Linux kernel source tree https://git.amat.us/linux/atom/usr?h=v3.4.55 2012-10-31T17:02:33Z 2012-10-31T17:02:33Z Kees Cook keescook@chromium.org 2012-10-25T20:38:14Z urn:sha1:419cbf261a717df51878cadd00488ec2a9d9b3a4 commit 20f1de659b77364d55d4e7fad2ef657e7730323f upstream. Fix possible overflow of the buffer used for expanding environment variables when building file list. In the extremely unlikely case of an attacker having control over the environment variables visible to gen_init_cpio, control over the contents of the file gen_init_cpio parses, and gen_init_cpio was built without compiler hardening, the attacker can gain arbitrary execution control via a stack buffer overflow. $ cat usr/crash.list file foo ${BIG}${BIG}${BIG}${BIG}${BIG}${BIG} 0755 0 0 $ BIG=$(perl -e 'print "A" x 4096;') ./usr/gen_init_cpio usr/crash.list *** buffer overflow detected ***: ./usr/gen_init_cpio terminated This also replaces the space-indenting with tabs. Patch based on existing fix extracted from grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Michal Marek <mmarek@suse.cz> Cc: Brad Spengler <spender@grsecurity.net> Cc: PaX Team <pageexec@freemail.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2011-04-18T12:27:52Z Michal Marek mmarek@suse.cz 2011-03-31T21:16:42Z urn:sha1:a8b8017c34fefcb763d8b06c294b58d1c480b2e4 gen_init_cpio gets the current time and uses it for each symlink, special file, and directory. Grab the current time once and make it possible to override it with the KBUILD_BUILD_TIMESTAMP variable for reproducible builds. Signed-off-by: Michal Marek <mmarek@suse.cz> 2011-01-21T01:02:05Z David Rientjes rientjes@google.com 2011-01-20T22:44:16Z urn:sha1:6a108a14fa356ef607be308b68337939e56ea94e The meaning of CONFIG_EMBEDDED has long since been obsoleted; the option is used to configure any non-standard kernel with a much larger scope than only small devices. This patch renames the option to CONFIG_EXPERT in init/Kconfig and fixes references to the option throughout the kernel. A new CONFIG_EMBEDDED option is added that automatically selects CONFIG_EXPERT when enabled and can be used in the future to isolate options that should only be considered for embedded systems (RISC architectures, SLOB, etc). Calling the option "EXPERT" more accurately represents its intention: only expert users who understand the impact of the configuration changes they are making should enable it. Reviewed-by: Ingo Molnar <mingo@elte.hu> Acked-by: David Woodhouse <david.woodhouse@intel.com> Signed-off-by: David Rientjes <rientjes@google.com> Cc: Greg KH <gregkh@suse.de> Cc: "David S. Miller" <davem@davemloft.net> Cc: Jens Axboe <axboe@kernel.dk> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Robin Holt <holt@sgi.com> Cc: <linux-arch@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-01-13T16:03:25Z Lasse Collin lasse.collin@tukaani.org 2011-01-13T01:01:23Z urn:sha1:3ebe12439ba7fc62e1d6ecb569b7287771716ca1 This implements the API defined in <linux/decompress/generic.h> which is used for kernel, initramfs, and initrd decompression. This patch together with the first patch is enough for XZ-compressed initramfs and initrd; XZ-compressed kernel will need arch-specific changes. The buffering requirements described in decompress_unxz.c are stricter than with gzip, so the relevant changes should be done to the arch-specific code when adding support for XZ-compressed kernel. Similarly, the heap size in arch-specific pre-boot code may need to be increased (30 KiB is enough). The XZ decompressor needs memmove(), memeq() (memcmp() == 0), and memzero() (memset(ptr, 0, size)), which aren't available in all arch-specific pre-boot environments. I'm including simple versions in decompress_unxz.c, but a cleaner solution would naturally be nicer. Signed-off-by: Lasse Collin <lasse.collin@tukaani.