From patchwork Thu Feb 17 08:30:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Heimes X-Patchwork-Id: 1594065 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=nDysxsum; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jzp291ZStz9sFy for ; Thu, 17 Feb 2022 19:31:12 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1nKcBm-0007cr-Sx; Thu, 17 Feb 2022 08:30:58 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1nKcBl-0007cQ-CS for kernel-team@lists.ubuntu.com; Thu, 17 Feb 2022 08:30:57 +0000 Received: from T570.fritz.box (2.general.fheimes.us.vpn [10.172.66.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id B11D641C65 for ; Thu, 17 Feb 2022 08:30:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1645086657; bh=aAJ/m4yZqthCC6YNIhIe/gGHli8S0UBBghHEAY1TPH8=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=nDysxsum5pWyXv5i05QPr/ftX9Jg3nDECIHSbGJWRaUfFCqiMAw6irgUaIIFhwAY/ mtDSaOcS9GMrUHUb1loZ+2OKaelRpn2NYfs/gJsH+ALKPA3Q57unSJnIP86RPPrdEs 1XWLxjlm9PdSs4y4PffXPoo4DypCRVaEsxLZkYJxpOKk8sn9B0gWcwW+8diRNiRRuU mfN6sfEhv0cqDdErxnlaSR/MpfTXiVadgUlacmAs+MX4ocBSBdhr1S4APULbjpWWRG d0z3t+QgcgahWoCIbUXW3jAY2hZ/ywN6G2FMcBkFp3w6+VogmmFNyWsm01tPWpnvTM Dr9DYQinNLsvA== From: frank.heimes@canonical.com To: kernel-team@lists.ubuntu.com Subject: [J][PATCH 1/2] s390/kexec_file: move kernel image size check Date: Thu, 17 Feb 2022 09:30:44 +0100 Message-Id: <20220217083045.931758-2-frank.heimes@canonical.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220217083045.931758-1-frank.heimes@canonical.com> References: <20220217083045.931758-1-frank.heimes@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Sven Schnelle BugLink: https://bugs.launchpad.net/bugs/1959984 In preparation of adding support for command lines with variable sizes on s390, the check whether the new kernel image is at least HEAD_END bytes long isn't correct. Move the check to kexec_file_add_components() so we can get the size of the parm area and check the size there. The '.org HEAD_END' directive can now also be removed from head.S. This was used in the past to reserve space for the early sccb buffer, but with commit 9a5131b87cac1 ("s390/boot: move sclp early buffer from fixed address in asm to C") this is no longer required. Signed-off-by: Sven Schnelle Reviewed-by: Heiko Carstens Signed-off-by: Vasily Gorbik (cherry picked from commit 277c8389386e2ccb8417afe4e36f67fc5dcd735d) Signed-off-by: Frank Heimes --- arch/s390/boot/head.S | 2 -- arch/s390/include/asm/setup.h | 1 - arch/s390/kernel/machine_kexec_file.c | 25 ++----------------------- 3 files changed, 2 insertions(+), 26 deletions(-) diff --git a/arch/s390/boot/head.S b/arch/s390/boot/head.S index 40f4cff538b8..f3a8dba7dd5d 100644 --- a/arch/s390/boot/head.S +++ b/arch/s390/boot/head.S @@ -383,5 +383,3 @@ SYM_DATA_START(parmarea) .byte 0 .org PARMAREA+__PARMAREA_SIZE SYM_DATA_END(parmarea) - - .org HEAD_END diff --git a/arch/s390/include/asm/setup.h b/arch/s390/include/asm/setup.h index b6606ffd85d8..121e1a8c41d7 100644 --- a/arch/s390/include/asm/setup.h +++ b/arch/s390/include/asm/setup.h @@ -11,7 +11,6 @@ #include #define PARMAREA 0x10400 -#define HEAD_END 0x11000 /* * Machine features detected in early.c diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c index