static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void) { enum ssb_mitigation_cmd cmd = SPEC_STORE_BYPASS_CMD_AUTO; char arg[20]; int ret, i; if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) { return SPEC_STORE_BYPASS_CMD_NONE; } else { ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable", arg, sizeof(arg)); if (ret < 0) return SPEC_STORE_BYPASS_CMD_AUTO; for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) { if (!match_option(arg, ret, ssb_mitigation_options[i].option)) continue; cmd = ssb_mitigation_options[i].cmd; break; } if (i >= ARRAY_SIZE(ssb_mitigation_options)) { pr_err("unknown option (%s). Switching to AUTO select\n", arg); return SPEC_STORE_BYPASS_CMD_AUTO; } } return cmd; }
static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *matchinfo, int offset, unsigned int protoff, int *hotdrop) { const struct xt_dccp_info *info = (const struct xt_dccp_info *)matchinfo; struct dccp_hdr _dh, *dh; if (offset) return 0; dh = skb_header_pointer(skb, protoff, sizeof(_dh), &_dh); if (dh == NULL) { *hotdrop = 1; return 0; } return DCCHECK(((ntohs(dh->dccph_sport) >= info->spts[0]) && (ntohs(dh->dccph_sport) <= info->spts[1])), XT_DCCP_SRC_PORTS, info->flags, info->invflags) && DCCHECK(((ntohs(dh->dccph_dport) >= info->dpts[0]) && (ntohs(dh->dccph_dport) <= info->dpts[1])), XT_DCCP_DEST_PORTS, info->flags, info->invflags) && DCCHECK(match_types(dh, info->typemask), XT_DCCP_TYPE, info->flags, info->invflags) && DCCHECK(match_option(info->option, skb, protoff, dh, hotdrop), XT_DCCP_OPTION, info->flags, info->invflags); }
static bool dccp_mt(const struct sk_buff *skb, const struct xt_match_param *par) { const struct xt_dccp_info *info = par->matchinfo; const struct dccp_hdr *dh; struct dccp_hdr _dh; if (par->fragoff != 0) return false; dh = skb_header_pointer(skb, par->thoff, sizeof(_dh), &_dh); if (dh == NULL) { *par->hotdrop = true; return false; } return DCCHECK(ntohs(dh->dccph_sport) >= info->spts[0] && ntohs(dh->dccph_sport) <= info->spts[1], XT_DCCP_SRC_PORTS, info->flags, info->invflags) && DCCHECK(ntohs(dh->dccph_dport) >= info->dpts[0] && ntohs(dh->dccph_dport) <= info->dpts[1], XT_DCCP_DEST_PORTS, info->flags, info->invflags) && DCCHECK(match_types(dh, info->typemask), XT_DCCP_TYPE, info->flags, info->invflags) && DCCHECK(match_option(info->option, skb, par->thoff, dh, par->hotdrop), XT_DCCP_OPTION, info->flags, info->invflags); }
static void parse_options(struct exfat* ef, const char* options) { int opt_umask; opt_umask = get_int_option(options, "umask", 8, 0); ef->dmask = get_int_option(options, "dmask", 8, opt_umask); ef->fmask = get_int_option(options, "fmask", 8, opt_umask); ef->uid = get_int_option(options, "uid", 10, geteuid()); ef->gid = get_int_option(options, "gid", 10, getegid()); ef->noatime = match_option(options, "noatime"); }
static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) { char arg[20]; int ret, i; enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) return SPECTRE_V2_CMD_NONE; else { ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); if (ret < 0) return SPECTRE_V2_CMD_AUTO; for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { if (!match_option(arg, ret, mitigation_options[i].option)) continue; cmd = mitigation_options[i].cmd; break; } if (i >= ARRAY_SIZE(mitigation_options)) { pr_err("unknown option (%s). Switching to AUTO select\n", arg); return SPECTRE_V2_CMD_AUTO; } } if ((cmd == SPECTRE_V2_CMD_RETPOLINE || cmd == SPECTRE_V2_CMD_RETPOLINE_AMD || cmd == SPECTRE_V2_CMD_RETPOLINE_GENERIC) && !IS_ENABLED(CONFIG_RETPOLINE)) { pr_err("%s selected but not compiled in. Switching to AUTO select\n", mitigation_options[i].option); return SPECTRE_V2_CMD_AUTO; } if (cmd == SPECTRE_V2_CMD_RETPOLINE_AMD && boot_cpu_data.x86_vendor != X86_VENDOR_AMD) { pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n"); return SPECTRE_V2_CMD_AUTO; } if (mitigation_options[i].secure) spec2_print_if_secure(mitigation_options[i].option); else spec2_print_if_insecure(mitigation_options[i].option); return cmd; }
