Re: [PATCH v6 08/22] bootconfig: init: Allow admin to use bootconfig for init command line

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 7 Feb 2020 10:03:16 -0800
Kees Cook <keescook@xxxxxxxxxxxx> wrote:

> >  static void __init setup_command_line(char *command_line)
> >  {
> > -	size_t len, xlen = 0;
> > +	size_t len, xlen = 0, ilen = 0;
> >  
> >  	if (extra_command_line)
> >  		xlen = strlen(extra_command_line);
> > +	if (extra_init_args)
> > +		ilen = strlen(extra_init_args) + 4; /* for " -- " */
> >  
> >  	len = xlen + strlen(boot_command_line) + 1;
> >  
> > -	saved_command_line = memblock_alloc(len, SMP_CACHE_BYTES);
> > +	saved_command_line = memblock_alloc(len + ilen, SMP_CACHE_BYTES);
> >  	if (!saved_command_line)
> > -		panic("%s: Failed to allocate %zu bytes\n", __func__, len);
> > +		panic("%s: Failed to allocate %zu bytes\n", __func__, len + ilen);
> >  
> >  	static_command_line = memblock_alloc(len, SMP_CACHE_BYTES);
> >  	if (!static_command_line)
> > @@ -533,6 +539,22 @@ static void __init setup_command_line(char *command_line)
> >  	}
> >  	strcpy(saved_command_line + xlen, boot_command_line);
> >  	strcpy(static_command_line + xlen, command_line);
> > +
> > +	if (ilen) {
> > +		/*
> > +		 * Append supplemental init boot args to saved_command_line
> > +		 * so that user can check what command line options passed
> > +		 * to init.
> > +		 */
> > +		len = strlen(saved_command_line);
> > +		if (!strstr(boot_command_line, " -- ")) {
> > +			strcpy(saved_command_line + len, " -- ");
> > +			len += 4;
> > +		} else
> > +			saved_command_line[len++] = ' ';
> > +
> > +		strcpy(saved_command_line + len, extra_init_args);
> > +	}  
> 
> This isn't safe because it will destroy any argument with " -- " in
> quotes and anything after it. For example, booting with:
> 
> thing=on acpi_osi="! -- " other=setting
> 
> will wreck acpi_osi's value and potentially overwrite "other=settings",
> etc.
> 
> (Yes, this seems very unlikely, but you can't treat " -- " as special,
> the command line string must be correct parsed for double quotes, as
> parse_args() does.)
> 

This is not the args you are looking for. ;-)

There is a slight bug, but not as bad as you may think it is.
bootconfig (when added to the command line) will look for a json like
file appended to the initrd, and it will parse that. That's what all the
xbc_*() functions do (extended boot commandline). If one of the options
in that json like file is "init", then it will create the
extra_init_args, which will make ilen greater than zero.

The above if statement looks for that ' -- ', and if it doesn't find it
(strcmp() returns NULL when not found) it will than append " -- " to
the boot_command_line. If it is found, then the " -- " is not added. In
either case, the init args found in the json like file in the initrd is
appended to the saved_command_line.

I did say there's a slight bug here. If you have your condition, and
you add init arguments to that json file, it wont properly add the " --
", and the init arguments in that file will be ignored.

That should be fixed, and I think I was able to do that below. I also
noticed that we don't properly look for "bootconfig" either.

-- Steve




> >  }
> >  
> >  /*
> > @@ -759,6 +781,9 @@ asmlinkage __visible void __init start_kernel(void)
> >  	if (!IS_ERR_OR_NULL(after_dashes))
> >  		parse_args("Setting init args", after_dashes, NULL, 0, -1, -1,
> >  			   NULL, set_init_arg);
> > +	if (extra_init_args)
> > +		parse_args("Setting extra init args", extra_init_args,
> > +			   NULL, 0, -1, -1, NULL, set_init_arg);  

diff --git a/init/main.c b/init/main.c
index 491f1cdb3105..113c8244e5f0 100644
--- a/init/main.c
+++ b/init/main.c
@@ -142,6 +142,15 @@ static char *extra_command_line;
 /* Extra init arguments */
 static char *extra_init_args;
 
+#ifdef CONFIG_BOOT_CONFIG
+/* Is bootconfig on command line? */
+static bool bootconfig_found;
+static bool initargs_found;
+#else
+# define bootconfig_found false
+# define initargs_found false
+#endif
+
 static char *execute_command;
 static char *ramdisk_execute_command;
 
@@ -336,17 +345,32 @@ u32 boot_config_checksum(unsigned char *p, u32 size)
 	return ret;
 }
 
+static int __init bootconfig_params(char *param, char *val,
+				    const char *unused, void *arg)
+{
+	if (strcmp(param, "bootconfig") == 0) {
+		bootconfig_found = true;
+	} else if (strcmp(param, "--") == 0) {
+		initargs_found = true;
+	}
+	return 0;
+}
+
 static void __init setup_boot_config(const char *cmdline)
 {
+	static char tmp_cmdline[COMMAND_LINE_SIZE] __initdata;
 	u32 size, csum;
 	char *data, *copy;
 	const char *p;
 	u32 *hdr;
 	int ret;
 
-	p = strstr(cmdline, "bootconfig");
-	if (!p || (p != cmdline && !isspace(*(p-1))) ||
-	    (p[10] && !isspace(p[10])))
+	/* All fall through to do_early_param. */
+	strlcpy(tmp_cmdline, boot_command_line, COMMAND_LINE_SIZE);
+	parse_args("bootconfig", tmp_cmdline, NULL, 0, 0, 0, NULL,
+		   bootconfig_params);
+
+	if (!bootconfig_found)
 		return;
 
 	if (!initrd_end)
@@ -563,11 +587,12 @@ static void __init setup_command_line(char *command_line)
 		 * to init.
 		 */
 		len = strlen(saved_command_line);
-		if (!strstr(boot_command_line, " -- ")) {
+		if (initargs_found) {
+			saved_command_line[len++] = ' ';
+		} else {
 			strcpy(saved_command_line + len, " -- ");
 			len += 4;
-		} else
-			saved_command_line[len++] = ' ';
+		}
 
 		strcpy(saved_command_line + len, extra_init_args);
 	}



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux