在2024年8月24日八月 下午3:41,Bjørn Mork写道:
Boards based on the same SoC family can use different boot loaders. These may pass numeric arguments which we erroneously interpret as command line or environment pointers. Such errors will cause boot to halt at an early stage since commit 056a68cea01e ("mips: allow firmware to pass RNG seed to kernel").
One known example of this issue is a HPE switch using a BootWare boot loader. It was found to pass these arguments to the kernel:
0x00020000 0x00060000 0xfffdffff 0x0000416c
We can avoid hanging by validating that both passed pointers are in KSEG1 as expected.
Hi Bjorn,
This is actually breaking 64 bit systems passing fw_args in XKPHYS or KSEG0.
Maybe something like:
static inline bool valid_fw_arg(unsigned long arg) { #ifdef CONFIG_64BIT if (arg >= XKPHYS && arg < XKSEG) return TRUE; #endif return arg >= CKSEG0 && arg < CKSSEG; }
Will be more robust.
Thanks - Jiaxun
Cc: stable@vger.kernel.org Fixes: 14aecdd41921 ("MIPS: FW: Add environment variable processing.") Signed-off-by: Bjørn Mork bjorn@mork.no
arch/mips/fw/lib/cmdline.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/mips/fw/lib/cmdline.c b/arch/mips/fw/lib/cmdline.c index 892765b742bb..51238c4f9455 100644 --- a/arch/mips/fw/lib/cmdline.c +++ b/arch/mips/fw/lib/cmdline.c @@ -22,7 +22,7 @@ void __init fw_init_cmdline(void) int i;
/* Validate command line parameters. */
- if ((fw_arg0 >= CKSEG0) || (fw_arg1 < CKSEG0)) {
- if (fw_arg0 >= CKSEG0 || fw_arg1 < CKSEG0 || fw_arg1 >= CKSEG2) { fw_argc = 0; _fw_argv = NULL; } else {
@@ -31,7 +31,7 @@ void __init fw_init_cmdline(void) }
/* Validate environment pointer. */
- if (fw_arg2 < CKSEG0)
- if (fw_arg2 < CKSEG0 || fw_arg2 >= CKSEG2) _fw_envp = NULL; else _fw_envp = (int *)fw_arg2;
-- 2.39.2