* [PATCH] x86/boot: Sanitize boot params before parsing command line
@ 2025-03-06 15:59 Ard Biesheuvel
2025-03-06 21:33 ` [tip: x86/urgent] " tip-bot2 for Ard Biesheuvel
2025-03-07 11:57 ` [PATCH] " Kirill A. Shutemov
0 siblings, 2 replies; 3+ messages in thread
From: Ard Biesheuvel @ 2025-03-06 15:59 UTC (permalink / raw)
To: linux-kernel
Cc: x86, Ard Biesheuvel, stable, H. Peter Anvin, Kirill A. Shutemov,
Ulrich Gemkow
From: Ard Biesheuvel <ardb@kernel.org>
The 5-level paging code parses the command line to look for the 'no5lvl'
string, and does so very early, before sanitize_boot_params() has been
called and has been given the opportunity to wipe bogus data from the
fields in boot_params that are not covered by struct setup_header, and
are therefore supposed to be initialized to zero by the bootloader.
This triggers an early boot crash when using syslinux-efi to boot a
recent kernel built with CONFIG_X86_5LEVEL=y and CONFIG_EFI_STUB=n, as
the 0xff padding that now fills the unused PE/COFF header is copied into
boot_params by the bootloader, and interpreted as the top half of the
command line pointer.
Fix this by sanitizing the boot_params before use. Note that there is no
harm in calling this more than once; subsequent invocations are able to
spot that the boot_params have already been cleaned up.
Cc: <stable@vger.kernel.org> # v6.1+
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: Ulrich Gemkow <ulrich.gemkow@ikr.uni-stuttgart.de>
Closes: https://lore.kernel.org/all/202503041549.35913.ulrich.gemkow@ikr.uni-stuttgart.de
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
arch/x86/boot/compressed/pgtable_64.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c
index c882e1f67af0..d8c5de40669d 100644
--- a/arch/x86/boot/compressed/pgtable_64.c
+++ b/arch/x86/boot/compressed/pgtable_64.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0
#include "misc.h"
#include <asm/bootparam.h>
+#include <asm/bootparam_utils.h>
#include <asm/e820/types.h>
#include <asm/processor.h>
#include "pgtable.h"
@@ -107,6 +108,7 @@ asmlinkage void configure_5level_paging(struct boot_params *bp, void *pgtable)
bool l5_required = false;
/* Initialize boot_params. Required for cmdline_find_option_bool(). */
+ sanitize_boot_params(bp);
boot_params_ptr = bp;
/*
--
2.48.1.711.g2feabab25a-goog
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [tip: x86/urgent] x86/boot: Sanitize boot params before parsing command line
2025-03-06 15:59 [PATCH] x86/boot: Sanitize boot params before parsing command line Ard Biesheuvel
@ 2025-03-06 21:33 ` tip-bot2 for Ard Biesheuvel
2025-03-07 11:57 ` [PATCH] " Kirill A. Shutemov
1 sibling, 0 replies; 3+ messages in thread
From: tip-bot2 for Ard Biesheuvel @ 2025-03-06 21:33 UTC (permalink / raw)
To: linux-tip-commits
Cc: Ard Biesheuvel, Ingo Molnar, H. Peter Anvin, Linus Torvalds,
stable, x86, linux-kernel
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: c00b413a96261faef4ce22329153c6abd4acef25
Gitweb: https://git.kernel.org/tip/c00b413a96261faef4ce22329153c6abd4acef25
Author: Ard Biesheuvel <ardb@kernel.org>
AuthorDate: Thu, 06 Mar 2025 16:59:16 +01:00
Committer: Ingo Molnar <mingo@kernel.org>
CommitterDate: Thu, 06 Mar 2025 22:02:39 +01:00
x86/boot: Sanitize boot params before parsing command line
The 5-level paging code parses the command line to look for the 'no5lvl'
string, and does so very early, before sanitize_boot_params() has been
called and has been given the opportunity to wipe bogus data from the
fields in boot_params that are not covered by struct setup_header, and
are therefore supposed to be initialized to zero by the bootloader.
