v5 release changes. Generally a rebase from v4.
* Modified OF changes to move the ugly code into the cmdline.h
* Minor compliation update in arm64. Added ifndef __ASSEMBLY__ in
a few places.
* Worked around arm64 kaslr_early.c.
This code needs some additional review and consideration.
It appears this code is missing the opposite option to nokaslr
which is kaslr.disabled=1/0 which would allow kaslr to be turn
back on later in the command line. For example,
console=ttyS0 nokaslr root=/dev/ram0 nosmp kaslr.disabled=0 loglevel=7
On arm64 in arch/arm64/kernel/idreg-override.c this is parsed correctly
to turn on kaslr, but the kaslr_early.c is missing this logic.
Doing this results in kaslr getting disabled with the following message,
KASLR disabled due to lack of seed
Even when there is a seed in the device tree.
So change to the generic command line would leave built in command
lines with nokaslr with no option to re-enable kaslr in in the bootloader
arguments.
Daniel Walker (8):
CMDLINE: add generic builtin command line
scripts: insert-sys-cert: add command line insert capability
scripts: insert-sys-cert: change name to insert-symbol
CMDLINE: mips: convert to generic builtin command line
drivers: firmware: efi: libstub: enable generic commandline
CMDLINE: x86: convert to generic builtin command line
of: replace command line handling
CMDLINE: arm64: convert to generic builtin command line
arch/arm64/Kconfig | 33 +--
arch/arm64/include/asm/setup.h | 4 +
arch/arm64/include/uapi/asm/setup.h | 2 +
arch/arm64/kernel/idreg-override.c | 9 +-
arch/arm64/kernel/pi/kaslr_early.c | 14 +-
arch/mips/Kconfig | 4 +-
arch/mips/Kconfig.debug | 44 ----
arch/mips/configs/ar7_defconfig | 9 +-
arch/mips/configs/bcm47xx_defconfig | 8 +-
arch/mips/configs/bcm63xx_defconfig | 15 +-
arch/mips/configs/bmips_be_defconfig | 11 +-
arch/mips/configs/bmips_stb_defconfig | 6 +-
arch/mips/configs/ci20_defconfig | 9 +-
arch/mips/configs/cu1000-neo_defconfig | 10 +-
arch/mips/configs/cu1830-neo_defconfig | 10 +-
arch/mips/configs/generic_defconfig | 6 +-
arch/mips/configs/gpr_defconfig | 18 +-
arch/mips/configs/loongson3_defconfig | 12 +-
arch/mips/include/asm/setup.h | 2 +
arch/mips/kernel/relocate.c | 17 +-
arch/mips/kernel/setup.c | 36 +--
arch/mips/pic32/pic32mzda/early_console.c | 2 +-
arch/mips/pic32/pic32mzda/init.c | 3 +-
arch/x86/Kconfig | 44 +---
arch/x86/kernel/setup.c | 18 +-
.../firmware/efi/libstub/efi-stub-helper.c | 29 +++
drivers/firmware/efi/libstub/efi-stub.c | 9 +
drivers/firmware/efi/libstub/efistub.h | 1 +
drivers/firmware/efi/libstub/x86-stub.c | 13 +-
drivers/of/fdt.c | 22 +-
include/linux/cmdline.h | 137 ++++++++++
init/Kconfig | 78 ++++++
lib/Kconfig | 4 +
lib/Makefile | 3 +
lib/generic_cmdline.S | 53 ++++
lib/test_cmdline1.c | 139 ++++++++++
scripts/Makefile | 2 +-
.../{insert-sys-cert.c => insert-symbol.c} | 243 ++++++++++++------
38 files changed, 724 insertions(+), 355 deletions(-)
create mode 100644 include/linux/cmdline.h
create mode 100644 lib/generic_cmdline.S
create mode 100644 lib/test_cmdline1.c
rename scripts/{insert-sys-cert.c => insert-symbol.c} (72%)
--
2.25.1
Since the tool is used to update the command line and/or
to update the certificates, I think it makes sense to
changes the name of this tool.
Update the name of the tool to better reflect it's new use.
