linuxppc-dev.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
From: Daniel Walker <danielwa@cisco.com>
To: Will Deacon <will@kernel.org>,
	Christophe Leroy <christophe.leroy@csgroup.eu>,
	Rob Herring <robh@kernel.org>,
	Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>,
	Andrew Morton <akpm@linux-foundation.org>,
	Pratyush Brahma <quic_pbrahma@quicinc.com>,
	Tomas Mudrunka <tomas.mudrunka@gmail.com>,
	Sean Anderson <sean.anderson@seco.com>,
	x86@kernel.org, linux-mips@vger.kernel.org,
	linuxppc-dev@lists.ozlabs.org
Cc: linux-kernel@vger.kernel.org, xe-linux-external@cisco.com
Subject: [PATCH 2/8] scripts: insert-sys-cert: add command line insert capability
Date: Thu,  9 Nov 2023 17:38:06 -0800	[thread overview]
Message-ID: <20231110013817.2378507-3-danielwa@cisco.com> (raw)
In-Reply-To: <20231110013817.2378507-1-danielwa@cisco.com>

This adds changes to the insert-sys-cert tool to allow updating
the cmdline_prepend and cmdline_append symbols in addition to
adding certificates.

Updating the cmdline symbols was tested on a PVH virtual machine
with a vmlinux, and with a bzImage which was repackaged on x86.

This commit intentionally keeps the tool filename the same to allow
the changes to be seen more easily. The next commit will change
the name of the tool.

Cc: xe-linux-external@cisco.com
Signed-off-by: Daniel Walker <danielwa@cisco.com>
---
 scripts/insert-sys-cert.c | 241 +++++++++++++++++++++++++++-----------
 1 file changed, 170 insertions(+), 71 deletions(-)

diff --git a/scripts/insert-sys-cert.c b/scripts/insert-sys-cert.c
index 8902836c2342..77d3306cfbfb 100644
--- a/scripts/insert-sys-cert.c
+++ b/scripts/insert-sys-cert.c
@@ -30,6 +30,9 @@
 #define USED_SYM  "system_extra_cert_used"
 #define LSIZE_SYM "system_certificate_list_size"
 
+#define CMDLINE_APPEND "cmdline_append"
+#define CMDLINE_PREPEND "cmdline_prepend"
+
 #define info(format, args...) fprintf(stderr, "INFO:    " format, ## args)
 #define warn(format, args...) fprintf(stdout, "WARNING: " format, ## args)
 #define  err(format, args...) fprintf(stderr, "ERROR:   " format, ## args)
@@ -267,95 +270,46 @@ static void print_sym(Elf_Ehdr *hdr, struct sym *s)
 
 static void print_usage(char *e)
 {
-	printf("Usage %s [-s <System.map>] -b <vmlinux> -c <certfile>\n", e);
+	printf("Usage %s [-s <System.map>] -b <vmlinux> [ -c <certfile> | -p <command line prepend> | -a <command line append> ]-\n", e);
 }
 
-int main(int argc, char **argv)
+static char *cmdline_prepend, *cmdline_append;
+static char *system_map_file;
+static char *cert_file;
+static char *cli_name;
+
+static int insert_certificate(Elf_Ehdr *hdr)
 {
-	char *system_map_file = NULL;
-	char *vmlinux_file = NULL;
-	char *cert_file = NULL;
-	int vmlinux_size;
+	struct sym cert_sym, lsize_sym, used_sym;
+	Elf_Shdr *symtab = NULL;
+	unsigned long *lsize;
+	FILE *system_map;
 	int cert_size;
-	Elf_Ehdr *hdr;
 	char *cert;
-	FILE *system_map;
-	unsigned long *lsize;
 	int *used;
-	int opt;
-	Elf_Shdr *symtab = NULL;
-	struct sym cert_sym, lsize_sym, used_sym;
-
-	while ((opt = getopt(argc, argv, "b:c:s:")) != -1) {
-		switch (opt) {
-		case 's':
-			system_map_file = optarg;
-			break;
-		case 'b':
-			vmlinux_file = optarg;
-			break;
-		case 'c':
-			cert_file = optarg;
-			break;
-		default:
-			break;
-		}
-	}
 
-	if (!vmlinux_file || !cert_file) {
-		print_usage(argv[0]);
-		exit(EXIT_FAILURE);
+	if (!cert_file) {
+		print_usage(cli_name);
+		return EXIT_FAILURE;
 	}
 
 	cert = read_file(cert_file, &cert_size);
 	if (!cert)
-		exit(EXIT_FAILURE);
-
-	hdr = map_file(vmlinux_file, &vmlinux_size);
-	if (!hdr)
-		exit(EXIT_FAILURE);
-
-	if (vmlinux_size < sizeof(*hdr)) {
-		err("Invalid ELF file.\n");
-		exit(EXIT_FAILURE);
-	}
-
-	if ((hdr->e_ident[EI_MAG0] != ELFMAG0) ||
-	    (hdr->e_ident[EI_MAG1] != ELFMAG1) ||
-	    (hdr->e_ident[EI_MAG2] != ELFMAG2) ||
-	    (hdr->e_ident[EI_MAG3] != ELFMAG3)) {
-		err("Invalid ELF magic.\n");
-		exit(EXIT_FAILURE);
-	}
-
-	if (hdr->e_ident[EI_CLASS] != CURRENT_ELFCLASS) {
-		err("ELF class mismatch.\n");
-		exit(EXIT_FAILURE);
-	}
-
-	if (hdr->e_ident[EI_DATA] != endianness()) {
-		err("ELF endian mismatch.\n");
-		exit(EXIT_FAILURE);
-	}
-
-	if (hdr->e_shoff > vmlinux_size) {
-		err("Could not find section header.\n");
-		exit(EXIT_FAILURE);
-	}
+		return EXIT_FAILURE;
 
 	symtab = get_symbol_table(hdr);
 	if (!symtab) {
 		warn("Could not find the symbol table.\n");
 		if (!system_map_file) {
 			err("Please provide a System.map file.\n");
-			print_usage(argv[0]);
-			exit(EXIT_FAILURE);
+			print_usage(cli_name);
+			return EXIT_FAILURE;
 		}
 
 		system_map = fopen(system_map_file, "r");
 		if (!system_map) {
 			perror(system_map_file);
-			exit(EXIT_FAILURE);
+			return EXIT_FAILURE;
 		}
 		get_symbol_from_map(hdr, system_map, CERT_SYM, &cert_sym);
 		get_symbol_from_map(hdr, system_map, USED_SYM, &used_sym);
@@ -371,7 +325,7 @@ int main(int argc, char **argv)
 	}
 
 	if (!cert_sym.offset || !lsize_sym.offset || !used_sym.offset)
-		exit(EXIT_FAILURE);
+		return EXIT_FAILURE;
 
 	print_sym(hdr, &cert_sym);
 	print_sym(hdr, &used_sym);
@@ -382,14 +336,14 @@ int main(int argc, char **argv)
 
 	if (cert_sym.size < cert_size) {
 		err("Certificate is larger than the reserved area!\n");
-		exit(EXIT_FAILURE);
+		return EXIT_FAILURE;
 	}
 
 	/* If the existing cert is the same, don't overwrite */
 	if (cert_size == *used &&
 	    strncmp(cert_sym.content, cert, cert_size) == 0) {
 		warn("Certificate was already inserted.\n");
-		exit(EXIT_SUCCESS);
+		return EXIT_SUCCESS;
 	}
 
