[PATCH v5 11/13] powerpc: Allow userspace to set device tree properties in kexec_file_load

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2016-08-11 at 20:08 -0300, Thiago Jung Bauermann wrote:
> Implement the arch_kexec_verify_buffer hook to verify that a device
> tree blob passed by userspace via kexec_file_load contains only nodes
> and properties from a whitelist.
> 
> In elf64_load we merge those properties into the device tree that
> will be passed to the next kernel.
> 
> Suggested-by: Michael Ellerman <mpe at ellerman.id.au>
> Signed-off-by: Thiago Jung Bauermann <bauerman at linux.vnet.ibm.com>
> ---
> ?arch/powerpc/include/asm/kexec.h?????? |?? 1 +
> ?arch/powerpc/kernel/kexec_elf_64.c???? |?? 9 ++
> ?arch/powerpc/kernel/machine_kexec_64.c | 242 +++++++++++++++++++++++++++++++++
> ?3 files changed, 252 insertions(+)
> 
> diff --git a/arch/powerpc/include/asm/kexec.h b/arch/powerpc/include/asm/kexec.h
> index f263cc867891..31bc64e07c8f 100644
> --- a/arch/powerpc/include/asm/kexec.h
> +++ b/arch/powerpc/include/asm/kexec.h
> @@ -99,6 +99,7 @@ int setup_purgatory(struct kimage *image, const void *slave_code,
> ?int setup_new_fdt(void *fdt, unsigned long initrd_load_addr,
> ????????????????? unsigned long initrd_len, const char *cmdline);
> ?bool find_debug_console(const void *fdt, int chosen_node);
> +int merge_partial_dtb(void *to, const void *from);
> ?#endif /* CONFIG_KEXEC_FILE */
> ?
> ?#else /* !CONFIG_KEXEC */
> diff --git a/arch/powerpc/kernel/kexec_elf_64.c b/arch/powerpc/kernel/kexec_elf_64.c
> index 49cba9509464..1b902ad66e2a 100644
> --- a/arch/powerpc/kernel/kexec_elf_64.c
> +++ b/arch/powerpc/kernel/kexec_elf_64.c
> @@ -210,6 +210,15 @@ void *elf64_load(struct kimage *image, char *kernel_buf,
> ????????????????goto out;
> ????????}
> ?
> +???????/* Add nodes and properties from the DTB passed by userspace. */
> +???????if (image->dtb_buf) {
> +???????????????ret = merge_partial_dtb(fdt, image->dtb_buf);
> +???????????????if (ret) {
> +???????????????????????pr_err("Error merging partial device tree.\n");
> +???????????????????????goto out;
> +???????????????}
> +???????}
> +
> ????????ret = setup_new_fdt(fdt, initrd_load_addr, initrd_len, cmdline);
> ????????if (ret)
> ????????????????goto out;
> diff --git a/arch/powerpc/kernel/machine_kexec_64.c b/arch/powerpc/kernel/machine_kexec_64.c
> index 527f98efe651..a484a6346146 100644
> --- a/arch/powerpc/kernel/machine_kexec_64.c
> +++ b/arch/powerpc/kernel/machine_kexec_64.c
> @@ -35,6 +35,7 @@
> ?#include <asm/kexec_elf_64.h>
> ?
> ?#define SLAVE_CODE_SIZE????????????????256
> +#define MAX_DT_PATH????????????512
> ?
> ?#ifdef CONFIG_KEXEC_FILE
> ?static struct kexec_file_ops *kexec_file_loaders[] = {
> @@ -908,4 +909,245 @@ bool find_debug_console(const void *fdt, int chosen_node)
> ????????return false;
> ?}
> ?
> +/**
> + * struct allowed_node - a node in the whitelist and its allowed properties.
> + * @name:??????????????node name or full node path
> + * @properties:????????????????NULL-terminated array of names or name=value pairs
> + *
> + * If name starts with /, then the node has to be at the specified path in
> + * the device tree (including unit addresses for all nodes in the path).
> + * If it doesn't, then the node can be anywhere in the device tree.
> + *
> + * An entry in properties can specify a string value that the property must
> + * have by using the "name=value" format. If the entry ends with =, it means
> + * that the property must be empty.
> + */
> +static struct allowed_node {
> +???????const char *name;
> +???????const char *properties[9];
> +} allowed_nodes[] = {
> +???????{
> +???????????????.name = "/chosen",
> +???????????????.properties = {
> +???????????????????????"stdout-path",
> +???????????????????????"linux,stdout-path",
> +???????????????????????NULL,
> +???????????????}
> +???????},
> +???????{
> +???????????????.name = "vga",
> +???????????????.properties = {
> +???????????????????????"device_type=display",
> +???????????????????????"assigned-addresses",
> +???????????????????????"width",
> +???????????????????????"height",
> +???????????????????????"depth",
> +???????????????????????"little-endian=",
> +???????????????????????"linux,opened=",
> +???????????????????????"linux,boot-display=",ss
> +???????????????????????NULL,
> +???????????????}
> +???????},
> +};

Hi Thiago,

As much as this solves problems for *me*, I suspect adding 'vga' here
might be the subject of some discussion. Having /chosen whitelisted makes
sense on it's own, but 'vga' and its properties are very specific without
much explanation.

If everyone's happy to have it there, cool! If not, I have the majority
of a patch that handles the original reason for these property updates
separately in the kernel rather than from userspace. If needed I'll clean
it up and we can handle it that way.

Cheers,
Sam



[Index of Archives]     [LM Sensors]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux