static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
{
enum ssb_mitigation_cmd cmd = SPEC_STORE_BYPASS_CMD_AUTO;
char arg[20];
int ret, i;
if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) {
return SPEC_STORE_BYPASS_CMD_NONE;
} else {
ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable",
arg, sizeof(arg));
if (ret < 0)
return SPEC_STORE_BYPASS_CMD_AUTO;
for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) {
if (!match_option(arg, ret, ssb_mitigation_options[i].option))
continue;
cmd = ssb_mitigation_options[i].cmd;
break;
}
if (i >= ARRAY_SIZE(ssb_mitigation_options)) {
pr_err("unknown option (%s). Switching to AUTO select\n", arg);
return SPEC_STORE_BYPASS_CMD_AUTO;
}
}
return cmd;
}
static int
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const void *matchinfo,
int offset,
unsigned int protoff,
int *hotdrop)
{
const struct xt_dccp_info *info =
(const struct xt_dccp_info *)matchinfo;
struct dccp_hdr _dh, *dh;
if (offset)
return 0;
dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh);
if (dh == NULL) {
*hotdrop = 1;
return 0;
}
return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0])
&& (ntohs(dh->dccph_sport) <= info->spts[1])),
XT_DCCP_SRC_PORTS, info->flags, info->invflags)
&& DCCHECK(((ntohs(dh->dccph_dport) >= info->dpts[0])
&& (ntohs(dh->dccph_dport) <= info->dpts[1])),
XT_DCCP_DEST_PORTS, info->flags, info->invflags)
&& DCCHECK(match_types(dh, info->typemask),
XT_DCCP_TYPE, info->flags, info->invflags)
&& DCCHECK(match_option(info->option, skb, protoff, dh,
hotdrop),
XT_DCCP_OPTION, info->flags, info->invflags);
}
static bool
dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
{
const struct xt_dccp_info *info = par->matchinfo;
const struct dccp_hdr *dh;
struct dccp_hdr _dh;
if (par->fragoff != 0)
return false;
dh = skb_header_pointer(skb, par->thoff, sizeof(_dh), &_dh);
if (dh == NULL) {
*par->hotdrop = true;
return false;
}
return DCCHECK(ntohs(dh->dccph_sport) >= info->spts[0]
&& ntohs(dh->dccph_sport) <= info->spts[1],
XT_DCCP_SRC_PORTS, info->flags, info->invflags)
&& DCCHECK(ntohs(dh->dccph_dport) >= info->dpts[0]
&& ntohs(dh->dccph_dport) <= info->dpts[1],
XT_DCCP_DEST_PORTS, info->flags, info->invflags)
&& DCCHECK(match_types(dh, info->typemask),
XT_DCCP_TYPE, info->flags, info->invflags)
&& DCCHECK(match_option(info->option, skb, par->thoff, dh,
par->hotdrop),
XT_DCCP_OPTION, info->flags, info->invflags);
}
static void parse_options(struct exfat* ef, const char* options)
{
int opt_umask;
opt_umask = get_int_option(options, "umask", 8, 0);
ef->dmask = get_int_option(options, "dmask", 8, opt_umask);
ef->fmask = get_int_option(options, "fmask", 8, opt_umask);
ef->uid = get_int_option(options, "uid", 10, geteuid());
ef->gid = get_int_option(options, "gid", 10, getegid());
ef->noatime = match_option(options, "noatime");
}
static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
{
char arg[20];
int ret, i;
enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO;
if (cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
return SPECTRE_V2_CMD_NONE;
else {
ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg));
if (ret < 0)
return SPECTRE_V2_CMD_AUTO;
for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) {
if (!match_option(arg, ret, mitigation_options[i].option))
continue;
cmd = mitigation_options[i].cmd;
break;
}
if (i >= ARRAY_SIZE(mitigation_options)) {
pr_err("unknown option (%s). Switching to AUTO select\n", arg);
return SPECTRE_V2_CMD_AUTO;
}
}
if ((cmd == SPECTRE_V2_CMD_RETPOLINE ||
cmd == SPECTRE_V2_CMD_RETPOLINE_AMD ||
cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC) &&
!IS_ENABLED(CONFIG_RETPOLINE)) {
pr_err("%s selected but not compiled in. Switching to AUTO select\n", mitigation_options[i].option);
return SPECTRE_V2_CMD_AUTO;
}
if (cmd == SPECTRE_V2_CMD_RETPOLINE_AMD &&
boot_cpu_data.x86_vendor != X86_VENDOR_AMD) {
pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n");
return SPECTRE_V2_CMD_AUTO;
}
if (mitigation_options[i].secure)
spec2_print_if_secure(mitigation_options[i].option);
else
spec2_print_if_insecure(mitigation_options[i].option);
return cmd;
}
static const struct argp_option *
find_long_option(struct parser *parser,
const char *arg,