 	if (*used > 0)
@@ -406,5 +360,150 @@ int main(int argc, char **argv)
 						cert_sym.address);
 	info("Used %d bytes out of %d bytes reserved.\n", *used,
 						 cert_sym.size);
-	exit(EXIT_SUCCESS);
+	return EXIT_SUCCESS;
+}
+
+static int insert_cmdline(Elf_Ehdr *hdr)
+{
+	struct sym cmdline_prepend_sym, cmdline_append_sym;
+	Elf_Shdr *symtab = NULL;
+	FILE *system_map;
+
+	symtab = get_symbol_table(hdr);
+	if (!symtab) {
+		warn("Could not find the symbol table.\n");
+		if (!system_map_file) {
+			err("Please provide a System.map file.\n");
+			print_usage(cli_name);
+			return EXIT_FAILURE;
+		}
+
+		system_map = fopen(system_map_file, "r");
+		if (!system_map) {
+			perror(system_map_file);
+			return EXIT_FAILURE;
+		}
+		get_symbol_from_map(hdr, system_map, CMDLINE_PREPEND, &cmdline_prepend_sym);
+		get_symbol_from_map(hdr, system_map, CMDLINE_APPEND, &cmdline_append_sym);
+	} else {
+		info("Symbol table found.\n");
+		if (system_map_file)
+			warn("System.map is ignored.\n");
+		get_symbol_from_table(hdr, symtab, CMDLINE_PREPEND, &cmdline_prepend_sym);
+		get_symbol_from_table(hdr, symtab, CMDLINE_APPEND, &cmdline_append_sym);
+	}
+
+	print_sym(hdr, &cmdline_prepend_sym);
+	print_sym(hdr, &cmdline_append_sym);
+
+
+	if (cmdline_prepend) {
+		if ((strlen(cmdline_prepend) + 1) > cmdline_prepend_sym.size) {
+			err("cmdline prepend is larger than the reserved area!\n");
+			return EXIT_FAILURE;
+		}
+
+		memcpy(cmdline_prepend_sym.content, cmdline_prepend, strlen(cmdline_prepend) + 1);
+		if ((strlen(cmdline_prepend) + 1) < cmdline_prepend_sym.size)
+			memset(cmdline_prepend_sym.content + strlen(cmdline_prepend) + 1,
+				0, cmdline_prepend_sym.size - (strlen(cmdline_prepend) + 1));
+
+		info("Inserted cmdline prepend of \"%s\" into vmlinux.\n", cmdline_prepend);
+
+	}
+	if (cmdline_append) {
+		if ((strlen(cmdline_append) + 1) > cmdline_append_sym.size) {
+			err("cmdline append is larger than the reserved area!\n");
+			return EXIT_FAILURE;
+		}
+
+		memcpy(cmdline_append_sym.content, cmdline_append, strlen(cmdline_append) + 1);
+		if ((strlen(cmdline_append) + 1) < cmdline_append_sym.size)
+			memset(cmdline_append_sym.content + strlen(cmdline_append) + 1,
+				0, cmdline_append_sym.size - (strlen(cmdline_append) + 1));
+
+		info("Inserted cmdline append of \"%s\" into vmlinux.\n", cmdline_append);
+
+	}
+	return EXIT_SUCCESS;
+}
+
+int main(int argc, char **argv)
+{
+	char *vmlinux_file = NULL;
+	int vmlinux_size;
+	Elf_Ehdr *hdr;
+	int opt;
+	int ret = EXIT_SUCCESS;
+
+	while ((opt = getopt(argc, argv, "b:c:s:p:a:")) != -1) {
+		switch (opt) {
+		case 's':
+			system_map_file = optarg;
+			break;
+		case 'b':
+			vmlinux_file = optarg;
+			break;
+		case 'c':
+			cert_file = optarg;
+			break;
+		case 'p':
+			cmdline_prepend = optarg;
+			break;
+		case 'a':
+			cmdline_append = optarg;
+			break;
+		default:
+			break;
+		}
+	}
+
+	cli_name = argv[0];
+
+	if (!vmlinux_file) {
+		print_usage(cli_name);
+		exit(EXIT_FAILURE);
+	}
+
+	hdr = map_file(vmlinux_file, &vmlinux_size);
+	if (!hdr)
+		exit(EXIT_FAILURE);
+
+	if (vmlinux_size < sizeof(*hdr)) {
+		err("Invalid ELF file.\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if ((hdr->e_ident[EI_MAG0] != ELFMAG0) ||
+	    (hdr->e_ident[EI_MAG1] != ELFMAG1) ||
+	    (hdr->e_ident[EI_MAG2] != ELFMAG2) ||
+	    (hdr->e_ident[EI_MAG3] != ELFMAG3)) {
+		err("Invalid ELF magic.\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (hdr->e_ident[EI_CLASS] != CURRENT_ELFCLASS) {
+		err("ELF class mismatch.\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (hdr->e_ident[EI_DATA] != endianness()) {
+		err("ELF endian mismatch.\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (hdr->e_shoff > vmlinux_size) {
+		err("Could not find section header.\n");
+		exit(EXIT_FAILURE);
+	}
+
+	if (cert_file) {
+		ret = insert_certificate(hdr);
+		printf("%s\n", cert_file);
+	}
+
+	if (cmdline_append || cmdline_prepend)
+		ret = insert_cmdline(hdr);
+
+	exit(ret);
 }
-- 
2.39.2


