[openwrt/openwrt] realtek: 6.6: harden fw_init_cmdline()

LEDE Commits lede-commits at lists.infradead.org
Sat Sep 14 12:30:37 PDT 2024 

svanheule pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/dc9fca1fd19a31af4a0e3f1e3c93306ce4bca8b0

commit dc9fca1fd19a31af4a0e3f1e3c93306ce4bca8b0
Author: Markus Stockhausen <markus.stockhausen at gmx.de>
AuthorDate: Sun Aug 25 13:22:28 2024 -0400

    realtek: 6.6: harden fw_init_cmdline()
    
    Some devices (e.g. HP JG924A) hand over other than expected kernel boot
    arguments. Looking at these one can see:
    
    fw_init_cmdline: fw_arg0=00020000
    fw_init_cmdline: fw_arg1=00060000
    fw_init_cmdline: fw_arg2=fffdffff
    fw_init_cmdline: fw_arg3=0000416c
    
    Especially fw_arg2 should be the pointer to the environment and it looks
    very suspicous. It is not aligned and the address is outside KSEG0 and
    KSEG1. Booting the device will result in a hang. Do better at verifying
    the address.
    
    Signed-off-by: Markus Stockhausen <markus.stockhausen at gmx.de>
    Suggested-by: Bjørn Mork <bjorn at mork.no>
---
 .../patches-6.6/320-harden-fw_init_cmdline.patch   | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch b/target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch
new file mode 100644
index 0000000000..d45932b977
--- /dev/null
+++ b/target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch
@@ -0,0 +1,38 @@
+From e813f48461b8011244b3e7dfe118cf94fd595f0d Mon Sep 17 00:00:00 2001
+From: Markus Stockhausen <markus.stockhausen at gmx.de>
+Date: Sun, 25 Aug 2024 13:09:48 -0400
+Subject: [PATCH] realtek: harden fw_init_cmdline()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some devices (e.g. HP JG924A) hand over other than expected kernel boot
+arguments. Looking at these one can see:
+
+fw_init_cmdline: fw_arg0=00020000
+fw_init_cmdline: fw_arg1=00060000
+fw_init_cmdline: fw_arg2=fffdffff
+fw_init_cmdline: fw_arg3=0000416c
+
+Especially fw_arg2 should be the pointer to the environment and it looks
+very suspicous. It is not aligned and the address is outside KSEG0 and
+KSEG1. Booting the device will result in a hang. Do better at verifying
+the address.
+
+Signed-off-by: Bjørn Mork <bjorn at mork.no>
+Signed-off-by: Markus Stockhausen <markus.stockhausen at gmx.de>
+---
+ arch/mips/fw/lib/cmdline.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/fw/lib/cmdline.c
++++ b/arch/mips/fw/lib/cmdline.c
+@@ -31,7 +31,7 @@ void __init fw_init_cmdline(void)
+ 	}
+ 
+ 	/* Validate environment pointer. */
+-	if (fw_arg2 < CKSEG0)
++	if (fw_arg2 < CKSEG0 || fw_arg2 >= CKSEG2)
+ 		_fw_envp = NULL;
+ 	else
+ 		_fw_envp = (int *)fw_arg2;

More information about the lede-commits mailing list