struct group **p)
{
struct group *group;
/* Partial match found so far. */
struct group *matched_group = NULL;
const struct argp_option *matched_option = NULL;
/* Number of partial matches: */
int num_partial = 0;
for ((group = parser->groups); (group < parser->egroup); group++) {
const struct argp_option *opts;
for ((opts = group->argp->options); !__option_is_end(opts); opts++) {
if (!opts->name) {
continue;
}
switch (match_option(arg, opts->name)) {
case MATCH_NO:
break;
case MATCH_PARTIAL:
num_partial++;
matched_group = group;
matched_option = opts;
break;
case MATCH_EXACT:
/* Exact match: */
*p = group;
return opts;
default:
break; /* (?) */
}
}
}
if (num_partial == 1) {
*p = matched_group;
return matched_option;
}
return NULL;
}
static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void)
{
char arg[20];
int ret;
ret = cmdline_find_option(boot_command_line, "spectre_v2", arg,
sizeof(arg));
if (ret > 0) {
if (match_option(arg, ret, "off")) {
goto disable;
} else if (match_option(arg, ret, "on")) {
spec2_print_if_secure("force enabled on command line.");
return SPECTRE_V2_CMD_FORCE;
} else if (match_option(arg, ret, "retpoline")) {
spec2_print_if_insecure("retpoline selected on command line.");
return SPECTRE_V2_CMD_RETPOLINE;
} else if (match_option(arg, ret, "retpoline,amd")) {
if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD) {
pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n");
return SPECTRE_V2_CMD_AUTO;
}
spec2_print_if_insecure("AMD retpoline selected on command line.");
return SPECTRE_V2_CMD_RETPOLINE_AMD;
} else if (match_option(arg, ret, "retpoline,generic")) {
spec2_print_if_insecure("generic retpoline selected on command line.");
return SPECTRE_V2_CMD_RETPOLINE_GENERIC;
} else if (match_option(arg, ret, "auto")) {
return SPECTRE_V2_CMD_AUTO;
}
}
if (!cmdline_find_option_bool(boot_command_line, "nospectre_v2"))
return SPECTRE_V2_CMD_AUTO;
disable:
spec2_print_if_insecure("disabled on command line.");
return SPECTRE_V2_CMD_NONE;
}
/* Parse pubkey options and set ses.authstate.pubkey_options accordingly.
* Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */
int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filename) {
int ret = DROPBEAR_FAILURE;
TRACE(("enter addpubkeyoptions"))
ses.authstate.pubkey_options = (struct PubKeyOptions*)m_malloc(sizeof( struct PubKeyOptions ));
buf_setpos(options_buf, 0);
while (options_buf->pos < options_buf->len) {
if (match_option(options_buf, "no-port-forwarding") == DROPBEAR_SUCCESS) {
dropbear_log(LOG_WARNING, "Port forwarding disabled.");
ses.authstate.pubkey_options->no_port_forwarding_flag = 1;
goto next_option;
}
#ifdef ENABLE_SVR_AGENTFWD
if (match_option(options_buf, "no-agent-forwarding") == DROPBEAR_SUCCESS) {
dropbear_log(LOG_WARNING, "Agent forwarding disabled.");
ses.authstate.pubkey_options->no_agent_forwarding_flag = 1;
goto next_option;
}
#endif
#ifdef ENABLE_X11FWD
if (match_option(options_buf, "no-X11-forwarding") == DROPBEAR_SUCCESS) {
dropbear_log(LOG_WARNING, "X11 forwarding disabled.");
ses.authstate.pubkey_options->no_x11_forwarding_flag = 1;
goto next_option;
}
#endif
if (match_option(options_buf, "no-pty") == DROPBEAR_SUCCESS) {
dropbear_log(LOG_WARNING, "Pty allocation disabled.");
ses.authstate.pubkey_options->no_pty_flag = 1;
goto next_option;
}
if (match_option(options_buf, "command=\"") == DROPBEAR_SUCCESS) {
int escaped = 0;
const unsigned char* command_start = buf_getptr(options_buf, 0);
while (options_buf->pos < options_buf->len) {
const char c = buf_getbyte(options_buf);
if (!escaped && c == '"') {
const int command_len = buf_getptr(options_buf, 0) - command_start;
ses.authstate.pubkey_options->forced_command = m_malloc(command_len);
memcpy(ses.authstate.pubkey_options->forced_command,
command_start, command_len-1);
ses.authstate.pubkey_options->forced_command[command_len-1] = '\0';
dropbear_log(LOG_WARNING, "Forced command '%s'",
ses.authstate.pubkey_options->forced_command);
goto next_option;
}
escaped = (!escaped && c == '\\');
}
dropbear_log(LOG_WARNING, "Badly formatted command= authorized_keys option");
goto bad_option;
}
next_option:
/*
* Skip the comma, and move to the next option
* (or break out if there are no more).