Cc: [email protected]
Signed-off-by: Daniel Walker <[email protected]>
---
scripts/Makefile | 2 +-
scripts/{insert-sys-cert.c => insert-symbol.c} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename scripts/{insert-sys-cert.c => insert-symbol.c} (99%)
diff --git a/scripts/Makefile b/scripts/Makefile
index f084f08ed176..57a02ccce92c 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
@@ -9,7 +9,7 @@ hostprogs-always-$(BUILD_C_RECORDMCOUNT) += recordmcount
hostprogs-always-$(CONFIG_BUILDTIME_TABLE_SORT) += sorttable
hostprogs-always-$(CONFIG_ASN1) += asn1_compiler
hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file
-hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
+hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-symbol
HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include
HOSTLDLIBS_sorttable = -lpthread
diff --git a/scripts/insert-sys-cert.c b/scripts/insert-symbol.c
similarity index 99%
rename from scripts/insert-sys-cert.c
rename to scripts/insert-symbol.c
index 77d3306cfbfb..6866e3a84974 100644
--- a/scripts/insert-sys-cert.c
+++ b/scripts/insert-symbol.c
@@ -7,7 +7,7 @@
* This software may be used and distributed according to the terms
* of the GNU General Public License, incorporated herein by reference.
*
- * Usage: insert-sys-cert [-s <System.map> -b <vmlinux> -c <certfile>
+ * Usage: insert-symbol [-s <System.map> -b <vmlinux> -c <certfile>
*/
#define _GNU_SOURCE
--
2.25.1
This adds changes to the insert-sys-cert tool to allow updating
the cmdline_prepend and cmdline_append symbols in addition to
adding certificates.
Updating the cmdline symbols was tested on a PVH virtual machine
with a vmlinux, and with a bzImage which was repackaged on x86.
This commit intentionally keeps the tool filename the same to allow
the changes to be seen more easily. The next commit will change
the name of the tool.
Cc: [email protected]
Signed-off-by: Daniel Walker <[email protected]>
---
scripts/insert-sys-cert.c | 241 +++++++++++++++++++++++++++-----------
1 file changed, 170 insertions(+), 71 deletions(-)
diff --git a/scripts/insert-sys-cert.c b/scripts/insert-sys-cert.c
index 8902836c2342..77d3306cfbfb 100644
--- a/scripts/insert-sys-cert.c
+++ b/scripts/insert-sys-cert.c
@@ -30,6 +30,9 @@
#define USED_SYM "system_extra_cert_used"
#define LSIZE_SYM "system_certificate_list_size"
+#define CMDLINE_APPEND "cmdline_append"
+#define CMDLINE_PREPEND "cmdline_prepend"
+
#define info(format, args...) fprintf(stderr, "INFO: " format, ## args)
#define warn(format, args...) fprintf(stdout, "WARNING: " format, ## args)
#define err(format, args...) fprintf(stderr, "ERROR: " format, ## args)
@@ -267,95 +270,46 @@ static void print_sym(Elf_Ehdr *hdr, struct sym *s)
static void print_usage(char *e)
{
- printf("Usage %s [-s <System.map>] -b <vmlinux> -c <certfile>\n", e);
+ printf("Usage %s [-s <System.map>] -b <vmlinux> [ -c <certfile> | -p <command line prepend> | -a <command line append> ]-\n", e);
}
-int main(int argc, char **argv)
+static char *cmdline_prepend, *cmdline_append;
+static char *system_map_file;
+static char *cert_file;
+static char *cli_name;
+
+static int insert_certificate(Elf_Ehdr *hdr)
{
- char *system_map_file = NULL;
- char *vmlinux_file = NULL;
- char *cert_file = NULL;
- int vmlinux_size;
+ struct sym cert_sym, lsize_sym, used_sym;
+ Elf_Shdr *symtab = NULL;
+ unsigned long *lsize;
+ FILE *system_map;
int cert_size;
- Elf_Ehdr *hdr;
char *cert;
- FILE *system_map;
- unsigned long *lsize;
int *used;
- int opt;
- Elf_Shdr *symtab = NULL;
- struct sym cert_sym, lsize_sym, used_sym;