  parent reply	other threads:[~2023-11-10  1:43 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-11-10  1:38 [PATCH 0/8] generic command line v6 Daniel Walker
2023-11-10  1:38 ` [PATCH 1/8] CMDLINE: add generic builtin command line Daniel Walker
2023-11-10 16:12   ` kernel test robot
2023-11-23  6:32   ` Christophe Leroy
2023-12-04 11:11   ` Jaskaran Singh
2023-11-10  1:38 ` Daniel Walker [this message]
2023-11-23  6:33   ` [PATCH 2/8] scripts: insert-sys-cert: add command line insert capability Christophe Leroy
2023-11-10  1:38 ` [PATCH 3/8] scripts: insert-sys-cert: change name to insert-symbol Daniel Walker
2023-11-23  6:34   ` Christophe Leroy
2023-11-10  1:38 ` [PATCH 4/8] CMDLINE: mips: convert to generic builtin command line Daniel Walker
2023-11-23  6:36   ` Christophe Leroy
2023-11-10  1:38 ` [PATCH 5/8] drivers: firmware: efi: libstub: enable generic commandline Daniel Walker
2023-11-10  4:23   ` kernel test robot
2023-11-23  6:37   ` Christophe Leroy
2023-12-12  9:55   ` Ard Biesheuvel
2023-12-12 17:25     ` Daniel Walker (danielwa)
2023-11-10  1:38 ` [PATCH 6/8] CMDLINE: x86: convert to generic builtin command line Daniel Walker
2023-11-10  7:17   ` kernel test robot
2025-10-02 20:49   ` Dave Hansen
2025-10-02 21:00     ` Daniel Walker (danielwa)
2025-10-02 21:10       ` Dave Hansen
2025-10-02 21:31         ` Daniel Walker (danielwa)
2025-10-02 21:55           ` Dave Hansen
2025-10-02 22:38             ` Daniel Gimpelevich
2025-10-02 23:10               ` Dave Hansen
2025-10-02 23:20                 ` Daniel Gimpelevich
2025-10-02 23:39             ` Daniel Walker (danielwa)
2025-10-02 23:48               ` Dave Hansen
2023-11-10  1:38 ` [PATCH 7/8] of: replace command line handling Daniel Walker
2023-11-16 16:09   ` Rob Herring
2023-11-16 16:33     ` Daniel Walker (danielwa)
2023-11-23  6:39   ` Christophe Leroy
2023-11-10  1:38 ` [PATCH 8/8] CMDLINE: arm64: convert to generic builtin command line Daniel Walker
2023-11-23  6:39   ` Christophe Leroy
2023-11-10  1:51 ` [PATCH 0/8] generic command line v6 Andrew Morton
2023-11-10  2:22   ` Daniel Walker (danielwa)
2023-11-10  2:40     ` Andrew Morton
2023-11-23  6:23 ` Christophe Leroy
  -- strict thread matches above, loose matches on Subject: below --
2021-04-16  4:09 [PATCH 0/8] generic command line v4 Daniel Walker
2021-04-16  4:09 ` [PATCH 2/8] scripts: insert-sys-cert: add command line insert capability Daniel Walker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231110013817.2378507-3-danielwa@cisco.com \
    --to=danielwa@cisco.com \
    --cc=akpm@linux-foundation.org \
    --cc=christophe.leroy@csgroup.eu \
    --cc=daniel@gimpelevich.san-francisco.ca.us \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mips@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=quic_pbrahma@quicinc.com \
    --cc=robh@kernel.org \
    --cc=sean.anderson@seco.com \
    --cc=tomas.mudrunka@gmail.com \
    --cc=will@kernel.org \
    --cc=x86@kernel.org \
    --cc=xe-linux-external@cisco.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).