*/
if (options_buf->pos < options_buf->len
&& buf_getbyte(options_buf) != ',') {
goto bad_option;
}
/* Process the next option. */
}
/* parsed all options with no problem */
ret = DROPBEAR_SUCCESS;
goto end;
bad_option:
ret = DROPBEAR_FAILURE;
m_free(ses.authstate.pubkey_options);
ses.authstate.pubkey_options = NULL;
dropbear_log(LOG_WARNING, "Bad public key options at %s:%d", filename, line_num);
end:
TRACE(("leave addpubkeyoptions"))
return ret;
}
int exfat_mount(struct exfat* ef, const char* spec, const char* options)
{
int rc;
enum exfat_mode mode;
exfat_tzset();
memset(ef, 0, sizeof(struct exfat));
parse_options(ef, options);
if (match_option(options, "ro"))
mode = EXFAT_MODE_RO;
else if (match_option(options, "ro_fallback"))
mode = EXFAT_MODE_ANY;
else
mode = EXFAT_MODE_RW;
ef->dev = exfat_open(spec, mode);
if (ef->dev == NULL)
return -EIO;
if (exfat_get_mode(ef->dev) == EXFAT_MODE_RO)
{
if (mode == EXFAT_MODE_ANY)
ef->ro = -1;
else
ef->ro = 1;
}
ef->sb = malloc(sizeof(struct exfat_super_block));
if (ef->sb == NULL)
{
exfat_close(ef->dev);
exfat_error("failed to allocate memory for the super block");
return -ENOMEM;
}
memset(ef->sb, 0, sizeof(struct exfat_super_block));
if (exfat_pread(ef->dev, ef->sb, sizeof(struct exfat_super_block), 0) < 0)
{
exfat_close(ef->dev);
free(ef->sb);
exfat_error("failed to read boot sector");
return -EIO;
}
if (memcmp(ef->sb->oem_name, "EXFAT ", 8) != 0)
{
exfat_close(ef->dev);
free(ef->sb);
exfat_error("exFAT file system is not found");
return -EIO;
}
/* sector cannot be smaller than 512 bytes */
if (ef->sb->sector_bits < 9)
{
exfat_close(ef->dev);
exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits);
free(ef->sb);
return -EIO;
}
/* officially exFAT supports cluster size up to 32 MB */
if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25)
{
exfat_close(ef->dev);
exfat_error("too big cluster size: 2^(%hhd+%hhd)",
ef->sb->sector_bits, ef->sb->spc_bits);
free(ef->sb);
return -EIO;
}
ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb));
if (ef->zero_cluster == NULL)
{
exfat_close(ef->dev);
free(ef->sb);
exfat_error("failed to allocate zero sector");
return -ENOMEM;
}
/* use zero_cluster as a temporary buffer for VBR checksum verification */
if (!verify_vbr_checksum(ef->dev, ef->zero_cluster, SECTOR_SIZE(*ef->sb)))
{
free(ef->zero_cluster);
exfat_close(ef->dev);
free(ef->sb);
return -EIO;
}
memset(ef->zero_cluster, 0, CLUSTER_SIZE(*ef->sb));
if (ef->sb->version.major != 1 || ef->sb->version.minor != 0)
{
free(ef->zero_cluster);
exfat_close(ef->dev);
exfat_error("unsupported exFAT version: %hhu.%hhu",
ef->sb->version.major, ef->sb->version.minor);
free(ef->sb);
return -EIO;
}
if (ef->sb->fat_count != 1)
{
free(ef->zero_cluster);
exfat_close(ef->dev);
exfat_error("unsupported FAT count: %hhu", ef->sb->fat_count);
free(ef->sb);
return -EIO;
}
if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) >
exfat_get_size(ef->dev))
{
/* this can cause I/O errors later but we don't fail mounting to let
user rescue data */
exfat_warn("file system is larger than underlying device: "
"%"PRIu64" > %"PRIu64,
le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb),
exfat_get_size(ef->dev));
}
ef->root = malloc(sizeof(struct exfat_node));
if (ef->root == NULL)
{
free(ef->zero_cluster);
exfat_close(ef->dev);
free(ef->sb);
exfat_error("failed to allocate root node");
return -ENOMEM;
}
memset(ef->root, 0, sizeof(struct exfat_node));
ef->root->flags = EXFAT_ATTRIB_DIR;
ef->root->start_cluster = le32_to_cpu(ef->sb->rootdir_cluster);
