From: Philipp Rudo <prudo@linux.vnet.ibm.com>
To: kexec@lists.infradead.org, linux-s390@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
Eric Biederman <ebiederm@xmission.com>,
Vivek Goyal <vgoyal@redhat.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
x86@kernel.org, Dave Young <dyoung@redhat.com>,
AKASHI Takahiro <takahiro.akashi@linaro.org>,
Ingo Molnar <mingo@kernel.org>
Subject: [PATCH v2 02/11] kexec_file: Remove checks in kexec_purgatory_load
Date: Wed, 21 Mar 2018 12:27:42 +0100
Message-ID: <20180321112751.22196-3-prudo@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180321112751.22196-1-prudo@linux.vnet.ibm.com>
Before the purgatory is loaded several checks are done whether the ELF file
in kexec_purgatory is valid or not. These checks are incomplete. For
example they don't check for the total size of the sections defined in the
section header table or if the entry point actually points into the
purgatory.
On the other hand the purgatory, although an ELF file on its own, is part
of the kernel. Thus not trusting the purgatory means not trusting the
kernel build itself.
So remove all validity checks on the purgatory and just trust the kernel
build.
Signed-off-by: Philipp Rudo <prudo@linux.vnet.ibm.com>
---
kernel/kexec_file.c | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index e5bcd94c1efb..0f044457b40c 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -880,22 +880,8 @@ int kexec_load_purgatory(struct kimage *image, unsigned long min,
if (kexec_purgatory_size <= 0)
return -EINVAL;
- if (kexec_purgatory_size < sizeof(Elf_Ehdr))
- return -ENOEXEC;
-
pi->ehdr = (Elf_Ehdr *)kexec_purgatory;
- if (memcmp(pi->ehdr->e_ident, ELFMAG, SELFMAG) != 0
- || pi->ehdr->e_type != ET_REL
- || !elf_check_arch(pi->ehdr)
- || pi->ehdr->e_shentsize != sizeof(Elf_Shdr))
- return -ENOEXEC;
-
- if (pi->ehdr->e_shoff >= kexec_purgatory_size
- || (pi->ehdr->e_shnum * sizeof(Elf_Shdr) >
- kexec_purgatory_size - pi->ehdr->e_shoff))
- return -ENOEXEC;
-
ret = __kexec_load_purgatory(image, min, max, top_down);
if (ret)
return ret;
--
2.13.5
next prev parent reply index
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-21 11:27 [PATCH v2 00/11] kexec_file: Clean up purgatory load Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 01/11] kexec_file: Silence compile warnings Philipp Rudo
2018-03-21 11:27 ` Philipp Rudo [this message]
2018-03-21 11:27 ` [PATCH v2 03/11] kexec_file: Make purgatory_info->ehdr const Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 04/11] kexec_file: Search symbols in read-only kexec_purgatory Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 05/11] kexec_file: Use read-only sections in arch_kexec_apply_relocations* Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 06/11] kexec_file: Split up __kexec_load_puragory Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 07/11] kexec_file: Remove unneeded for-loop in kexec_purgatory_setup_sechdrs Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 08/11] kexec_file: Remove unneeded variables " Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 09/11] kexec_file: Remove mis-use of sh_offset field during purgatory load Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 10/11] kexec_file: Allow archs to set purgatory load address Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 11/11] kexec_file: Move purgatories sha256 to common code Philipp Rudo
2018-03-21 23:00 ` [PATCH v2 00/11] kexec_file: Clean up purgatory load Andrew Morton
2018-03-23 9:41 ` Philipp Rudo
2018-04-10 6:59 ` Dave Young
2018-03-23 1:03 ` Dave Young
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180321112751.22196-3-prudo@linux.vnet.ibm.com \
--to=prudo@linux.vnet.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=bauerman@linux.vnet.ibm.com \
--cc=dyoung@redhat.com \
--cc=ebiederm@xmission.com \
--cc=heiko.carstens@de.ibm.com \
--cc=kexec@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=mpe@ellerman.id.au \
--cc=schwidefsky@de.ibm.com \
--cc=takahiro.akashi@linaro.org \
--cc=vgoyal@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-S390 Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-s390/0 linux-s390/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-s390 linux-s390/ https://lore.kernel.org/linux-s390 \
linux-s390@vger.kernel.org
public-inbox-index linux-s390
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-s390
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git