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Alain Knaff <alain@knaff.lu> Cc: Albin Tonnerre <albin.tonnerre@free-electrons.com> Cc: Phillip Lougher <phillip@lougher.demon.co.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2011-01-10T16:27:52Z Linus Torvalds torvalds@linux-foundation.org 2011-01-10T16:27:52Z urn:sha1:0c05384a5a1af2352b8c244cf32f480ba6cbf024 * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6: mkuboot.sh: Fail if mkimage is missing gen_init_cpio: checkpatch fixes gen_init_cpio: Avoid race between call to stat() and call to open() modpost: Fix address calculation in reloc_location() Make fixdep error handling more explicit checksyscalls: Fix stand-alone usage modpost: Put .zdebug* section on white list kbuild: fix interaction of CONFIG_IKCONFIG and KCONFIG_CONFIG kbuild: export linux/{a.out,kvm,kvm_para}.h on headers_install_all kbuild: introduce HDR_ARCH_LIST for headers_install_all headers_install: check exit status of unifdef gen_init_cpio: remove leading `/' from file names scripts/genksyms: fix header usage fixdep: use hash table instead of a single array 2011-01-05T22:49:53Z Andrew Morton akpm@linux-foundation.org 2011-01-05T22:49:53Z urn:sha1:a3c888fcda911fcb6e3c071aecf49ccb6effe79d Cc: Jesper Juhl <jj@chaosbits.net> Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Michal Marek <mmarek@suse.cz> 2010-12-29T14:06:54Z Jesper Juhl jj@chaosbits.net 2010-12-24T20:28:56Z urn:sha1:96aebafa63418f447ddc823e40da341cc40553dd In usr/gen_init_cpio.c::cpio_mkfile() a call to stat() is made based on pathname, subsequently the file is open()'ed and then the value of the initial stat() call is used to allocate a buffer. This is not safe since the file may change between the call to stat() and the call to open(). Safer to just open() the file and then do fstat() using the filedescriptor returned by open. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Acked-by: Jeff Garzik <jgarzik@redhat.com> Signed-off-by: Michal Marek <mmarek@suse.cz> 2010-12-14T21:01:55Z Michal Marek mmarek@suse.cz 2010-12-14T21:01:55Z urn:sha1:8990c1bc4be46473ad19bf2fa612ca57286f3df4 2010-12-02T13:28:50Z Thomas Chou thomas@wytron.com.tw 2010-10-06T07:13:53Z urn:sha1:43f901fbc8ba94bfa8d58155ba9378d7a13af636 When we extracted the generated cpio archive using "cpio -id" command, it complained, cpio: Removing leading `/' from member names var/run cpio: Removing leading `/' from member names var/lib cpio: Removing leading `/' from member names var/lib/misc It is worse with the latest "cpio" or "pax", which tries to overwrite the host file system with the leading '/'. So the leading '/' of file names should be removed. This is consistent with the initramfs come with major distributions such as Fedora or Debian, etc. Signed-off-by: Thomas Chou <thomas@wytron.com.tw> Acked-by: Mike Frysinger<vapier@gentoo.org> Signed-off-by: Michal Marek <mmarek@suse.cz> 2010-12-01T12:13:21Z Hendrik Brueckner brueckner@linux.vnet.ibm.com 2010-11-29T22:38:50Z urn:sha1:1198c6d45a1ef5f4f7fdfbf33ef7d270493ec575 Define the __initramfs_size variable using VMLINUX_SYMBOL() to take care of symbol-prefixed architectures, for example, blackfin. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Cc: Mike Frysinger <vapier.adi@gmail.com> Cc: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>, Cc: Michal Marek <mmarek@suse.cz> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> [mmarek: leave out Makefile change, since d63f6d1 already takes care of the SYMBOL_PREFIX define] Signed-off-by: Michal Marek <mmarek@suse.cz>