-
- while ((opt = getopt(argc, argv, "b:c:s:")) != -1) {
- switch (opt) {
- case 's':
- system_map_file = optarg;
- break;
- case 'b':
- vmlinux_file = optarg;
- break;
- case 'c':
- cert_file = optarg;
- break;
- default:
- break;
- }
- }
- if (!vmlinux_file || !cert_file) {
- print_usage(argv[0]);
- exit(EXIT_FAILURE);
+ if (!cert_file) {
+ print_usage(cli_name);
+ return EXIT_FAILURE;
}
cert = read_file(cert_file, &cert_size);
if (!cert)
- exit(EXIT_FAILURE);
-
- hdr = map_file(vmlinux_file, &vmlinux_size);
- if (!hdr)
- exit(EXIT_FAILURE);
-
- if (vmlinux_size < sizeof(*hdr)) {
- err("Invalid ELF file.\n");
- exit(EXIT_FAILURE);
- }
-
- if ((hdr->e_ident[EI_MAG0] != ELFMAG0) ||
- (hdr->e_ident[EI_MAG1] != ELFMAG1) ||
- (hdr->e_ident[EI_MAG2] != ELFMAG2) ||
- (hdr->e_ident[EI_MAG3] != ELFMAG3)) {
- err("Invalid ELF magic.\n");
- exit(EXIT_FAILURE);
- }
-
- if (hdr->e_ident[EI_CLASS] != CURRENT_ELFCLASS) {
- err("ELF class mismatch.\n");
- exit(EXIT_FAILURE);
- }
-
- if (hdr->e_ident[EI_DATA] != endianness()) {
- err("ELF endian mismatch.\n");
- exit(EXIT_FAILURE);
- }
-
- if (hdr->e_shoff > vmlinux_size) {
- err("Could not find section header.\n");
- exit(EXIT_FAILURE);
- }
+ return EXIT_FAILURE;
symtab = get_symbol_table(hdr);
if (!symtab) {
warn("Could not find the symbol table.\n");
if (!system_map_file) {
err("Please provide a System.map file.\n");
- print_usage(argv[0]);
- exit(EXIT_FAILURE);
+ print_usage(cli_name);
+ return EXIT_FAILURE;
}
system_map = fopen(system_map_file, "r");
if (!system_map) {
perror(system_map_file);
- exit(EXIT_FAILURE);
+ return EXIT_FAILURE;
}
get_symbol_from_map(hdr, system_map, CERT_SYM, &cert_sym);
get_symbol_from_map(hdr, system_map, USED_SYM, &used_sym);
@@ -371,7 +325,7 @@ int main(int argc, char **argv)
}
if (!cert_sym.offset || !lsize_sym.offset || !used_sym.offset)
- exit(EXIT_FAILURE);
+ return EXIT_FAILURE;
print_sym(hdr, &cert_sym);
print_sym(hdr, &used_sym);
@@ -382,14 +336,14 @@ int main(int argc, char **argv)
if (cert_sym.size < cert_size) {
err("Certificate is larger than the reserved area!\n");
- exit(EXIT_FAILURE);
+ return EXIT_FAILURE;
}
/* If the existing cert is the same, don't overwrite */
if (cert_size == *used &&
strncmp(cert_sym.content, cert, cert_size) == 0) {
warn("Certificate was already inserted.\n");
- exit(EXIT_SUCCESS);
+ return EXIT_SUCCESS;
}
if (*used > 0)
@@ -406,5 +360,150 @@ int main(int argc, char **argv)
cert_sym.address);
info("Used %d bytes out of %d bytes reserved.\n", *used,
cert_sym.size);
- exit(EXIT_SUCCESS);
+ return EXIT_SUCCESS;
+}
+
+static int insert_cmdline(Elf_Ehdr *hdr)
+{
+ struct sym cmdline_prepend_sym, cmdline_append_sym;
+ Elf_Shdr *symtab = NULL;
+ FILE *system_map;
+
+ symtab = get_symbol_table(hdr);
+ if (!symtab) {
+ warn("Could not find the symbol table.\n");
+ if (!system_map_file) {
+ err("Please provide a System.map file.\n");
+ print_usage(cli_name);
+ return EXIT_FAILURE;
+ }
+
+ system_map = fopen(system_map_file, "r");
+ if (!system_map) {
+ perror(system_map_file);
+ return EXIT_FAILURE;
+ }
+ get_symbol_from_map(hdr, system_map, CMDLINE_PREPEND, &cmdline_prepend_sym);
+ get_symbol_from_map(hdr, system_map, CMDLINE_APPEND, &cmdline_append_sym);
+ } else {
+ info("Symbol table found.\n");
+ if (system_map_file)
+ warn("System.map is ignored.\n");
+ get_symbol_from_table(hdr, symtab, CMDLINE_PREPEND, &cmdline_prepend_sym);
+ get_symbol_from_table(hdr, symtab, CMDLINE_APPEND, &cmdline_append_sym);
+ }
+
+ print_sym(hdr, &cmdline_prepend_sym);
+ print_sym(hdr, &cmdline_append_sym);
+
+