a81d6c43b9b6..6944d9abee1e 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -235,7 +235,8 @@ void *kexec_file_add_components(struct kimage *image, if (ret) goto out; - if (image->cmdline_buf_len >= ARCH_COMMAND_LINE_SIZE) { + if (image->kernel_buf_len < PARMAREA + sizeof(struct parmarea) || + image->cmdline_buf_len >= ARCH_COMMAND_LINE_SIZE) { ret = -EINVAL; goto out; } @@ -324,25 +325,3 @@ int arch_kexec_apply_relocations_add(struct purgatory_info *pi, } return 0; } - -int arch_kexec_kernel_image_probe(struct kimage *image, void *buf, - unsigned long buf_len) -{ - /* A kernel must be at least large enough to contain head.S. During - * load memory in head.S will be accessed, e.g. to register the next - * command line. If the next kernel were smaller the current kernel - * will panic at load. - */ - if (buf_len < HEAD_END) - return -ENOEXEC; - - return kexec_image_probe_default(image, buf, buf_len); -} - -int arch_kimage_file_post_load_cleanup(struct kimage *image) -{ - vfree(image->arch.ipl_buf); - image->arch.ipl_buf = NULL; - - return kexec_image_post_load_cleanup_default(image); -} From patchwork Thu Feb 17 08:30:45 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Heimes X-Patchwork-Id: 1594063 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=bQR5ey+t; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4Jzp290pnbz9sFw for ; Thu, 17 Feb 2022 19:31:11 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1nKcBq-0007ef-4h; Thu, 17 Feb 2022 08:31:02 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1nKcBm-0007cg-C0 for kernel-team@lists.ubuntu.com; Thu, 17 Feb 2022 08:30:58 +0000 Received: from T570.fritz.box (2.general.fheimes.us.vpn [10.172.66.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id A4CF93F20F for ; Thu, 17 Feb 2022 08:30:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1645086658; bh=Z+mh4Y3ICQE25z6UwPWcpKZ5bCNm2wGdJxhZV9VRIWs=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=bQR5ey+t9/F5vqMZ0df3ScfLqeaFJ5+IPw51VlJIZUJlHyUvQjI+16P7826l/l2h7 siRfSV4GhT3Ohu9gucD1/IDdIxO9Fipvvg0RqDrcABTF3AlLWDfgGVp1oRA5jDIlxF HkPMLIUvW6arJy2lmVwkuxcf2oPtXS6zPvrMiiQsPCGgsm4xzdX9PMnPkexeKISEA1 U9mTvqMajf5n2XLYYpimZoW0XOOn81MaCETkL4DSyO6HcDRb8gYAqIo/g8IWqJccHD Ufx+MA/QxeFVHltqb+oyUBix7unyCT04Ogj1Ns6DfWLZ6CJ7g03fbyKyIwAmkhKqej 5XIX4XDWLzo3w== From: frank.heimes@canonical.com To: kernel-team@lists.ubuntu.com Subject: [J][PATCH 2/2] s390: support command lines longer than 896 bytes Date: Thu, 17 Feb 2022 09:30:45 +0100 Message-Id: <20220217083045.931758-3-frank.heimes@canonical.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220217083045.931758-1-frank.heimes@canonical.com> References: <20220217083045.931758-1-frank.heimes@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Sven Schnelle BugLink: https://bugs.launchpad.net/bugs/1959984 Currently s390 supports a fixed maximum command line length of 896 bytes. This isn't enough as some installers are trying to pass all configuration data via kernel command line, and even with zfcp alone it is easy to generate really long command lines. Therefore extend the command line to 4 kbytes. In the parm area where the command line is stored there is no indication of the maximum allowed length, so a new field which contains the maximum length is added. The