在2024年8月24日八月 下午3:41,Bjørn Mork写道:
> Boards based on the same SoC family can use different boot loaders.
> These may pass numeric arguments which we erroneously interpret as
> command line or environment pointers. Such errors will cause boot
> to halt at an early stage since commit 056a68cea01e ("mips: allow
> firmware to pass RNG seed to kernel").
>
> One known example of this issue is a HPE switch using a BootWare
> boot loader. It was found to pass these arguments to the kernel:
>
> 0x00020000 0x00060000 0xfffdffff 0x0000416c
>
> We can avoid hanging by validating that both passed pointers are in
> KSEG1 as expected.
Hi Bjorn,
This is actually breaking 64 bit systems passing fw_args in XKPHYS or KSEG0.
Maybe something like:
static inline bool valid_fw_arg(unsigned long arg)
{
#ifdef CONFIG_64BIT
if (arg >= XKPHYS && arg < XKSEG)
return TRUE;
#endif
return arg >= CKSEG0 && arg < CKSSEG;
}
Will be more robust.
Thanks
- Jiaxun
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 14aecdd41921 ("MIPS: FW: Add environment variable processing.")
> Signed-off-by: Bjørn Mork <bjorn@xxxxxxx>
> ---
> arch/mips/fw/lib/cmdline.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/mips/fw/lib/cmdline.c b/arch/mips/fw/lib/cmdline.c
> index 892765b742bb..51238c4f9455 100644
> --- a/arch/mips/fw/lib/cmdline.c
> +++ b/arch/mips/fw/lib/cmdline.c
> @@ -22,7 +22,7 @@ void __init fw_init_cmdline(void)
> int i;
>
> /* Validate command line parameters. */
> - if ((fw_arg0 >= CKSEG0) || (fw_arg1 < CKSEG0)) {
> + if (fw_arg0 >= CKSEG0 || fw_arg1 < CKSEG0 || fw_arg1 >= CKSEG2) {
> fw_argc = 0;
> _fw_argv = NULL;
> } else {
> @@ -31,7 +31,7 @@ void __init fw_init_cmdline(void)
> }
>
> /* Validate environment pointer. */
> - if (fw_arg2 < CKSEG0)
> + if (fw_arg2 < CKSEG0 || fw_arg2 >= CKSEG2)
> _fw_envp = NULL;
> else
> _fw_envp = (int *)fw_arg2;
> --
> 2.39.2
--
- Jiaxun