+ if (cmdline_prepend) {
+ if ((strlen(cmdline_prepend) + 1) > cmdline_prepend_sym.size) {
+ err("cmdline prepend is larger than the reserved area!\n");
+ return EXIT_FAILURE;
+ }
+
+ memcpy(cmdline_prepend_sym.content, cmdline_prepend, strlen(cmdline_prepend) + 1);
+ if ((strlen(cmdline_prepend) + 1) < cmdline_prepend_sym.size)
+ memset(cmdline_prepend_sym.content + strlen(cmdline_prepend) + 1,
+ 0, cmdline_prepend_sym.size - (strlen(cmdline_prepend) + 1));
+
+ info("Inserted cmdline prepend of \"%s\" into vmlinux.\n", cmdline_prepend);
+
+ }
+ if (cmdline_append) {
+ if ((strlen(cmdline_append) + 1) > cmdline_append_sym.size) {
+ err("cmdline append is larger than the reserved area!\n");
+ return EXIT_FAILURE;
+ }
+
+ memcpy(cmdline_append_sym.content, cmdline_append, strlen(cmdline_append) + 1);
+ if ((strlen(cmdline_append) + 1) < cmdline_append_sym.size)
+ memset(cmdline_append_sym.content + strlen(cmdline_append) + 1,
+ 0, cmdline_append_sym.size - (strlen(cmdline_append) + 1));
+
+ info("Inserted cmdline append of \"%s\" into vmlinux.\n", cmdline_append);
+
+ }
+ return EXIT_SUCCESS;
+}
+
+int main(int argc, char **argv)
+{
+ char *vmlinux_file = NULL;
+ int vmlinux_size;
+ Elf_Ehdr *hdr;
+ int opt;
+ int ret = EXIT_SUCCESS;
+
+ while ((opt = getopt(argc, argv, "b:c:s:p:a:")) != -1) {
+ switch (opt) {
+ case 's':
+ system_map_file = optarg;
+ break;
+ case 'b':
+ vmlinux_file = optarg;
+ break;
+ case 'c':
+ cert_file = optarg;
+ break;
+ case 'p':
+ cmdline_prepend = optarg;
+ break;
+ case 'a':
+ cmdline_append = optarg;
+ break;
+ default:
+ break;
+ }
+ }
+
+ cli_name = argv[0];
+
+ if (!vmlinux_file) {
+ print_usage(cli_name);
+ exit(EXIT_FAILURE);
+ }
+
+ hdr = map_file(vmlinux_file, &vmlinux_size);
+ if (!hdr)
+ exit(EXIT_FAILURE);
+
+ if (vmlinux_size < sizeof(*hdr)) {
+ err("Invalid ELF file.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if ((hdr->e_ident[EI_MAG0] != ELFMAG0) ||
+ (hdr->e_ident[EI_MAG1] != ELFMAG1) ||
+ (hdr->e_ident[EI_MAG2] != ELFMAG2) ||
+ (hdr->e_ident[EI_MAG3] != ELFMAG3)) {
+ err("Invalid ELF magic.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (hdr->e_ident[EI_CLASS] != CURRENT_ELFCLASS) {
+ err("ELF class mismatch.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (hdr->e_ident[EI_DATA] != endianness()) {
+ err("ELF endian mismatch.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (hdr->e_shoff > vmlinux_size) {
+ err("Could not find section header.\n");
+ exit(EXIT_FAILURE);
+ }
+
+ if (cert_file) {
+ ret = insert_certificate(hdr);
+ printf("%s\n", cert_file);
+ }
+
+ if (cmdline_append || cmdline_prepend)
+ ret = insert_cmdline(hdr);
+
+ exit(ret);
}
--
2.25.1
On 9/28/22 22:32, Daniel Walker wrote:
> v5 release changes. Generally a rebase from v4.
>
> * Modified OF changes to move the ugly code into the cmdline.h
>
> * Minor compliation update in arm64. Added ifndef __ASSEMBLY__ in
> a few places.
>
> * Worked around arm64 kaslr_early.c.
>
> This code needs some additional review and consideration.
> It appears this code is missing the opposite option to nokaslr
> which is kaslr.disabled=1/0 which would allow kaslr to be turn
> back on later in the command line. For example,
>
> console=ttyS0 nokaslr root=/dev/ram0 nosmp kaslr.disabled=0 loglevel=7
>
> On arm64 in arch/arm64/kernel/idreg-override.c this is parsed correctly
> to turn on kaslr, but the kaslr_early.c is missing this logic.
> Doing this results in kaslr getting disabled with the following message,
>
> KASLR disabled due to lack of seed
>
> Even when there is a seed in the device tree.
>
> So change to the generic command line would leave built in command
> lines with nokaslr with no option to re-enable kaslr in in the bootloader
> arguments.
>
>
> Daniel Walker (8):
> CMDLINE: add generic builtin command line
> scripts: insert-sys-cert: add command line insert capability
> scripts: insert-sys-cert: change name to insert-symbol
> CMDLINE: mips: convert to generic builtin command line
> drivers: firmware: efi: libstub: enable generic commandline
> CMDLINE: x86: convert to generic builtin command line
> of: replace command line handling
> CMDLINE: arm64: convert to generic builtin command line
>
> arch/arm64/Kconfig | 33 +--
> arch/arm64/include/asm/setup.h | 4 +
> arch/arm64/include/uapi/asm/setup.h | 2 +
> arch/arm64/kernel/idreg-override.c | 9 +-
> arch/arm64/kernel/pi/kaslr_early.c | 14 +-
> arch/mips/Kconfig | 4 +-
> arch/mips/Kconfig.debug | 44 ----
> arch/mips/configs/ar7_defconfig | 9 +-
> arch/mips/configs/bcm47xx_defconfig | 8 +-
> arch/mips/configs/bcm63xx_defconfig | 15 +-
> arch/mips/configs/bmips_be_defconfig | 11 +-
> arch/mips/configs/bmips_stb_defconfig | 6 +-
> arch/mips/configs/ci20_defconfig | 9 +-
> arch/mips/configs/cu1000-neo_defconfig | 10 +-
> arch/mips/configs/cu1830-neo_defconfig | 10 +-
> arch/mips/configs/generic_defconfig | 6 +-
> arch/mips/configs/gpr_defconfig | 18 +-
> arch/mips/configs/loongson3_defconfig | 12 +-
> arch/mips/include/asm/setup.h | 2 +
> arch/mips/kernel/relocate.c | 17 +-
> arch/mips/kernel/setup.c | 36 +--
> arch/mips/pic32/pic32mzda/early_console.c | 2 +-
> arch/mips/pic32/pic32mzda/init.c | 3 +-
> arch/x86/Kconfig | 44 +---
> arch/x86/kernel/setup.c | 18 +-
> .../firmware/efi/libstub/efi-stub-helper.c | 29 +++
> drivers/firmware/efi/libstub/efi-stub.c | 9 +
> drivers/firmware/efi/libstub/efistub.h | 1 +
> drivers/firmware/efi/libstub/x86-stub.c | 13 +-
> drivers/of/fdt.c | 22 +-
> include/linux/cmdline.h | 137 ++++++++++
> init/Kconfig | 78 ++++++
> lib/Kconfig | 4 +
> lib/Makefile | 3 +
> lib/generic_cmdline.S | 53 ++++
> lib/test_cmdline1.c | 139 ++++++++++
> scripts/Makefile | 2 +-
> .../{insert-sys-cert.c => insert-symbol.c} | 243 ++++++++++++------
> 38 files changed, 724 insertions(+), 355 deletions(-)
> create mode 100644 include/linux/cmdline.h
> create mode 100644 lib/generic_cmdline.S
> create mode 100644 lib/test_cmdline1.c
> rename scripts/{insert-sys-cert.c => insert-symbol.c} (72%)
>
For arm64:
Tested-by: Sean Anderson <[email protected]>
Thanks!
Le 10/11/2023 à 02:38, Daniel Walker a écrit :
> This adds changes to the insert-sys-cert tool to allow updating
> the cmdline_prepend and cmdline_append symbols in addition to
> adding certificates.
Nice feature.
>
> Updating the cmdline symbols was tested on a PVH virtual machine
> with a vmlinux, and with a bzImage which was repackaged on x86.
Can it also work with Uimages from uboot/ppc ?
>
> This commit intentionally keeps the tool filename the same to allow
> the changes to be seen more easily. The next commit will change
> the name of the tool.
Not sure what you mean.
If I understand correctly, git format-patch -M should do what you want.