parm area has always been initialized to zero, so with old kernels this field would read zero. This is important because tools like zipl could read this field. If it contains a number larger than zero zipl knows the maximum length that can be stored in the parm area, otherwise it must assume that it is booting a legacy kernel and only 896 bytes are available. The removing of trailing whitespace in head.S is also removed because code to do this is already present in setup_boot_command_line(). Signed-off-by: Sven Schnelle Reviewed-by: Heiko Carstens Signed-off-by: Vasily Gorbik (cherry picked from commit 5ecb2da660ab8eddafe059a6a8a708465db89ca2) Signed-off-by: Frank Heimes --- arch/s390/boot/head.S | 35 +++++++++------------------ arch/s390/boot/ipl_parm.c | 4 +-- arch/s390/include/asm/setup.h | 7 ++++-- arch/s390/include/uapi/asm/setup.h | 2 -- arch/s390/kernel/asm-offsets.c | 1 + arch/s390/kernel/early.c | 2 +- arch/s390/kernel/machine_kexec_file.c | 22 ++++++++++++++--- 7 files changed, 39 insertions(+), 34 deletions(-) diff --git a/arch/s390/boot/head.S b/arch/s390/boot/head.S index f3a8dba7dd5d..304db273ec1f 100644 --- a/arch/s390/boot/head.S +++ b/arch/s390/boot/head.S @@ -184,35 +184,23 @@ iplstart: bas %r14,.Lloader # load parameter file ltr %r2,%r2 # got anything ? bz .Lnopf - chi %r2,895 - bnh .Lnotrunc - la %r2,895 + l %r3,MAX_COMMAND_LINE_SIZE+ARCH_OFFSET-PARMAREA(%r12) + ahi %r3,-1 + clr %r2,%r3 + bl .Lnotrunc + lr %r2,%r3 .Lnotrunc: l %r4,.Linitrd clc 0(3,%r4),.L_hdr # if it is HDRx bz .Lagain1 # skip dataset header clc 0(3,%r4),.L_eof # if it is EOFx bz .Lagain1 # skip dateset trailer - la %r5,0(%r4,%r2) - lr %r3,%r2 - la %r3,COMMAND_LINE-PARMAREA(%r12) # load adr. of command line - mvc 0(256,%r3),0(%r4) - mvc 256(256,%r3),256(%r4) - mvc 512(256,%r3),512(%r4) - mvc 768(122,%r3),768(%r4) - slr %r0,%r0 - b .Lcntlp -.Ldelspc: - ic %r0,0(%r2,%r3) - chi %r0,0x20 # is it a space ? - be .Lcntlp - ahi %r2,1 - b .Leolp -.Lcntlp: - brct %r2,.Ldelspc -.Leolp: - slr %r0,%r0 - stc %r0,0(%r2,%r3) # terminate buffer + + lr %r5,%r2 + la %r6,COMMAND_LINE-PARMAREA(%r12) + lr %r7,%r2 + ahi %r7,1 + mvcl %r6,%r4 .Lnopf: # @@ -377,6 +365,7 @@ SYM_DATA_START(parmarea) .quad 0 # OLDMEM_BASE .quad 0 # OLDMEM_SIZE .quad kernel_version # points to kernel version string + .quad COMMAND_LINE_SIZE .org COMMAND_LINE .byte "root=/dev/ram0 ro" diff --git a/arch/s390/boot/ipl_parm.c b/arch/s390/boot/ipl_parm.c index 0f84c072625e..9ed7e29c81d9 100644 --- a/arch/s390/boot/ipl_parm.c +++ b/arch/s390/boot/ipl_parm.c @@ -170,10 +170,10 @@ static inline int has_ebcdic_char(const char *str) void setup_boot_command_line(void) { - parmarea.command_line[ARCH_COMMAND_LINE_SIZE - 1] = 0; + parmarea.command_line[COMMAND_LINE_SIZE - 1] = 0; /* convert arch command line to ascii if necessary */ if (has_ebcdic_char(parmarea.command_line)) - EBCASC(parmarea.command_line, ARCH_COMMAND_LINE_SIZE); + EBCASC(parmarea.command_line, COMMAND_LINE_SIZE); /* copy arch command line */ strcpy(early_command_line, strim(parmarea.command_line)); diff --git a/arch/s390/include/asm/setup.h b/arch/s390/include/asm/setup.h index 121e1a8c41d7..d718029794e2 100644 --- a/arch/s390/include/asm/setup.h +++ b/arch/s390/include/asm/setup.h @@ -42,6 +42,8 @@ #define