This triggers an early boot crash when using syslinux-efi to boot a
recent kernel built with CONFIG_X86_5LEVEL=y and CONFIG_EFI_STUB=n, as
the 0xff padding that now fills the unused PE/COFF header is copied into
boot_params by the bootloader, and interpreted as the top half of the
command line pointer.
Fix this by sanitizing the boot_params before use. Note that there is no
harm in calling this more than once; subsequent invocations are able to
spot that the boot_params have already been cleaned up.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org> # v6.1+
Link: https://lore.kernel.org/r/20250306155915.342465-2-ardb+git@google.com
Closes: https://lore.kernel.org/all/202503041549.35913.ulrich.gemkow@ikr.uni-stuttgart.de
---
arch/x86/boot/compressed/pgtable_64.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c
index c882e1f..d8c5de4 100644
--- a/arch/x86/boot/compressed/pgtable_64.c
+++ b/arch/x86/boot/compressed/pgtable_64.c
@@ -1,6 +1,7 @@
// SPDX-License-Identifier: GPL-2.0
#include "misc.h"
#include <asm/bootparam.h>
+#include <asm/bootparam_utils.h>
#include <asm/e820/types.h>
#include <asm/processor.h>
#include "pgtable.h"
@@ -107,6 +108,7 @@ asmlinkage void configure_5level_paging(struct boot_params *bp, void *pgtable)
bool l5_required = false;
/* Initialize boot_params. Required for cmdline_find_option_bool(). */
+ sanitize_boot_params(bp);
boot_params_ptr = bp;
/*
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] x86/boot: Sanitize boot params before parsing command line
2025-03-06 15:59 [PATCH] x86/boot: Sanitize boot params before parsing command line Ard Biesheuvel
2025-03-06 21:33 ` [tip: x86/urgent] " tip-bot2 for Ard Biesheuvel
@ 2025-03-07 11:57 ` Kirill A. Shutemov
1 sibling, 0 replies; 3+ messages in thread
From: Kirill A. Shutemov @ 2025-03-07 11:57 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: linux-kernel, x86, Ard Biesheuvel, stable, H. Peter Anvin,
Ulrich Gemkow
On Thu, Mar 06, 2025 at 04:59:16PM +0100, Ard Biesheuvel wrote:
> From: Ard Biesheuvel <ardb@kernel.org>
>
> The 5-level paging code parses the command line to look for the 'no5lvl'
> string, and does so very early, before sanitize_boot_params() has been
> called and has been given the opportunity to wipe bogus data from the
> fields in boot_params that are not covered by struct setup_header, and
> are therefore supposed to be initialized to zero by the bootloader.
>
> This triggers an early boot crash when using syslinux-efi to boot a
> recent kernel built with CONFIG_X86_5LEVEL=y and CONFIG_EFI_STUB=n, as
> the 0xff padding that now fills the unused PE/COFF header is copied into
> boot_params by the bootloader, and interpreted as the top half of the
> command line pointer.
>
> Fix this by sanitizing the boot_params before use. Note that there is no
> harm in calling this more than once; subsequent invocations are able to
> spot that the boot_params have already been cleaned up.
>
> Cc: <stable@vger.kernel.org> # v6.1+
> Cc: "H. Peter Anvin" <hpa@zytor.com>
> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
> Cc: Ulrich Gemkow <ulrich.gemkow@ikr.uni-stuttgart.de>
> Closes: https://lore.kernel.org/all/202503041549.35913.ulrich.gemkow@ikr.uni-stuttgart.de
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
--
Kiryl Shutsemau / Kirill A. Shutemov
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-03-07 11:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-06 15:59 [PATCH] x86/boot: Sanitize boot params before parsing command line Ard Biesheuvel
2025-03-06 21:33 ` [tip: x86/urgent] " tip-bot2 for Ard Biesheuvel
2025-03-07 11:57 ` [PATCH] " Kirill A. Shutemov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox