gen_init_cpio: avoid stack overflow when expanding commit 20f1de659b77364d55d4e7fad2ef657e7730323f upstream. Fix possible overflow of the buffer used for expanding environment variables when building file list. In the extremely unlikely case of an attacker having control over the environment variables visible to gen_init_cpio, control over the contents of the file gen_init_cpio parses, and gen_init_cpio was built without compiler hardening, the attacker can gain arbitrary execution control via a stack buffer overflow. $ cat usr/crash.list file foo ${BIG}${BIG}${BIG}${BIG}${BIG}${BIG} 0755 0 0 $ BIG=$(perl -e 'print "A" x 4096;') ./usr/gen_init_cpio usr/crash.list *** buffer overflow detected ***: ./usr/gen_init_cpio terminated This also replaces the space-indenting with tabs. Patch based on existing fix extracted from grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Michal Marek <mmarek@suse.cz> Cc: Brad Spengler <spender@grsecurity.net> Cc: PaX Team <pageexec@freemail.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
initramfs: Use KBUILD_BUILD_TIMESTAMP for generated entries gen_init_cpio gets the current time and uses it for each symlink, special file, and directory. Grab the current time once and make it possible to override it with the KBUILD_BUILD_TIMESTAMP variable for reproducible builds. Signed-off-by: Michal Marek <mmarek@suse.cz>
kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT The meaning of CONFIG_EMBEDDED has long since been obsoleted; the option is used to configure any non-standard kernel with a much larger scope than only small devices. This patch renames the option to CONFIG_EXPERT in init/Kconfig and fixes references to the option throughout the kernel. A new CONFIG_EMBEDDED option is added that automatically selects CONFIG_EXPERT when enabled and can be used in the future to isolate options that should only be considered for embedded systems (RISC architectures, SLOB, etc). Calling the option "EXPERT" more accurately represents its intention: only expert users who understand the impact of the configuration changes they are making should enable it. Reviewed-by: Ingo Molnar <mingo@elte.hu> Acked-by: David Woodhouse <david.woodhouse@intel.com> Signed-off-by: David Rientjes <rientjes@google.com> Cc: Greg KH <gregkh@suse.de> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jens Axboe <axboe@kernel.dk> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Robin Holt <holt@sgi.com> Cc: <linux-arch@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
decompressors: add boot-time XZ support This implements the API defined in <linux/decompress/generic.h> which is used for kernel, initramfs, and initrd decompression. This patch together with the first patch is enough for XZ-compressed initramfs and initrd; XZ-compressed kernel will need arch-specific changes. The buffering requirements described in decompress_unxz.c are stricter than with gzip, so the relevant changes should be done to the arch-specific code when adding support for XZ-compressed kernel. Similarly, the heap size in arch-specific pre-boot code may need to be increased (30 KiB is enough). The XZ decompressor needs memmove(), memeq() (memcmp() == 0), and memzero() (memset(ptr, 0, size)), which aren't available in all arch-specific pre-boot environments. I'm including simple versions in decompress_unxz.c, but a cleaner solution would naturally be nicer. Signed-off-by: Lasse Collin <lasse.collin@tukaani.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Alain Knaff <alain@knaff.lu> Cc: Albin Tonnerre <albin.tonnerre@free-electrons.com> Cc: Phillip Lougher <phillip@lougher.demon.co.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge branch 'kbuild' of git://git./linux/kernel/git/mmarek/kbuild-2.6 * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6: mkuboot.sh: Fail if mkimage is missing gen_init_cpio: checkpatch fixes gen_init_cpio: Avoid race between call to stat() and call to open() modpost: Fix address calculation in reloc_location() Make fixdep error handling more explicit checksyscalls: Fix stand-alone usage modpost: Put .zdebug* section on white list kbuild: fix interaction of CONFIG_IKCONFIG and KCONFIG_CONFIG kbuild: export linux/{a.out,kvm,kvm_para}.h on headers_install_all kbuild: introduce HDR_ARCH_LIST for headers_install_all headers_install: check exit status of unifdef gen_init_cpio: remove leading `/' from file names scripts/genksyms: fix header usage fixdep: use hash table instead of a single array
