cmdline_size, in the same way as x86_linux_param_header?
> 

Oh, good catch, yes we do need that.  I expect it passed my testing because the
garbage that wound up in cmdline_size was big enough to pass the check in
do_bzImage_load.

New patch, same summary as before, with the above correction

Regards
Neil

Signed-off-by: Neil Horman <nhorman at tuxdriver.com>


 include/x86/x86-linux.h         |   20 ++++++++++++++------
 kexec/arch/i386/kexec-bzImage.c |    7 +++++++
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/include/x86/x86-linux.h b/include/x86/x86-linux.h
index afe66bd..6e4f984 100644
--- a/include/x86/x86-linux.h
+++ b/include/x86/x86-linux.h
@@ -144,18 +144,22 @@ struct x86_linux_param_header {
 	/* 2.04+ */
 	uint32_t kernel_alignment;		/* 0x230 */
 	uint8_t  relocatable_kernel;		/* 0x234 */
-	uint8_t  reserved15[0x2d0 - 0x235];	/* 0x230 */
+	uint8_t  reserved15[3];			/* 0x235 */
+	uint32_t cmdline_size;			/* 0x238 */
+	uint32_t hardware_subarch;		/* 0x23C */
+	uint64_t hardware_subarch_data;		/* 0x240 */
+	uint8_t  reserved16[0x2d0 - 0x248];	/* 0x248 */
 #endif
 	struct e820entry e820_map[E820MAX];	/* 0x2d0 */
 						/* 0x550 */
-#define COMMAND_LINE_SIZE 256
+#define COMMAND_LINE_SIZE 2048 
 };
 
 struct x86_linux_faked_param_header {
 	struct x86_linux_param_header hdr;	/* 0x00 */
-	uint8_t reserved16[688];		/* 0x550 */
-	uint8_t command_line[COMMAND_LINE_SIZE]; /* 0x800 */
-	uint8_t reserved17[1792];		/* 0x900 - 0x1000 */
+	uint8_t reserved17[0xab0];		/* 0x550 */
+	uint8_t command_line[COMMAND_LINE_SIZE]; /* 0x1000 */
+	uint8_t reserved18[0x200];		/* 0x1800 - 0x2000 */
 };
 
 struct x86_linux_header {
@@ -206,7 +210,11 @@ struct x86_linux_header {
 #else
 	uint32_t kernel_alignment;		/* 0x230 */
 	uint8_t  relocatable_kernel;		/* 0x234 */
-	uint8_t  tail[32*1024 - 0x235];		/* 0x230 */
+	uint8_t  reserved6[3];			/* 0x235 */
+	uint32_t cmdline_size;                  /* 0x238 */
+	uint32_t hardware_subarch;              /* 0x23C */
+	uint64_t hardware_subarch_data;         /* 0x240 */
+	uint8_t  tail[32*1024 - 0x248];		/* 0x248 */
 #endif
 } PACKED;
 
diff --git a/kexec/arch/i386/kexec-bzImage.c b/kexec/arch/i386/kexec-bzImage.c
index 8fde799..4f2a294 100644
--- a/kexec/arch/i386/kexec-bzImage.c
+++ b/kexec/arch/i386/kexec-bzImage.c
@@ -134,6 +134,13 @@ int do_bzImage_load(struct kexec_info *info,
 		return -1;
 	}
 
+	if (setup_header.protocol_version >= 0x0206) {
+		if (command_line_len > setup_header.cmdline_size) {
+			dbgprintf("Kernel command line too long for kernel!\n");
+			return -1;
+		}
+	}
+
 	if (setup_header.protocol_version >= 0x0205) {
 		relocatable_kernel = setup_header.relocatable_kernel;
 		dbgprintf("bzImage is relocatable\n");
-- 
/****************************************************
 * Neil Horman <nhorman at tuxdriver.com>
 * Software Engineer, Red Hat
 ****************************************************/






