[PATCH 0/8] generic command line v5

[PATCH 0/8] generic command line v5

[Daniel Walker]

v5 release changes. Generally a rebase from v4.

* Modified OF changes to move the ugly code into the cmdline.h

* Minor compliation update in arm64. Added ifndef __ASSEMBLY__ in
  a few places.

* Worked around arm64 kaslr_early.c.

	This code needs some additional review and consideration. 
	It appears this code is missing the opposite option to nokaslr
	which is kaslr.disabled=1/0 which would allow kaslr to be turn
	back on later in the command line. For example,

	console=ttyS0 nokaslr root=/dev/ram0 nosmp kaslr.disabled=0 loglevel=7
	
	On arm64 in arch/arm64/kernel/idreg-override.c this is parsed correctly
	to turn on kaslr, but the kaslr_early.c is missing this logic.
	Doing this results in kaslr getting disabled with the following message,

	KASLR disabled due to lack of seed

	Even when there is a seed in the device tree.	

	So change to the generic command line would leave built in command
	lines with nokaslr with no option to re-enable kaslr in in the bootloader
	arguments.


Daniel Walker (8):
  CMDLINE: add generic builtin command line
  scripts: insert-sys-cert: add command line insert capability
  scripts: insert-sys-cert: change name to insert-symbol
  CMDLINE: mips: convert to generic builtin command line
  drivers: firmware: efi: libstub: enable generic commandline
  CMDLINE: x86: convert to generic builtin command line
  of: replace command line handling
  CMDLINE: arm64: convert to generic builtin command line

 arch/arm64/Kconfig                            |  33 +--
 arch/arm64/include/asm/setup.h                |   4 +
 arch/arm64/include/uapi/asm/setup.h           |   2 +
 arch/arm64/kernel/idreg-override.c            |   9 +-
 arch/arm64/kernel/pi/kaslr_early.c            |  14 +-
 arch/mips/Kconfig                             |   4 +-
 arch/mips/Kconfig.debug                       |  44 ----
 arch/mips/configs/ar7_defconfig               |   9 +-
 arch/mips/configs/bcm47xx_defconfig           |   8 +-
 arch/mips/configs/bcm63xx_defconfig           |  15 +-
 arch/mips/configs/bmips_be_defconfig          |  11 +-
 arch/mips/configs/bmips_stb_defconfig         |   6 +-
 arch/mips/configs/ci20_defconfig              |   9 +-
 arch/mips/configs/cu1000-neo_defconfig        |  10 +-
 arch/mips/configs/cu1830-neo_defconfig        |  10 +-
 arch/mips/configs/generic_defconfig           |   6 +-
 arch/mips/configs/gpr_defconfig               |  18 +-
 arch/mips/configs/loongson3_defconfig         |  12 +-
 arch/mips/include/asm/setup.h                 |   2 +
 arch/mips/kernel/relocate.c                   |  17 +-
 arch/mips/kernel/setup.c                      |  36 +--
 arch/mips/pic32/pic32mzda/early_console.c     |   2 +-
 arch/mips/pic32/pic32mzda/init.c              |   3 +-
 arch/x86/Kconfig                              |  44 +---
 arch/x86/kernel/setup.c                       |  18 +-
 .../firmware/efi/libstub/efi-stub-helper.c    |  29 +++
 drivers/firmware/efi/libstub/efi-stub.c       |   9 +
 drivers/firmware/efi/libstub/efistub.h        |   1 +
 drivers/firmware/efi/libstub/x86-stub.c       |  13 +-
 drivers/of/fdt.c                              |  22 +-
 include/linux/cmdline.h                       | 137 ++++++++++
 init/Kconfig                                  |  78 ++++++
 lib/Kconfig                                   |   4 +
 lib/Makefile                                  |   3 +
 lib/generic_cmdline.S                         |  53 ++++
 lib/test_cmdline1.c                           | 139 ++++++++++
 scripts/Makefile                              |   2 +-
 .../{insert-sys-cert.c => insert-symbol.c}    | 243 ++++++++++++------
 38 files changed, 724 insertions(+), 355 deletions(-)
 create mode 100644 include/linux/cmdline.h
 create mode 100644 lib/generic_cmdline.S
 create mode 100644 lib/test_cmdline1.c
 rename scripts/{insert-sys-cert.c => insert-symbol.c} (72%)

-- 
2.25.1

[PATCH 5/8] drivers: firmware: efi: libstub: enable generic commandline

[Daniel Walker]

This adds code to handle the generic command line changes.
The efi code appears that it doesn't benefit as much from this design
as it could.