STARTUP_NORMAL_OFFSET 0x10000 #define STARTUP_KDUMP_OFFSET 0x10010 +#define LEGACY_COMMAND_LINE_SIZE 896 + #ifndef __ASSEMBLY__ #include @@ -54,8 +56,9 @@ struct parmarea { unsigned long oldmem_base; /* 0x10418 */ unsigned long oldmem_size; /* 0x10420 */ unsigned long kernel_version; /* 0x10428 */ - char pad1[0x10480 - 0x10430]; /* 0x10430 - 0x10480 */ - char command_line[ARCH_COMMAND_LINE_SIZE]; /* 0x10480 */ + unsigned long max_command_line_size; /* 0x10430 */ + char pad1[0x10480-0x10438]; /* 0x10438 - 0x10480 */ + char command_line[COMMAND_LINE_SIZE]; /* 0x10480 */ }; extern struct parmarea parmarea; diff --git a/arch/s390/include/uapi/asm/setup.h b/arch/s390/include/uapi/asm/setup.h index 1f8803a31079..9b685536c31c 100644 --- a/arch/s390/include/uapi/asm/setup.h +++ b/arch/s390/include/uapi/asm/setup.h @@ -9,6 +9,4 @@ #define COMMAND_LINE_SIZE 4096 -#define ARCH_COMMAND_LINE_SIZE 896 - #endif /* _UAPI_ASM_S390_SETUP_H */ diff --git a/arch/s390/kernel/asm-offsets.c b/arch/s390/kernel/asm-offsets.c index b57da9338588..604201fbea96 100644 --- a/arch/s390/kernel/asm-offsets.c +++ b/arch/s390/kernel/asm-offsets.c @@ -160,5 +160,6 @@ int main(void) DEFINE(OLDMEM_BASE, PARMAREA + offsetof(struct parmarea, oldmem_base)); DEFINE(OLDMEM_SIZE, PARMAREA + offsetof(struct parmarea, oldmem_size)); DEFINE(COMMAND_LINE, PARMAREA + offsetof(struct parmarea, command_line)); + DEFINE(MAX_COMMAND_LINE_SIZE, PARMAREA + offsetof(struct parmarea, max_command_line_size)); return 0; } diff --git a/arch/s390/kernel/early.c b/arch/s390/kernel/early.c index 9857cb046726..c5fcbb7a0de9 100644 --- a/arch/s390/kernel/early.c +++ b/arch/s390/kernel/early.c @@ -280,7 +280,7 @@ char __bootdata(early_command_line)[COMMAND_LINE_SIZE]; static void __init setup_boot_command_line(void) { /* copy arch command line */ - strlcpy(boot_command_line, early_command_line, ARCH_COMMAND_LINE_SIZE); + strlcpy(boot_command_line, early_command_line, COMMAND_LINE_SIZE); } static void __init check_image_bootable(void) diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c index 6944d9abee1e..63fd2b2a634a 100644 --- a/arch/s390/kernel/machine_kexec_file.c +++ b/arch/s390/kernel/machine_kexec_file.c @@ -224,7 +224,9 @@ void *kexec_file_add_components(struct kimage *image, int (*add_kernel)(struct kimage *image, struct s390_load_data *data)) { + unsigned long max_command_line_size = LEGACY_COMMAND_LINE_SIZE; struct s390_load_data data = {0}; + unsigned long minsize; int ret; data.report = ipl_report_init(&ipl_block); @@ -235,11 +237,23 @@ void *kexec_file_add_components(struct kimage *image, if (ret) goto out; - if (image->kernel_buf_len < PARMAREA + sizeof(struct parmarea) || - image->cmdline_buf_len >= ARCH_COMMAND_LINE_SIZE) { - ret = -EINVAL; + ret = -EINVAL; + minsize = PARMAREA + offsetof(struct parmarea, command_line); + if (image->kernel_buf_len < minsize) goto out; - } + + if (data.parm->max_command_line_size) + max_command_line_size = data.parm->max_command_line_size; + + if (minsize + max_command_line_size < minsize) + goto out; + + if (image->kernel_buf_len < minsize + max_command_line_size) + goto out; + + if (image->cmdline_buf_len >= max_command_line_size) + goto out; + memcpy(data.parm->command_line, image->cmdline_buf, image->cmdline_buf_len);