"Maciej W. Rozycki" macro@orcam.me.uk writes:
Even those that do use the function have a choice to override the default handler by setting CONFIG_HAVE_PLAT_FW_INIT_CMDLINE. Perhaps it's what you need to do for your platform too.
Considered that, but this problem isn't directly platform-related, is it? Many of the firmware implementations are multi-platform. And they support many of the same platforms.
My concrete eample showed up on the "realtek" (rtl838x and rtl93xx SoCs) platform in OpenWrt, where a large number of boards from assorted vendors are currently supported. The current implementation works fine for most of them because they using U-Boot. But it failed in what I consider the ugliest way possible (no ooops, no error message, just hanging) on the boards from HPE because they use Bootware.
FWIW, there is also a vendor using BootBase for pretty much the same hardware. But that's still unsupported in OpenWrt for various reasons.
So yes, this could be worked around by having a platform specific fw_init_cmdline(). Or even another out-of-tree OpenWrt specific patch. But whatever the solution is, it can't drop the U-Boot support since most of the boards actually use U-Boot. Which is why I believe it's much better to solve this problem at the root, for the benefit of everyone else.
But of course, if necessary it would be possible to build X kernels with dfferent fw_init_cmdline() implementations to support the same hardware booted from X different boot firmwares.
It's clear to me that this mess has to be cleaned up. Not all kinds of firmware permit the setting of arbitrary environment variables (or ones that survive a reboot) though.
Yes. And I believe it can be solved by improving the pointer validation that's already there. All we need is to reject argument values passed by other firmwares.
But it's probably better to create an inline valid_fw_arg(() or similar function as proposed by Jiaxun, allowing the XKPHYS range too on 64 bit systems.
If necessary we can improve further by adding an alignment requirement, which was a proposal that came up in the OpenWrt discussions.
Another option is to connect the validation of all 4 arguments. There is for example no reason to interpret the Bootware fw_arg2 value as an enviroment pointer after we've already rejected fw_arg1 as cmdline.
It's also possible to validate command line argument pointers and environment variable pointers (except for alignment, I guess?), refusing anything which ends ut pointing outsde KSEG1 or XKPHYS.
How complicated you want this is all a matter of taste IMHO. I tried to make this a simple solution matching the current "forgiving" implementation.
Another improvement would be a pr_info() dumping the fw_argX values. It would make it possible to understand why the code is hanging when the firmware does something unexpected. I don't think pr_debug() helps much in this particular case.
Bjørn