>
> Cc: [email protected]
> Signed-off-by: Daniel Walker <[email protected]>
> ---
> scripts/insert-sys-cert.c | 241 +++++++++++++++++++++++++++-----------
> 1 file changed, 170 insertions(+), 71 deletions(-)
>
> diff --git a/scripts/insert-sys-cert.c b/scripts/insert-sys-cert.c
> index 8902836c2342..77d3306cfbfb 100644
> --- a/scripts/insert-sys-cert.c
> +++ b/scripts/insert-sys-cert.c
> @@ -30,6 +30,9 @@
> #define USED_SYM "system_extra_cert_used"
> #define LSIZE_SYM "system_certificate_list_size"
>
> +#define CMDLINE_APPEND "cmdline_append"
> +#define CMDLINE_PREPEND "cmdline_prepend"
> +
> #define info(format, args...) fprintf(stderr, "INFO: " format, ## args)
> #define warn(format, args...) fprintf(stdout, "WARNING: " format, ## args)
> #define err(format, args...) fprintf(stderr, "ERROR: " format, ## args)
> @@ -267,95 +270,46 @@ static void print_sym(Elf_Ehdr *hdr, struct sym *s)
>
> static void print_usage(char *e)
> {
> - printf("Usage %s [-s <System.map>] -b <vmlinux> -c <certfile>\n", e);
> + printf("Usage %s [-s <System.map>] -b <vmlinux> [ -c <certfile> | -p <command line prepend> | -a <command line append> ]-\n", e);
> }
>
> -int main(int argc, char **argv)
> +static char *cmdline_prepend, *cmdline_append;
> +static char *system_map_file;
> +static char *cert_file;
> +static char *cli_name;
> +
> +static int insert_certificate(Elf_Ehdr *hdr)
> {
> - char *system_map_file = NULL;
> - char *vmlinux_file = NULL;
> - char *cert_file = NULL;
> - int vmlinux_size;
> + struct sym cert_sym, lsize_sym, used_sym;
> + Elf_Shdr *symtab = NULL;
> + unsigned long *lsize;
> + FILE *system_map;
> int cert_size;
> - Elf_Ehdr *hdr;
> char *cert;
> - FILE *system_map;
> - unsigned long *lsize;
> int *used;
> - int opt;
> - Elf_Shdr *symtab = NULL;
> - struct sym cert_sym, lsize_sym, used_sym;
> -
> - while ((opt = getopt(argc, argv, "b:c:s:")) != -1) {
> - switch (opt) {
> - case 's':
> - system_map_file = optarg;
> - break;
> - case 'b':
> - vmlinux_file = optarg;
> - break;
> - case 'c':
> - cert_file = optarg;
> - break;
> - default:
> - break;
> - }
> - }
>
> - if (!vmlinux_file || !cert_file) {
> - print_usage(argv[0]);
> - exit(EXIT_FAILURE);
> + if (!cert_file) {
> + print_usage(cli_name);
> + return EXIT_FAILURE;
> }
>
> cert = read_file(cert_file, &cert_size);
> if (!cert)
> - exit(EXIT_FAILURE);
> -
> - hdr = map_file(vmlinux_file, &vmlinux_size);
> - if (!hdr)
> - exit(EXIT_FAILURE);
> -
> - if (vmlinux_size < sizeof(*hdr)) {
> - err("Invalid ELF file.\n");
> - exit(EXIT_FAILURE);
> - }
> -
> - if ((hdr->e_ident[EI_MAG0] != ELFMAG0) ||
> - (hdr->e_ident[EI_MAG1] != ELFMAG1) ||
> - (hdr->e_ident[EI_MAG2] != ELFMAG2) ||
> - (hdr->e_ident[EI_MAG3] != ELFMAG3)) {
> - err("Invalid ELF magic.\n");
> - exit(EXIT_FAILURE);
> - }
> -
> - if (hdr->e_ident[EI_CLASS] != CURRENT_ELFCLASS) {
> - err("ELF class mismatch.\n");
> - exit(EXIT_FAILURE);
> - }
> -
> - if (hdr->e_ident[EI_DATA] != endianness()) {
> - err("ELF endian mismatch.\n");
> - exit(EXIT_FAILURE);
> - }
> -
> - if (hdr->e_shoff > vmlinux_size) {
> - err("Could not find section header.\n");
> - exit(EXIT_FAILURE);
> - }
> + return EXIT_FAILURE;
>
> symtab = get_symbol_table(hdr);
> if (!symtab) {
> warn("Could not find the symbol table.\n");
> if (!system_map_file) {
> err("Please provide a System.map file.\n");
> - print_usage(argv[0]);
> - exit(EXIT_FAILURE);
> + print_usage(cli_name);
> + return EXIT_FAILURE;
> }
>
> system_map = fopen(system_map_file, "r");
