Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp913180pxb; Wed, 6 Apr 2022 04:06:27 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwyVcn4G9S1+PIdBKutVH5w2sImxhM8xqV37J3lFoZHI8SBeXxxl+o8Q7oZdyTQ4M46YZi1 X-Received: by 2002:a17:90b:4f86:b0:1c9:b52d:9713 with SMTP id qe6-20020a17090b4f8600b001c9b52d9713mr9224314pjb.98.1649243186997; Wed, 06 Apr 2022 04:06:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649243186; cv=none; d=google.com; s=arc-20160816; b=axKiElfUhydoK5z/qgq0pBP7gGi6gN4aehGaI7qwpkO50+cUa9iCV5+rExwUwiFtZX V0dmyKHXq+a+LwwaUmOjrAHVJLJEbFCiN9ngoJyjEGI98ksUeOnEJRMulTKyXyhWwUZ9 08vv8vPVleMQiiEgUj7R+5IQzh+Fgqbin+CqGSrNIK3FIX5JjVu14lw1j7mc/51OIe38 7IxNXQI2Rwc3gtlwz3uj8Ym66wiukiLpLayOUcQjxTgs35Xx+k7Kd57rswKHZVN1/Hup L9ghl3hjPMBFh74tHv3VtE7E5me1WzChcWbNi10fK+uDH2ThSCs56XRzkBwNmZoJFmKX sufQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=EeeKl1u8V97EQ6HIiwt+fDOQH9KAoTwi2Qb7vg7e3z4=; b=zjlh8tNCVI/G1Y5PDwuyI9Hhm5Jz9IfTxwkFVYEtOnnEXfKExFw4CsCNJs1iKHWB5g Ktqa8gYYUZ0ZR3xyYSJIn/x6kQBuaFTQt49xfGkHcCfYZUGop+bC4uUmQpUGssckRzOf pY9gQbWOerWu6sABOVx6xHFk7iCwq3e3PCkFnVx5gC+2BAA5Q0W5UwUxHuCvUFKoaxXY jfKcaYkvaD1lIXuNrS1GGTtsZYwyuK1ju06zr/kdj9CM8iInS0U/aGR+1K41mvu1HFXl X5c40OFHlXFHexCabdxcx0/7hNrWoA0nFyU3f79BN7iYtftWQfpQE4rrU+i7s8WLZiax d6GQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xpslcnrk; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id j29-20020a637a5d000000b003816043eef3si15934132pgn.232.2022.04.06.04.06.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Apr 2022 04:06:26 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=xpslcnrk; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id E12125C279E; Wed, 6 Apr 2022 02:28:20 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1839322AbiDFA7D (ORCPT + 99 others); Tue, 5 Apr 2022 20:59:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46234 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348675AbiDEKsF (ORCPT ); Tue, 5 Apr 2022 06:48:05 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59A0F63BF0; Tue, 5 Apr 2022 03:27:20 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E3FC3B81B18; Tue, 5 Apr 2022 10:27:18 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 527A1C385A0; Tue, 5 Apr 2022 10:27:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1649154437; bh=izMv/LMDq16sbMxK8dWa52dHpvXUUl3PEqt/CPB1xl4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xpslcnrkn5jN71mI9tgTGudtnm1dzUnK1+bRFc4a1204DUVbZx/9U39Q8Tci4h8+p UM3F7BwKL2oyl1PwbCO/FUAD1Bp4jqDGS9hWdBPpeF8/URn7jbxlhlXw2jWF2LYcny f/gQHogbQiym2fWAMenOAq7kbPXP9izHz8qNXLiY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Randy Dunlap , Igor Zhbanov , Chris von Recklinghausen , Kees Cook , Andrew Morton , Linus Torvalds Subject: [PATCH 5.10 579/599] mm/usercopy: return 1 from hardened_usercopy __setup() handler Date: Tue, 5 Apr 2022 09:34:33 +0200 Message-Id: <20220405070316.073093929@linuxfoundation.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220405070258.802373272@linuxfoundation.org> References: <20220405070258.802373272@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Randy Dunlap commit 05fe3c103f7e6b8b4fca8a7001dfc9ed4628085b upstream. __setup() handlers should return 1 if the command line option is handled and 0 if not (or maybe never return 0; it just pollutes init's environment). This prevents: Unknown kernel command line parameters \ "BOOT_IMAGE=/boot/bzImage-517rc5 hardened_usercopy=off", will be \ passed to user space. Run /sbin/init as init process with arguments: /sbin/init with environment: HOME=/ TERM=linux BOOT_IMAGE=/boot/bzImage-517rc5 hardened_usercopy=off or hardened_usercopy=on but when "hardened_usercopy=foo" is used, there is no Unknown kernel command line parameter. Return 1 to indicate that the boot option has been handled. Print a warning if strtobool() returns an error on the option string, but do not mark this as in unknown command line option and do not cause init's environment to be polluted with this string. Link: https://lkml.kernel.org/r/20220222034249.14795-1-rdunlap@infradead.org Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru Fixes: b5cb15d9372ab ("usercopy: Allow boot cmdline disabling of hardening") Signed-off-by: Randy Dunlap Reported-by: Igor Zhbanov Acked-by: Chris von Recklinghausen Cc: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/usercopy.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/mm/usercopy.c +++ b/mm/usercopy.c @@ -294,7 +294,10 @@ static bool enable_checks __initdata = t static int __init parse_hardened_usercopy(char *str) { - return strtobool(str, &enable_checks); + if (strtobool(str, &enable_checks)) + pr_warn("Invalid option string for hardened_usercopy: '%s'\n", + str); + return 1; } __setup("hardened_usercopy=", parse_hardened_usercopy);