gen_init_cpio: Avoid race between call to stat() and call to open() In usr/gen_init_cpio.c::cpio_mkfile() a call to stat() is made based on pathname, subsequently the file is open()'ed and then the value of the initial stat() call is used to allocate a buffer. This is not safe since the file may change between the call to stat() and the call to open(). Safer to just open() the file and then do fstat() using the filedescriptor returned by open. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Acked-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Michal Marek <mmarek@suse.cz>
gen_init_cpio: remove leading `/' from file names When we extracted the generated cpio archive using "cpio -id" command, it complained, cpio: Removing leading `/' from member names var/run cpio: Removing leading `/' from member names var/lib cpio: Removing leading `/' from member names var/lib/misc It is worse with the latest "cpio" or "pax", which tries to overwrite the host file system with the leading '/'. So the leading '/' of file names should be removed. This is consistent with the initramfs come with major distributions such as Fedora or Debian, etc. Signed-off-by: Thomas Chou <thomas@wytron.com.tw> Acked-by: Mike Frysinger<vapier@gentoo.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
initramfs: Really fix build break on symbol-prefixed archs Define the __initramfs_size variable using VMLINUX_SYMBOL() to take care of symbol-prefixed architectures, for example, blackfin. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Cc: Mike Frysinger <vapier.adi@gmail.com> Cc: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>, Cc: Michal Marek <mmarek@suse.cz> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> [mmarek: leave out Makefile change, since d63f6d1 already takes care of the SYMBOL_PREFIX define] Signed-off-by: Michal Marek <mmarek@suse.cz>
initramfs: Fix initramfs size for 32-bit arches Commit ffe8018c3424 ("initramfs: fix initramfs size calculation") broke 32-bit big-endian arches like (on ARAnyM): VFS: Cannot open root device "hda1" or unknown-block(3,1) Please append a correct "root=" boot option; here are the available partitions: fe80 1059408 nfhd8 (driver?) fe81 921600 nfhd8p1 00000000-0000-0000-0000-000000000nfhd8p1 fe82 137807 nfhd8p2 00000000-0000-0000-0000-000000000nfhd8p2 0200 3280 fd0 (driver?) 0201 3280 fd1 (driver?) 0300 1059408 hda driver: ide-gd 0301 921600 hda1 00000000-0000-0000-0000-000000000hda1 0302 137807 hda2 00000000-0000-0000-0000-000000000hda2 Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(3,1) As pointed out by Kerstin Jonsson <kerstin.jonsson@ericsson.com>, this is due to CONFIG_32BIT not being defined, so the initramfs size field is done as a 64-bit quad. On little-endian (like x86) this doesn matter, but on a big-endian machine the 32-bit reads will see the (zero) high bits. Only mips, s390, and score set CONFIG_32BIT for 32-bit builds, so fix it for all other 32-bit arches by inverting the logic and testing for CONFIG_64BIT, which should be defined on all 64-bit arches. Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> [ I think we should just make it "u64" on all architectures and get rid of the whole #ifdef CONFIG_xxBIT - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge branch 'kbuild' of git://git./linux/kernel/git/mmarek/kbuild-2.6 * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6: initramfs: Fix build break on symbol-prefixed archs initramfs: fix initramfs size calculation initramfs: generalize initramfs_data.xxx.S variants scripts/kallsyms: Enable error messages while hush up unnecessary warnings scripts/setlocalversion: update comment kbuild: Use a single clean rule for kernel and external modules kbuild: Do not run make clean in $(srctree) scripts/mod/modpost.c: fix commentary accordingly to last changes kbuild: Really don't clean bounds.h and asm-offsets.h
