diff options
| author | Markus Stockhausen | 2024-08-25 17:22:28 +0000 |
|---|---|---|
| committer | Sander Vanheule | 2024-09-14 18:08:57 +0000 |
| commit | dc9fca1fd19a31af4a0e3f1e3c93306ce4bca8b0 (patch) | |
| tree | 79315cdc83c75ab9d82ff2a752f8dd0dce498ed5 | |
| parent | 9f8570b0ddc4304cdfa3a1407640b9ae8392c719 (diff) | |
| download | openwrt-dc9fca1fd19a31af4a0e3f1e3c93306ce4bca8b0.tar.gz | |
realtek: 6.6: harden fw_init_cmdline()
Some devices (e.g. HP JG924A) hand over other than expected kernel boot
arguments. Looking at these one can see:
fw_init_cmdline: fw_arg0=00020000
fw_init_cmdline: fw_arg1=00060000
fw_init_cmdline: fw_arg2=fffdffff
fw_init_cmdline: fw_arg3=0000416c
Especially fw_arg2 should be the pointer to the environment and it looks
very suspicous. It is not aligned and the address is outside KSEG0 and
KSEG1. Booting the device will result in a hang. Do better at verifying
the address.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
Suggested-by: Bjørn Mork <bjorn@mork.no>
| -rw-r--r-- | target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch b/target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch new file mode 100644 index 0000000000..d45932b977 --- /dev/null +++ b/target/linux/realtek/patches-6.6/320-harden-fw_init_cmdline.patch @@ -0,0 +1,38 @@ +From e813f48461b8011244b3e7dfe118cf94fd595f0d Mon Sep 17 00:00:00 2001 +From: Markus Stockhausen <markus.stockhausen@gmx.de> +Date: Sun, 25 Aug 2024 13:09:48 -0400 +Subject: [PATCH] realtek: harden fw_init_cmdline() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Some devices (e.g. HP JG924A) hand over other than expected kernel boot +arguments. Looking at these one can see: + +fw_init_cmdline: fw_arg0=00020000 +fw_init_cmdline: fw_arg1=00060000 +fw_init_cmdline: fw_arg2=fffdffff +fw_init_cmdline: fw_arg3=0000416c + +Especially fw_arg2 should be the pointer to the environment and it looks +very suspicous. It is not aligned and the address is outside KSEG0 and +KSEG1. Booting the device will result in a hang. Do better at verifying +the address. + +Signed-off-by: Bjørn Mork <bjorn@mork.no> +Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de> +--- + arch/mips/fw/lib/cmdline.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/fw/lib/cmdline.c ++++ b/arch/mips/fw/lib/cmdline.c +@@ -31,7 +31,7 @@ void __init fw_init_cmdline(void) + } + + /* Validate environment pointer. */ +- if (fw_arg2 < CKSEG0) ++ if (fw_arg2 < CKSEG0 || fw_arg2 >= CKSEG2) + _fw_envp = NULL; + else + _fw_envp = (int *)fw_arg2; |