For example, if you had a prepend command line with "nokaslr" then
you might be helpful to re-enable it in the boot loader or dts,
but there appears to be no way to re-enable kaslr or some of the
other options.

The efi command line handling is incorrect. x86 and arm have an append
system however the efi code prepends the command line.

For example, you could have a non-upgradable bios which sends

efi=disable_early_pci_dma

This hypothetically could have been set because early pci dma caused
issues on early versions of the product.

Then later the early pci dma was made to work and the company desired
to start using it. To override the bios you could set the CONFIG_CMDLINE
to,

efi=no_disable_early_pci_dma

then parsing would normally start with the bios command line, then move
to the CONFIG_CMDLINE and you would end up with early pci dma turned on.

however, current efi code keeps early pci dma off because the bios
arguments always override the built in.

Per my reading this is different from the main body of x86, arm, and
arm64.

The generic command line provides both append and prepend, so it
alleviates this issue if it's used. However not all architectures use
it.

It would be desirable to allow the efi stub to have it's builtin command
line to be modified after compile, but I don't see a feasible way to do
that currently.

Cc: xe-linux-external@cisco.com
Signed-off-by: Daniel Walker <danielwa@cisco.com>
---
 .../firmware/efi/libstub/efi-stub-helper.c    | 29 +++++++++++++++++++
 drivers/firmware/efi/libstub/efi-stub.c       |  9 ++++++
 drivers/firmware/efi/libstub/efistub.h        |  1 +
 drivers/firmware/efi/libstub/x86-stub.c       | 13 +++++++--
 4 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/drivers/firmware/efi/libstub/efi-stub-helper.c b/drivers/firmware/efi/libstub/efi-stub-helper.c
index 3d972061c1b0..372f06ec8c49 100644
--- a/drivers/firmware/efi/libstub/efi-stub-helper.c
+++ b/drivers/firmware/efi/libstub/efi-stub-helper.c
@@ -13,6 +13,7 @@
 #include <linux/efi.h>
 #include <linux/kernel.h>
 #include <linux/printk.h> /* For CONSOLE_LOGLEVEL_* */
+#include <linux/cmdline.h>
 #include <asm/efi.h>
 #include <asm/setup.h>
 
@@ -172,6 +173,34 @@ int efi_printk(const char *fmt, ...)
 	return printed;
 }
 
+/**
+ * efi_handle_cmdline() - handle adding in building parts of the command line
+ * @cmdline:	kernel command line
+ *
+ * Add in the generic parts of the commandline and start the parsing of the
+ * command line.
+ *
+ * Return:	status code
+ */
+efi_status_t efi_handle_cmdline(char const *cmdline)
+{
+	efi_status_t status = EFI_SUCCESS;
+
+	if (sizeof(CMDLINE_STATIC_PREPEND) > 1)
+		status |= efi_parse_options(CMDLINE_STATIC_PREPEND);
+
+	if (!IS_ENABLED(CONFIG_CMDLINE_OVERRIDE))
+		status |= efi_parse_options(cmdline);
+
+	if (sizeof(CMDLINE_STATIC_APPEND) > 1)
+		status |= efi_parse_options(CMDLINE_STATIC_APPEND);
+
+	if (status != EFI_SUCCESS)
+		efi_err("Failed to parse options\n");
+
+	return status;
+}
+
 /**
  * efi_parse_options() - Parse EFI command line options
  * @cmdline:	kernel command line
diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index f515394cce6e..ea52ebd99ea6 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -173,6 +173,14 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
 		goto fail;
 	}
 