initramfs: fix initramfs size calculation The size of a built-in initramfs is calculated in init/initramfs.c by "__initramfs_end - __initramfs_start". Those symbols are defined in the linker script include/asm-generic/vmlinux.lds.h: #define INIT_RAM_FS \ . = ALIGN(PAGE_SIZE); \ VMLINUX_SYMBOL(__initramfs_start) = .; \ *(.init.ramfs) \ VMLINUX_SYMBOL(__initramfs_end) = .; If the initramfs file has an odd number of bytes, the "__initramfs_end" symbol points to an odd address, for example, the symbols in the System.map might look like: 0000000000572000 T __initramfs_start 00000000005bcd05 T __initramfs_end <-- odd address At least on s390 this causes a problem: Certain s390 instructions, especially instructions for loading addresses (larl) or branch addresses must be on even addresses. The compiler loads the symbol addresses with the "larl" instruction. This instruction sets the last bit to 0 and, therefore, for odd size files, the calculated size is one byte less than it should be: 0000000000540a9c <populate_rootfs>: 540a9c: eb cf f0 78 00 24 stmg %r12,%r15,120(%r15), 540aa2: c0 10 00 01 8a af larl %r1,572000 <__initramfs_start> 540aa8: c0 c0 00 03 e1 2e larl %r12,5bcd04 <initramfs_end> (Instead of 5bcd05) ... 540abe: 1b c1 sr %r12,%r1 To fix the problem, this patch introduces the global variable __initramfs_size, which is calculated in the "usr/initramfs_data.S" file. The populate_rootfs() function can then use the start marker of the .init.ramfs section and the value of __initramfs_size for loading the initramfs. Because the start marker and size is sufficient, the __initramfs_end symbol is no longer needed and is removed. Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com> Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Reviewed-by: WANG Cong <xiyou.wangcong@gmail.com> Acked-by: Michal Marek <mmarek@suse.cz> Acked-by: "H. Peter Anvin" <hpa@zytor.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
initramfs: generalize initramfs_data.xxx.S variants Remove initramfs_data.{lzo,lzma,gz,bz2}.S variants and use a common implementation in initramfs_data.S. The common implementation expects the file name of the initramfs to be defined in INITRAMFS_IMAGE. Change the Makefile to set the INITRAMFS_IMAGE define symbol according to the selected compression method. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Cc: WANG Cong <xiyou.wangcong@gmail.com> Acked-by: Michal Marek <mmarek@suse.cz> Acked-by: "H. Peter Anvin" <hpa@zytor.com> Cc: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
initramfs: add support for in-kernel initramfs compressed with LZO Add the necessary parts to be enable the use of LZO-compressed initramfs build into the kernel. Signed-off-by: Albin Tonnerre <albin.tonnerre@free-electrons.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Add LZO compression support for initramfs and old-style initrd Signed-off-by: Albin Tonnerre <albin.tonnerre@free-electrons.com> Tested-by: Wu Zhangjin <wuzhangjin@gmail.com> Acked-by: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Tested-by: Russell King <rmk@arm.linux.org.uk> Acked-by: Russell King <rmk@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
gen_init_cpio: fixed fwrite warning On compilers with security warnings enabled by default, we get: usr/gen_init_cpio.c: In function ‘cpio_mkfile’: usr/gen_init_cpio.c:357: warning: ignoring return value of ‘fwrite’, declared with attribute warn_unused_result So check the return value and handle errors accordingly. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
Merge git://git./linux/kernel/git/sam/kbuild-next * git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-next: (30 commits) Use macros for .data.page_aligned section. Use macros for .bss.page_aligned section. Use new __init_task_data macro in arch init_task.c files. kbuild: Don't define ALIGN and ENTRY when preprocessing linker scripts. arm, cris, mips, sparc, powerpc, um, xtensa: fix build with bash 4.0 kbuild: add static to prototypes kbuild: fail build if recordmcount.pl fails kbuild: set -fconserve-stack option for gcc 4.5 kbuild: echo the record_mcount command gconfig: disable "typeahead find" search in treeviews kbuild: fix cc1 options check to ensure we do not use -fPIC when compiling checkincludes.pl: add option to remove duplicates in place markup_oops: use modinfo to avoid confusion with underscored module names checkincludes.pl: provide usage helper checkincludes.pl: close file as soon as we're done with it ctags: usability fix kernel hacking: move STRIP_ASM_SYMS from General gitignore usr/initramfs_data.cpio.bz2 and usr/initramfs_data.cpio.lzma kbuild: Check if linker supports the -X option kbuild: introduce ld-option ... Fix trivial conflict in scripts/basic/fixdep.c