ef->root->fptr_cluster = ef->root->start_cluster;
ef->root->name[0] = cpu_to_le16('\0');
ef->root->size = rootdir_size(ef);
if (ef->root->size == 0)
{
free(ef->root);
free(ef->zero_cluster);
exfat_close(ef->dev);
free(ef->sb);
return -EIO;
}
/* exFAT does not have time attributes for the root directory */
ef->root->mtime = 0;
ef->root->atime = 0;
/* always keep at least 1 reference to the root node */
exfat_get_node(ef->root);
rc = exfat_cache_directory(ef, ef->root);
if (rc != 0)
goto error;
if (ef->upcase == NULL)
{
exfat_error("upcase table is not found");
goto error;
}
if (ef->cmap.chunk == NULL)
{
exfat_error("clusters bitmap is not found");
goto error;
}
if (prepare_super_block(ef) != 0)
goto error;
return 0;
error:
exfat_put_node(ef, ef->root);
exfat_reset_cache(ef);
free(ef->root);
free(ef->zero_cluster);
exfat_close(ef->dev);
free(ef->sb);
return -EIO;
}
int parse_args(int argc, char **argv) {
int i;
argc--;
argv++;
if (!argc) {
printf("Invalid usage.\n\n");
displayUsage();
return -1;
}
for (i = 0; i < argc; i++) {
if (match_option("-c", "--config")) {
i++;
packager.configName = argv[i];
} else if (match_option("-e", "--extract")) {
packager.pack = 0;
} else if (match_option("-s", "--stub")) {
packager.stub = 1;
} else if (match_option("-h", "--help")) {
displayUsage();
return 1;
} else if (match_option("-i", "--info")) {
packager.pack = 0;
packager.printMeta = 1;
} else if (match_option("-k", "--sum")) {
i++;
if (strcmp(argv[i], "crc16") == 0) {
packager.sumType = SUM_CRC16;
} else if (strcmp(argv[i], "sha1") == 0) {
packager.sumType = SUM_SHA1;
} else if (strcmp(argv[i], "md5") == 0) {
packager.sumType = SUM_MD5;
} else if (strcmp(argv[i], "none") == 0) {
packager.sumType = SUM_NONE;
} else {
printf("Invalid checksum type. See kpack --help.\n");
return -1;
}
} else if (match_option("-x", "--compressor")) {
i++;
if (strcmp(argv[i], "pucrunch") == 0) {
packager.compressionType = COMPRESSION_PUCRUNCH;
} else if (strcmp(argv[i], "rle") == 0) {
packager.compressionType = COMPRESSION_RLE;
} else if (strcmp(argv[i], "none") == 0) {
packager.compressionType = COMPRESSION_NONE;
} else {
printf("Invalid compression type. See kpack --help.\n");
return -1;
}
} else if(match_option("-v", "--version")) {
printf("kpack (KnightOS) %s\n", GIT_SHORT_VERSION);
printf(COPYRIGHT);
printf(LICENSE);
return 1;
} else if (*argv[i] == '-') {
printf("Unknown option %s. See kpack --help for usage.\n", argv[i]);
return -1;
} else {
if (!packager.filename) {
packager.filename = argv[i];
} else if (!packager.rootName) {
packager.rootName = argv[i];
if (packager.rootName[strlen(packager.rootName) - 1] == '/') {
/* Remove trailing slash */
packager.rootName[strlen(packager.rootName) - 1] = 0;
}
} else {
printf("Error: unrecognized argument %s.\n", argv[i]);
return -1;
}
}
}
if (!packager.filename) {
printf("Invalid usage - no package specified. See kpack --help.\n");
return -1;
}
if (!packager.rootName && !packager.printMeta) {
/* if we are going to unpack then we need a target dir */
if(!packager.pack) {
printf("Invalid usage - no target directory specified for unpacking. See kpack --help.\n");
return -1;
}
printf("Invalid usage - no model specified. See kpack --help.\n");
}
if(!packager.printMeta && packager.pack) {
if (!packager.configName) {
packager.configName = "package.config";
}
packager.config = fopen(packager.configName, "r");
if (!packager.config) {
printf("Config file '%s' not found.\n", packager.configName);
return -1;
}
}
return 0;
}