+#ifdef CONFIG_GENERIC_CMDLINE
+	status = efi_handle_cmdline(cmdline_ptr);
+	if (status != EFI_SUCCESS) {
+		goto fail_free_cmdline;
+	}
+#endif
+
+#ifdef CONFIG_CMDLINE
 	if (IS_ENABLED(CONFIG_CMDLINE_EXTEND) ||
 	    IS_ENABLED(CONFIG_CMDLINE_FORCE) ||
 	    cmdline_size == 0) {
@@ -190,6 +198,7 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
 			goto fail_free_cmdline;
 		}
 	}
+#endif
 
 	efi_info("Booting Linux Kernel...\n");
 
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index b0ae0a454404..44c2e1194378 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -907,6 +907,7 @@ efi_status_t efi_relocate_kernel(unsigned long *image_addr,
 				 unsigned long alignment,
 				 unsigned long min_addr);
 
+efi_status_t efi_handle_cmdline(char const *cmdline);
 efi_status_t efi_parse_options(char const *cmdline);
 
 void efi_parse_option_graphics(char *option);
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index 7a7abc8959d2..87196bb9c3bb 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -783,6 +783,8 @@ unsigned long efi_main(efi_handle_t handle,
 	unsigned long buffer_start, buffer_end;
 	struct setup_header *hdr = &boot_params->hdr;
 	unsigned long addr, size;
+	unsigned long cmdline_paddr = ((u64)hdr->cmd_line_ptr |
+				       ((u64)boot_params->ext_cmd_line_ptr << 32));
 	efi_status_t status;
 
 	efi_system_table = sys_table_arg;
@@ -851,6 +853,14 @@ unsigned long efi_main(efi_handle_t handle,
 		image_offset = 0;
 	}
 
+#ifdef CONFIG_GENERIC_CMDLINE
+	status = efi_handle_cmdline((char *)cmdline_paddr);
+	if (status != EFI_SUCCESS) {
+		efi_err("Failed to parse options\n");
+		goto fail;
+	}
+#else /* CONFIG_GENERIC_CMDLINE */
+
 #ifdef CONFIG_CMDLINE_BOOL
 	status = efi_parse_options(CONFIG_CMDLINE);
 	if (status != EFI_SUCCESS) {
@@ -859,8 +869,6 @@ unsigned long efi_main(efi_handle_t handle,
 	}
 #endif
 	if (!IS_ENABLED(CONFIG_CMDLINE_OVERRIDE)) {
-		unsigned long cmdline_paddr = ((u64)hdr->cmd_line_ptr |
-					       ((u64)boot_params->ext_cmd_line_ptr << 32));
 		status = efi_parse_options((char *)cmdline_paddr);
 		if (status != EFI_SUCCESS) {
 			efi_err("Failed to parse options\n");
@@ -868,6 +876,7 @@ unsigned long efi_main(efi_handle_t handle,
 		}
 	}
 
+#endif
 	/*
 	 * At this point, an initrd may already have been loaded by the
 	 * bootloader and passed via bootparams. We permit an initrd loaded
-- 
2.25.1

Re: [PATCH 0/8] generic command line v5

[Sean Anderson]

