LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Philipp Rudo <prudo@linux.vnet.ibm.com>
To: kexec@lists.infradead.org, linux-s390@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	Eric Biederman <ebiederm@xmission.com>,
	Vivek Goyal <vgoyal@redhat.com>,
	Michael Ellerman <mpe@ellerman.id.au>,
	Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>,
	Martin Schwidefsky <schwidefsky@de.ibm.com>,
	Heiko Carstens <heiko.carstens@de.ibm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	x86@kernel.org, Dave Young <dyoung@redhat.com>,
	AKASHI Takahiro <takahiro.akashi@linaro.org>,
	Ingo Molnar <mingo@kernel.org>
Subject: [PATCH v2 02/11] kexec_file: Remove checks in kexec_purgatory_load
Date: Wed, 21 Mar 2018 12:27:42 +0100	[thread overview]
Message-ID: <20180321112751.22196-3-prudo@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180321112751.22196-1-prudo@linux.vnet.ibm.com>

Before the purgatory is loaded several checks are done whether the ELF file
in kexec_purgatory is valid or not. These checks are incomplete. For
example they don't check for the total size of the sections defined in the
section header table or if the entry point actually points into the
purgatory.

On the other hand the purgatory, although an ELF file on its own, is part
of the kernel. Thus not trusting the purgatory means not trusting the
kernel build itself.

So remove all validity checks on the purgatory and just trust the kernel
build.

Signed-off-by: Philipp Rudo <prudo@linux.vnet.ibm.com>
---
 kernel/kexec_file.c | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index e5bcd94c1efb..0f044457b40c 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -880,22 +880,8 @@ int kexec_load_purgatory(struct kimage *image, unsigned long min,
 	if (kexec_purgatory_size <= 0)
 		return -EINVAL;
 
-	if (kexec_purgatory_size < sizeof(Elf_Ehdr))
-		return -ENOEXEC;
-
 	pi->ehdr = (Elf_Ehdr *)kexec_purgatory;
 
-	if (memcmp(pi->ehdr->e_ident, ELFMAG, SELFMAG) != 0
-	    || pi->ehdr->e_type != ET_REL
-	    || !elf_check_arch(pi->ehdr)
-	    || pi->ehdr->e_shentsize != sizeof(Elf_Shdr))
-		return -ENOEXEC;
-
-	if (pi->ehdr->e_shoff >= kexec_purgatory_size
-	    || (pi->ehdr->e_shnum * sizeof(Elf_Shdr) >
-	    kexec_purgatory_size - pi->ehdr->e_shoff))
-		return -ENOEXEC;
-
 	ret = __kexec_load_purgatory(image, min, max, top_down);
 	if (ret)
 		return ret;
-- 
2.13.5

  parent reply	other threads:[~2018-03-21 11:30 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-21 11:27 [PATCH v2 00/11] kexec_file: Clean up purgatory load Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 01/11] kexec_file: Silence compile warnings Philipp Rudo
2018-03-21 11:27 ` Philipp Rudo [this message]
2018-03-21 11:27 ` [PATCH v2 03/11] kexec_file: Make purgatory_info->ehdr const Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 04/11] kexec_file: Search symbols in read-only kexec_purgatory Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 05/11] kexec_file: Use read-only sections in arch_kexec_apply_relocations* Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 06/11] kexec_file: Split up __kexec_load_puragory Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 07/11] kexec_file: Remove unneeded for-loop in kexec_purgatory_setup_sechdrs Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 08/11] kexec_file: Remove unneeded variables " Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 09/11] kexec_file: Remove mis-use of sh_offset field during purgatory load Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 10/11] kexec_file: Allow archs to set purgatory load address Philipp Rudo
2018-03-21 11:27 ` [PATCH v2 11/11] kexec_file: Move purgatories sha256 to common code Philipp Rudo
2018-03-21 23:00 ` [PATCH v2 00/11] kexec_file: Clean up purgatory load Andrew Morton
2018-03-23  9:41   ` Philipp Rudo
2018-04-10  6:59     ` Dave Young
2018-03-23  1:03 ` Dave Young

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180321112751.22196-3-prudo@linux.vnet.ibm.com \
    --to=prudo@linux.vnet.ibm.com \
    --cc=akpm@linux-foundation.org \
    --cc=bauerman@linux.vnet.ibm.com \
    --cc=dyoung@redhat.com \
    --cc=ebiederm@xmission.com \
    --cc=heiko.carstens@de.ibm.com \
    --cc=kexec@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-s390@vger.kernel.org \
    --cc=mingo@kernel.org \
    --cc=mpe@ellerman.id.au \
    --cc=schwidefsky@de.ibm.com \
    --cc=takahiro.akashi@linaro.org \
    --cc=vgoyal@redhat.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).