 
            From: Roberto Sassu <roberto.sassu@huawei.com> euleros inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7QZ2M CVE: NA ------------------------------------------------- Instead of changing the CPIO format, metadata are parsed from regular files with special name 'METADATA!!!'. This file immediately follows the file metadata are added to. This patch checks if the file being extracted has the special name and, if yes, creates a buffer with the content of that file and calls do_parse_metadata() to parse metadata from the buffer. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reported-by: kbuild test robot <lkp@intel.com> Signed-off-by: Tianxing Zhang <zhangtianxing3@huawei.com> Reviewed-by: Jason Yan <yanaijie@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> Signed-off-by: zhoushuiqing <zhoushuiqing2@huawei.com> --- init/initramfs.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/init/initramfs.c b/init/initramfs.c index 31d90e060..74819f3b4 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -260,6 +260,7 @@ static void __init read_into(char *buf, unsigned size, enum state next) #ifdef CONFIG_IMA_DIGEST_LIST static __initdata char *header_buf, *symlink_buf, *name_buf, *metadata_buf; +static __initdata char *metadata_buf_ptr, *previous_name_buf; #else static __initdata char *header_buf, *symlink_buf, *name_buf; #endif @@ -448,6 +449,9 @@ static int __init __maybe_unused do_parse_metadata(char *pathname) #endif static __initdata struct file *wfile; static __initdata loff_t wfile_pos; +#ifdef CONFIG_IMA_DIGEST_LIST +static int metadata __initdata; +#endif static int __init do_name(void) { @@ -456,6 +460,12 @@ static int __init do_name(void) if (strcmp(collected, "TRAILER!!!") == 0) { free_hash(); return 0; +#ifdef CONFIG_IMA_DIGEST_LIST + } else if (strcmp(collected, METADATA_FILENAME) == 0) { + metadata = 1; + } else { + memcpy(previous_name_buf, collected, strlen(collected) + 1); +#endif } clean_path(collected, mode); if (S_ISREG(mode)) { @@ -493,11 +503,51 @@ static int __init do_name(void) return 0; } +#ifdef CONFIG_IMA_DIGEST_LIST +static int __init do_process_metadata(char *buf, int len, bool last) +{ + int ret = 0; + + if (!metadata_buf) { + metadata_buf_ptr = metadata_buf = kmalloc(body_len, GFP_KERNEL); + if (!metadata_buf_ptr) { + ret = -ENOMEM; + goto out; + } + + metadata_len = body_len; + } + + if (metadata_buf_ptr + len > metadata_buf + metadata_len) { + ret = -EINVAL; + goto out; + } + + memcpy(metadata_buf_ptr, buf, len); + metadata_buf_ptr += len; + + if (last) + do_parse_metadata(previous_name_buf); +out: + if (ret < 0 || last) { + kfree(metadata_buf); + metadata_buf = NULL; + metadata = 0; + } + + return ret; +} +#endif + static int __init do_copy(void) { if (byte_count >= body_len) { if (xwrite(wfile, victim, body_len, &wfile_pos) != body_len) error("write error"); +#ifdef CONFIG_IMA_DIGEST_LIST + if (metadata) + do_process_metadata(victim, body_len, true); +#endif do_utime_path(&wfile->f_path, mtime); fput(wfile); @@ -509,6 +559,10 @@ static int __init do_copy(void) } else { if (xwrite(wfile, victim, byte_count, &wfile_pos) != byte_count) error("write error"); +#ifdef CONFIG_IMA_DIGEST_LIST + if (metadata) + do_process_metadata(victim, byte_count, false); +#endif body_len -= byte_count; eat(byte_count); return 1; @@ -518,6 +572,9 @@ static int __init do_copy(void) static int __init do_symlink(void) { collected[N_ALIGN(name_len) + body_len] = '\0'; +#ifdef CONFIG_IMA_DIGEST_LIST + memcpy(previous_name_buf, collected, strlen(collected) + 1); +#endif clean_path(collected, 0); init_symlink(collected + N_ALIGN(name_len), collected); init_chown(collected, uid, gid, AT_SYMLINK_NOFOLLOW); @@ -585,8 +642,14 @@ static char * __init unpack_to_rootfs(char *buf, unsigned long len) header_buf = kmalloc(110, GFP_KERNEL); symlink_buf = kmalloc(PATH_MAX + N_ALIGN(PATH_MAX) + 1, GFP_KERNEL); name_buf = kmalloc(N_ALIGN(PATH_MAX), GFP_KERNEL); +#ifdef CONFIG_IMA_DIGEST_LIST + previous_name_buf = kmalloc(PATH_MAX + N_ALIGN(PATH_MAX) + 1, + GFP_KERNEL); + if (!header_buf || !symlink_buf || !name_buf || !previous_name_buf) +#else if (!header_buf || !symlink_buf || !name_buf) +#endif panic_show_mem("can't allocate buffers"); state = Start; @@ -631,6 +694,9 @@ static char * __init unpack_to_rootfs(char *buf, unsigned long len) len -= my_inptr; } dir_utime(); +#ifdef CONFIG_IMA_DIGEST_LIST + kfree(previous_name_buf); +#endif kfree(name_buf); kfree(symlink_buf); kfree(header_buf); -- 2.33.0