Received: by 10.223.185.116 with SMTP id b49csp3874760wrg;
        Mon, 26 Feb 2018 07:30:47 -0800 (PST)
X-Google-Smtp-Source: AH8x224tXRRRusS4fJ7UM8hFZiCR4smTrlTabpCVlGlFNq7RYrIfXEEsoyQrlaDHUzglwzBHyI1Z
X-Received: by 10.99.124.91 with SMTP id l27mr8557807pgn.298.1519659047013;
        Mon, 26 Feb 2018 07:30:47 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519659046; cv=none;
        d=google.com; s=arc-20160816;
        b=yNyYF3fsAaIL2AErFzzf+mjInDMWTPhBwNvp6oM6HcS7/aF2tRpl9kria/91iaCoxK
         uqB5ez2vixLIurM9Rn09ZriM0xwBQn5qPVAwtB5oynBPP9vw37AJ/yTJ9Eb4oloRtb9D
         R+fFkC5aXjv5WUsX3TdvDuuhXLi1JyYhdh0cP1IrFSPVNcSE8V/eUCPGhyGdyuSX2GAo
         HQ/Ruj282G156WMT8dmB2M+Liitf/faUhMkZl40iL1OS/LKTkFrcu1VGMrKZpRke96YD
         iTyz7+EkN0zlGGK65Eiq8zM4KWSgcHgTxqxYzk786XG+IJ+jgALnE+4TVerZXPjult6O
         ++yQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:references:in-reply-to:date
         :subject:cc:to:from:arc-authentication-results;
        bh=iG5XXA4luHPh/JBSKw/0EY9nUpD9CRsGIlJIUCapprs=;
        b=PvlBCU3kseQrnB6Rf2qQ6uK/0Hn8KIlMRXPtO56z12eGkPzOK9rid0V4DnafgWo/2J
         99XTF0JegJAC/vpHhbPD3zzfwSjodVNL9iB2SGvEySAdCOYMxJ1bbjcGpUA61OT1XsGf
         CMbrnpji2nSEfYrd7rdNr9beTaXQJqRo112hnTmMwySQ8DQBxEuyqmEcCDfs65TmhZgE
         Y0xUAfeJr2k4esOUdMJszBvRn5DaZREcObHQE3v9bfzlIRr3PzbJJb6n/3GWwmAIO+9C
         4PK5LP/dE326qSC251bDhlh9Gyp949RtVSZugx78ycWt4damKsHq6qZTuxrWzZu3977k
         I9hw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v7-v6si2096298plp.538.2018.02.26.07.30.32;
        Mon, 26 Feb 2018 07:30:46 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751959AbeBZP0v (ORCPT <rfc822;tnerolf.eriarrach@gmail.com>
        + 99 others); Mon, 26 Feb 2018 10:26:51 -0500
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:34784 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S1751574AbeBZP0s (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 26 Feb 2018 10:26:48 -0500
Received: from pps.filterd (m0098413.ppops.net [127.0.0.1])
        by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w1QFQ69Y132288
        for <linux-kernel@vger.kernel.org>; Mon, 26 Feb 2018 10:26:47 -0500
Received: from e06smtp14.uk.ibm.com (e06smtp14.uk.ibm.com [195.75.94.110])
        by mx0b-001b2d01.pphosted.com with ESMTP id 2gcjs6xgks-1
        (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Mon, 26 Feb 2018 10:26:46 -0500
Received: from localhost
        by e06smtp14.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <prudo@linux.vnet.ibm.com>;
        Mon, 26 Feb 2018 15:16:29 -0000
Received: from b06cxnps4074.portsmouth.uk.ibm.com (9.149.109.196)
        by e06smtp14.uk.ibm.com (192.168.101.144) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        Mon, 26 Feb 2018 15:16:25 -0000
Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59])
        by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w1QFGOGe44236888;
        Mon, 26 Feb 2018 15:16:24 GMT
Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 1BA1EA4040;
        Mon, 26 Feb 2018 15:09:30 +0000 (GMT)
Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id A1B25A4057;
        Mon, 26 Feb 2018 15:09:29 +0000 (GMT)
Received: from tuxmaker.boeblingen.de.ibm.com (unknown [9.152.85.9])
        by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTPS;
        Mon, 26 Feb 2018 15:09:29 +0000 (GMT)
From:   Philipp Rudo <prudo@linux.vnet.ibm.com>
To:     kexec@lists.infradead.org, linux-s390@vger.kernel.org
Cc:     linux-kernel@vger.kernel.org,
        Eric Biederman <ebiederm@xmission.com>,
        Vivek Goyal <vgoyal@redhat.com>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>,
        Martin Schwidefsky <schwidefsky@de.ibm.com>,
        Heiko Carstens <heiko.carstens@de.ibm.com>,
        Andrew Morton <akpm@linux-foundation.org>, x86@kernel.org,
        Dave Young <dyoung@redhat.com>,
        AKASHI Takahiro <takahiro.akashi@linaro.org>
Subject: [PATCH 02/11] kexec_file: Remove checks in kexec_purgatory_load
Date:   Mon, 26 Feb 2018 16:16:11 +0100
X-Mailer: git-send-email 2.13.5
In-Reply-To: <20180226151620.20970-1-prudo@linux.vnet.ibm.com>
References: <20180226151620.20970-1-prudo@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18022615-0016-0000-0000-00000529FF9A
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18022615-0017-0000-0000-0000286627E2
Message-Id: <20180226151620.20970-3-prudo@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-02-26_05:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=1
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1802260205
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Before the purgatory is loaded several checks are done whether the ELF file
in kexec_purgatory is valid or not. These checks are incomplete. For
example they don't check for the total size of the sections defined in the
section header table or if the entry point actually points into the
purgatory.

On the other hand the purgatory, although an ELF file on its own, is part
of the kernel. Thus not trusting the purgatory means not trusting the
kernel build itself.

So remove all validity checks on the purgatory and just trust the kernel
build.

Signed-off-by: Philipp Rudo <prudo@linux.vnet.ibm.com>
---
 kernel/kexec_file.c | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
index e5bcd94c1efb..0f044457b40c 100644
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -880,22 +880,8 @@ int kexec_load_purgatory(struct kimage *image, unsigned long min,
 	if (kexec_purgatory_size <= 0)
 		return -EINVAL;
 
-	if (kexec_purgatory_size < sizeof(Elf_Ehdr))
-		return -ENOEXEC;
-
 	pi->ehdr = (Elf_Ehdr *)kexec_purgatory;
 
-	if (memcmp(pi->ehdr->e_ident, ELFMAG, SELFMAG) != 0
-	    || pi->ehdr->e_type != ET_REL
-	    || !elf_check_arch(pi->ehdr)
-	    || pi->ehdr->e_shentsize != sizeof(Elf_Shdr))
-		return -ENOEXEC;
-
-	if (pi->ehdr->e_shoff >= kexec_purgatory_size
-	    || (pi->ehdr->e_shnum * sizeof(Elf_Shdr) >
-	    kexec_purgatory_size - pi->ehdr->e_shoff))
-		return -ENOEXEC;
-
 	ret = __kexec_load_purgatory(image, min, max, top_down);
 	if (ret)
 		return ret;
-- 
2.13.5