On 9/28/22 22:32, Daniel Walker wrote:
> v5 release changes. Generally a rebase from v4.
> 
> * Modified OF changes to move the ugly code into the cmdline.h
> 
> * Minor compliation update in arm64. Added ifndef __ASSEMBLY__ in
>   a few places.
> 
> * Worked around arm64 kaslr_early.c.
> 
> 	This code needs some additional review and consideration. 
> 	It appears this code is missing the opposite option to nokaslr
> 	which is kaslr.disabled=1/0 which would allow kaslr to be turn
> 	back on later in the command line. For example,
> 
> 	console=ttyS0 nokaslr root=/dev/ram0 nosmp kaslr.disabled=0 loglevel=7
> 	
> 	On arm64 in arch/arm64/kernel/idreg-override.c this is parsed correctly
> 	to turn on kaslr, but the kaslr_early.c is missing this logic.
> 	Doing this results in kaslr getting disabled with the following message,
> 
> 	KASLR disabled due to lack of seed
> 
> 	Even when there is a seed in the device tree.	
> 
> 	So change to the generic command line would leave built in command
> 	lines with nokaslr with no option to re-enable kaslr in in the bootloader
> 	arguments.
> 
> 
> Daniel Walker (8):
>   CMDLINE: add generic builtin command line
>   scripts: insert-sys-cert: add command line insert capability
>   scripts: insert-sys-cert: change name to insert-symbol
>   CMDLINE: mips: convert to generic builtin command line
>   drivers: firmware: efi: libstub: enable generic commandline
>   CMDLINE: x86: convert to generic builtin command line
>   of: replace command line handling
>   CMDLINE: arm64: convert to generic builtin command line
> 
>  arch/arm64/Kconfig                            |  33 +--
>  arch/arm64/include/asm/setup.h                |   4 +
>  arch/arm64/include/uapi/asm/setup.h           |   2 +
>  arch/arm64/kernel/idreg-override.c            |   9 +-
>  arch/arm64/kernel/pi/kaslr_early.c            |  14 +-
>  arch/mips/Kconfig                             |   4 +-
>  arch/mips/Kconfig.debug                       |  44 ----
>  arch/mips/configs/ar7_defconfig               |   9 +-
>  arch/mips/configs/bcm47xx_defconfig           |   8 +-
>  arch/mips/configs/bcm63xx_defconfig           |  15 +-
>  arch/mips/configs/bmips_be_defconfig          |  11 +-
>  arch/mips/configs/bmips_stb_defconfig         |   6 +-
>  arch/mips/configs/ci20_defconfig              |   9 +-
>  arch/mips/configs/cu1000-neo_defconfig        |  10 +-
>  arch/mips/configs/cu1830-neo_defconfig        |  10 +-
>  arch/mips/configs/generic_defconfig           |   6 +-
>  arch/mips/configs/gpr_defconfig               |  18 +-
>  arch/mips/configs/loongson3_defconfig         |  12 +-
>  arch/mips/include/asm/setup.h                 |   2 +
>  arch/mips/kernel/relocate.c                   |  17 +-
>  arch/mips/kernel/setup.c                      |  36 +--
>  arch/mips/pic32/pic32mzda/early_console.c     |   2 +-
>  arch/mips/pic32/pic32mzda/init.c              |   3 +-
>  arch/x86/Kconfig                              |  44 +---
>  arch/x86/kernel/setup.c                       |  18 +-
>  .../firmware/efi/libstub/efi-stub-helper.c    |  29 +++
>  drivers/firmware/efi/libstub/efi-stub.c       |   9 +
>  drivers/firmware/efi/libstub/efistub.h        |   1 +
>  drivers/firmware/efi/libstub/x86-stub.c       |  13 +-
>  drivers/of/fdt.c                              |  22 +-
>  include/linux/cmdline.h                       | 137 ++++++++++
>  init/Kconfig                                  |  78 ++++++
>  lib/Kconfig                                   |   4 +
>  lib/Makefile                                  |   3 +
>  lib/generic_cmdline.S                         |  53 ++++
>  lib/test_cmdline1.c                           | 139 ++++++++++
>  scripts/Makefile                              |   2 +-
>  .../{insert-sys-cert.c => insert-symbol.c}    | 243 ++++++++++++------
>  38 files changed, 724 insertions(+), 355 deletions(-)
>  create mode 100644 include/linux/cmdline.h
>  create mode 100644 lib/generic_cmdline.S
>  create mode 100644 lib/test_cmdline1.c
>  rename scripts/{insert-sys-cert.c => insert-symbol.c} (72%)
> 

For arm64:

Tested-by: Sean Anderson <sean.anderson@seco.com>

Thanks!