From patchwork Tue Feb 22 03:42:49 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Randy Dunlap <rdunlap@infradead.org>
X-Patchwork-Id: 12754497
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 46293C433F5
	for <linux-mm@archiver.kernel.org>; Tue, 22 Feb 2022 03:42:57 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 852438D0002; Mon, 21 Feb 2022 22:42:56 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 800768D0001; Mon, 21 Feb 2022 22:42:56 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6EF038D0002; Mon, 21 Feb 2022 22:42:56 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.28])
	by kanga.kvack.org (Postfix) with ESMTP id 5C7658D0001
	for <linux-mm@kvack.org>; Mon, 21 Feb 2022 22:42:56 -0500 (EST)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 16D7E226A4
	for <linux-mm@kvack.org>; Tue, 22 Feb 2022 03:42:56 +0000 (UTC)
X-FDA: 79169019552.03.DBC0E50
Received: from bombadil.infradead.org (bombadil.infradead.org
 [198.137.202.133])
	by imf06.hostedemail.com (Postfix) with ESMTP id 07588180003
	for <linux-mm@kvack.org>; Tue, 22 Feb 2022 03:42:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=bombadil.20210309; h=Content-Transfer-Encoding:
	MIME-Version:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
	Content-ID:Content-Description:In-Reply-To:References;
	bh=GThf9Kl0pNSV3DIQNbwcKUWrR2lA8mnYJEDOf1gis84=; b=TAvr+1I2lj6R2w0CliHkWq9mEt
	S0qdlJ/dOAFVAMm13vN72gCN4sRZcZW65VtnBV2uXJlP4CbScf5YuJkE2jVws3nZP8psjbaWozEoV
	vPRwIIjN8eFANHV3PlDTM6sv2TDedQkr/6i/9WhIZDuf13j6HnDDIAruMpIo3yyOoHE06I/GcwIJJ
	DTGMNJqdPTMpZxKQgGpJfRXbkxL3imjK3Qq1cYuhwHN2MHG6hx0G+dk564ti36BduPWTNwNc+TiEf
	lb+GZfRJGUrml3qo6NL7l+Gnrh5f3tKeXc1A6zNvIduyujX+1w7OCP84h/Ql7xUJbzq284N31xq7H
	wHdVNYQg==;
Received: from [2601:1c0:6280:3f0::aa0b] (helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux))
	id 1nMM4g-007sWS-Ht; Tue, 22 Feb 2022 03:42:50 +0000
From: Randy Dunlap <rdunlap@infradead.org>
To: linux-mm@kvack.org
Cc: Randy Dunlap <rdunlap@infradead.org>,
	Igor Zhbanov <i.zhbanov@omprussia.ru>,
	Andrew Morton <akpm@linux-foundation.org>,
	Chris von Recklinghausen <crecklin@redhat.com>,
	Kees Cook <keescook@chromium.org>
Subject: [PATCH 3/3] mm/usercopy: return 1 from hardened_usercopy __setup()
 handler
Date: Mon, 21 Feb 2022 19:42:49 -0800
Message-Id: <20220222034249.14795-1-rdunlap@infradead.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Rspamd-Server: rspam01
X-Rspamd-Queue-Id: 07588180003
X-Rspam-User: 
Authentication-Results: imf06.hostedemail.com;
	dkim=pass header.d=infradead.org header.s=bombadil.20210309
 header.b=TAvr+1I2;
	spf=none (imf06.hostedemail.com: domain of rdunlap@infradead.org has no SPF
 policy when checking 198.137.202.133) smtp.mailfrom=rdunlap@infradead.org;
	dmarc=none
X-Stat-Signature: fnc5t1g6gmkrgrminw6yd7y77j63t3zp
X-HE-Tag: 1645501374-536070
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

__setup() handlers should return 1 if the command line option is handled
and 0 if not (or maybe never return 0; it just pollutes init's
environment). This prevents:

  Unknown kernel command line parameters \
  "BOOT_IMAGE=/boot/bzImage-517rc5 hardened_usercopy=off", will be \
  passed to user space.

  Run /sbin/init as init process
   with arguments:
     /sbin/init
   with environment:
     HOME=/
     TERM=linux
     BOOT_IMAGE=/boot/bzImage-517rc5
     hardened_usercopy=off
or
     hardened_usercopy=on
but when "hardened_usercopy=foo" is used, there is no Unknown kernel
command line parameter.

Return 1 to indicate that the boot option has been handled.
Print a warning if strtobool() returns an error on the option string,
but do not mark this as in unknown command line option and do not cause
init's environment to be polluted with this string.

Fixes: b5cb15d9372ab ("usercopy: Allow boot cmdline disabling of hardening")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Chris von Recklinghausen <crecklin@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
---
Sorry, I missed this third mm/ instance. Hence the patch 3/3.

 mm/usercopy.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- linux-next-20220217.orig/mm/usercopy.c
+++ linux-next-20220217/mm/usercopy.c
@@ -284,7 +284,10 @@ static bool enable_checks __initdata = t
 
 static int __init parse_hardened_usercopy(char *str)
 {
-	return strtobool(str, &enable_checks);
+	if (strtobool(str, &enable_checks))
+		pr_warn("Invalid option string for hardened_usercopy: '%s'\n",
+			str);
+	return 1;
 }
 
 __setup("hardened_usercopy=", parse_hardened_usercopy);