> if (!system_map) {
> perror(system_map_file);
> - exit(EXIT_FAILURE);
> + return EXIT_FAILURE;
> }
> get_symbol_from_map(hdr, system_map, CERT_SYM, &cert_sym);
> get_symbol_from_map(hdr, system_map, USED_SYM, &used_sym);
> @@ -371,7 +325,7 @@ int main(int argc, char **argv)
> }
>
> if (!cert_sym.offset || !lsize_sym.offset || !used_sym.offset)
> - exit(EXIT_FAILURE);
> + return EXIT_FAILURE;
>
> print_sym(hdr, &cert_sym);
> print_sym(hdr, &used_sym);
> @@ -382,14 +336,14 @@ int main(int argc, char **argv)
>
> if (cert_sym.size < cert_size) {
> err("Certificate is larger than the reserved area!\n");
> - exit(EXIT_FAILURE);
> + return EXIT_FAILURE;
> }
>
> /* If the existing cert is the same, don't overwrite */
> if (cert_size == *used &&
> strncmp(cert_sym.content, cert, cert_size) == 0) {
> warn("Certificate was already inserted.\n");
> - exit(EXIT_SUCCESS);
> + return EXIT_SUCCESS;
> }
>
> if (*used > 0)
> @@ -406,5 +360,150 @@ int main(int argc, char **argv)
> cert_sym.address);
> info("Used %d bytes out of %d bytes reserved.\n", *used,
> cert_sym.size);
> - exit(EXIT_SUCCESS);
> + return EXIT_SUCCESS;
> +}
> +
> +static int insert_cmdline(Elf_Ehdr *hdr)
> +{
> + struct sym cmdline_prepend_sym, cmdline_append_sym;
> + Elf_Shdr *symtab = NULL;
> + FILE *system_map;
> +
> + symtab = get_symbol_table(hdr);
> + if (!symtab) {
> + warn("Could not find the symbol table.\n");
> + if (!system_map_file) {
> + err("Please provide a System.map file.\n");
> + print_usage(cli_name);
> + return EXIT_FAILURE;
> + }
> +
> + system_map = fopen(system_map_file, "r");
> + if (!system_map) {
> + perror(system_map_file);
> + return EXIT_FAILURE;
> + }
> + get_symbol_from_map(hdr, system_map, CMDLINE_PREPEND, &cmdline_prepend_sym);
> + get_symbol_from_map(hdr, system_map, CMDLINE_APPEND, &cmdline_append_sym);
> + } else {
> + info("Symbol table found.\n");
> + if (system_map_file)
> + warn("System.map is ignored.\n");
> + get_symbol_from_table(hdr, symtab, CMDLINE_PREPEND, &cmdline_prepend_sym);
> + get_symbol_from_table(hdr, symtab, CMDLINE_APPEND, &cmdline_append_sym);
> + }
> +
> + print_sym(hdr, &cmdline_prepend_sym);
> + print_sym(hdr, &cmdline_append_sym);
> +
> +
> + if (cmdline_prepend) {
> + if ((strlen(cmdline_prepend) + 1) > cmdline_prepend_sym.size) {
> + err("cmdline prepend is larger than the reserved area!\n");
> + return EXIT_FAILURE;
> + }
> +
> + memcpy(cmdline_prepend_sym.content, cmdline_prepend, strlen(cmdline_prepend) + 1);
> + if ((strlen(cmdline_prepend) + 1) < cmdline_prepend_sym.size)
> + memset(cmdline_prepend_sym.content + strlen(cmdline_prepend) + 1,
> + 0, cmdline_prepend_sym.size - (strlen(cmdline_prepend) + 1));
> +
> + info("Inserted cmdline prepend of \"%s\" into vmlinux.\n", cmdline_prepend);
> +
> + }
> + if (cmdline_append) {
> + if ((strlen(cmdline_append) + 1) > cmdline_append_sym.size) {
> + err("cmdline append is larger than the reserved area!\n");
> + return EXIT_FAILURE;
> + }
> +
> + memcpy(cmdline_append_sym.content, cmdline_append, strlen(cmdline_append) + 1);
> + if ((strlen(cmdline_append) + 1) < cmdline_append_sym.size)
> + memset(cmdline_append_sym.content + strlen(cmdline_append) + 1,
> + 0, cmdline_append_sym.size - (strlen(cmdline_append) + 1));
> +
> + info("Inserted cmdline append of \"%s\" into vmlinux.\n", cmdline_append);
> +
> + }
> + return EXIT_SUCCESS;
> +}
> +
> +int main(int argc, char **argv)
> +{
> + char *vmlinux_file = NULL;
> + int vmlinux_size;
> + Elf_Ehdr *hdr;
> + int opt;
> + int ret = EXIT_SUCCESS;
> +
> + while ((opt = getopt(argc, argv, "b:c:s:p:a:")) != -1) {
> + switch (opt) {
> + case 's':
> + system_map_file = optarg;
> + break;
> + case 'b':
> + vmlinux_file = optarg;
> + break;
> + case 'c':
> + cert_file = optarg;
> + break;
> + case 'p':
> + cmdline_prepend = optarg;
> + break;
> + case 'a':
> + cmdline_append = optarg;
> + break;
> + default:
> + break;
> + }
> + }
> +
> + cli_name = argv[0];
> +
> + if (!vmlinux_file) {
> + print_usage(cli_name);
> + exit(EXIT_FAILURE);
> + }
> +
> + hdr = map_file(vmlinux_file, &vmlinux_size);
> + if (!hdr)
> + exit(EXIT_FAILURE);
> +
> + if (vmlinux_size < sizeof(*hdr)) {
> + err("Invalid ELF file.\n");
> + exit(EXIT_FAILURE);
> + }
> +
> + if ((hdr->e_ident[EI_MAG0] != ELFMAG0) ||
> + (hdr->e_ident[EI_MAG1] != ELFMAG1) ||
> + (hdr->e_ident[EI_MAG2] != ELFMAG2) ||
> + (hdr->e_ident[EI_MAG3] != ELFMAG3)) {
> + err("Invalid ELF magic.\n");
> + exit(EXIT_FAILURE);
> + }
> +
> + if (hdr->e_ident[EI_CLASS] != CURRENT_ELFCLASS) {
> + err("ELF class mismatch.\n");
> + exit(EXIT_FAILURE);
> + }
> +
> + if (hdr->e_ident[EI_DATA] != endianness()) {
> + err("ELF endian mismatch.\n");
> + exit(EXIT_FAILURE);
> + }
> +
> + if (hdr->e_shoff > vmlinux_size) {
> + err("Could not find section header.\n");
> + exit(EXIT_FAILURE);
> + }
> +
> + if (cert_file) {
> + ret = insert_certificate(hdr);
> + printf("%s\n", cert_file);
> + }
> +
> + if (cmdline_append || cmdline_prepend)
> + ret = insert_cmdline(hdr);
> +
> + exit(ret);
> }
Le 10/11/2023 à 02:38, Daniel Walker a écrit :
> Since the tool is used to update the command line and/or
> to update the certificates, I think it makes sense to
> changes the name of this tool.
>
> Update the name of the tool to better reflect it's new use.
Should be squashed into previous patch.
>
> Cc: [email protected]
> Signed-off-by: Daniel Walker <[email protected]>
> ---
> scripts/Makefile | 2 +-
> scripts/{insert-sys-cert.c => insert-symbol.c} | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
> rename scripts/{insert-sys-cert.c => insert-symbol.c} (99%)
>
> diff --git a/scripts/Makefile b/scripts/Makefile
> index 576cf64be667..2d7618fa5d6b 100644
> --- a/scripts/Makefile
> +++ b/scripts/Makefile
> @@ -8,10 +8,10 @@ hostprogs-always-$(BUILD_C_RECORDMCOUNT) += recordmcount
> hostprogs-always-$(CONFIG_BUILDTIME_TABLE_SORT) += sorttable
> hostprogs-always-$(CONFIG_ASN1) += asn1_compiler
> hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file
> -hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert
> hostprogs-always-$(CONFIG_RUST_KERNEL_DOCTESTS) += rustdoc_test_builder
> hostprogs-always-$(CONFIG_RUST_KERNEL_DOCTESTS) += rustdoc_test_gen
> always-$(CONFIG_RUST) += target.json
> +hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-symbol
>
> filechk_rust_target = $< < include/config/auto.conf
>
> diff --git a/scripts/insert-sys-cert.c b/scripts/insert-symbol.c
> similarity index 99%
> rename from scripts/insert-sys-cert.c
> rename to scripts/insert-symbol.c
> index 77d3306cfbfb..6866e3a84974 100644
> --- a/scripts/insert-sys-cert.c
> +++ b/scripts/insert-symbol.c
> @@ -7,7 +7,7 @@
> * This software may be used and distributed according to the terms
> * of the GNU General Public License, incorporated herein by reference.
> *
> - * Usage: insert-sys-cert [-s <System.map> -b <vmlinux> -c <certfile>
> + * Usage: insert-symbol [-s <System.map> -b <vmlinux> -c <certfile>
> */
>
> #define _GNU_SOURCE