static const struct argp_option * find_long_option(struct parser *parser, const char *arg, struct group **p) { struct group *group; /* Partial match found so far. */ struct group *matched_group = NULL; const struct argp_option *matched_option = NULL; /* Number of partial matches: */ int num_partial = 0; for ((group = parser->groups); (group < parser->egroup); group++) { const struct argp_option *opts; for ((opts = group->argp->options); !__option_is_end(opts); opts++) { if (!opts->name) { continue; } switch (match_option(arg, opts->name)) { case MATCH_NO: break; case MATCH_PARTIAL: num_partial++; matched_group = group; matched_option = opts; break; case MATCH_EXACT: /* Exact match: */ *p = group; return opts; default: break; /* (?) */ } } } if (num_partial == 1) { *p = matched_group; return matched_option; } return NULL; }
static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) { char arg[20]; int ret; ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); if (ret > 0) { if (match_option(arg, ret, "off")) { goto disable; } else if (match_option(arg, ret, "on")) { spec2_print_if_secure("force enabled on command line."); return SPECTRE_V2_CMD_FORCE; } else if (match_option(arg, ret, "retpoline")) { spec2_print_if_insecure("retpoline selected on command line."); return SPECTRE_V2_CMD_RETPOLINE; } else if (match_option(arg, ret, "retpoline,amd")) { if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD) { pr_err("retpoline,amd selected but CPU is not AMD. Switching to AUTO select\n"); return SPECTRE_V2_CMD_AUTO; } spec2_print_if_insecure("AMD retpoline selected on command line."); return SPECTRE_V2_CMD_RETPOLINE_AMD; } else if (match_option(arg, ret, "retpoline,generic")) { spec2_print_if_insecure("generic retpoline selected on command line."); return SPECTRE_V2_CMD_RETPOLINE_GENERIC; } else if (match_option(arg, ret, "auto")) { return SPECTRE_V2_CMD_AUTO; } } if (!cmdline_find_option_bool(boot_command_line, "nospectre_v2")) return SPECTRE_V2_CMD_AUTO; disable: spec2_print_if_insecure("disabled on command line."); return SPECTRE_V2_CMD_NONE; }
/* Parse pubkey options and set ses.authstate.pubkey_options accordingly. * Returns DROPBEAR_SUCCESS if key is ok for auth, DROPBEAR_FAILURE otherwise */ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filename) { int ret = DROPBEAR_FAILURE; TRACE(("enter addpubkeyoptions")) ses.authstate.pubkey_options = (struct PubKeyOptions*)m_malloc(sizeof( struct PubKeyOptions )); buf_setpos(options_buf, 0); while (options_buf->pos < options_buf->len) { if (match_option(options_buf, "no-port-forwarding") == DROPBEAR_SUCCESS) { dropbear_log(LOG_WARNING, "Port forwarding disabled."); ses.authstate.pubkey_options->no_port_forwarding_flag = 1; goto next_option; } #ifdef ENABLE_SVR_AGENTFWD if (match_option(options_buf, "no-agent-forwarding") == DROPBEAR_SUCCESS) { dropbear_log(LOG_WARNING, "Agent forwarding disabled."); ses.authstate.pubkey_options->no_agent_forwarding_flag = 1; goto next_option; } #endif #ifdef ENABLE_X11FWD if (match_option(options_buf, "no-X11-forwarding") == DROPBEAR_SUCCESS) { dropbear_log(LOG_WARNING, "X11 forwarding disabled."); ses.authstate.pubkey_options->no_x11_forwarding_flag = 1; goto next_option; } #endif if (match_option(options_buf, "no-pty") == DROPBEAR_SUCCESS) { dropbear_log(LOG_WARNING, "Pty allocation disabled."); ses.authstate.pubkey_options->no_pty_flag = 1; goto next_option; } if (match_option(options_buf, "command=\"") == DROPBEAR_SUCCESS) { int escaped = 0; const unsigned char* command_start = buf_getptr(options_buf, 0); while (options_buf->pos < options_buf->len) { const char c = buf_getbyte(options_buf); if (!escaped && c == '"') { const int command_len = buf_getptr(options_buf, 0) - command_start; ses.authstate.pubkey_options->forced_command = m_malloc(command_len); memcpy(ses.authstate.pubkey_options->forced_command, command_start, command_len-1); ses.authstate.pubkey_options->forced_command[command_len-1] = '\0'; dropbear_log(LOG_WARNING, "Forced command '%s'", ses.authstate.pubkey_options->forced_command); goto next_option; } escaped = (!escaped && c == '\\'); } dropbear_log(LOG_WARNING, "Badly formatted command= authorized_keys option"); goto bad_option; } next_option: /* * Skip the comma, and move to the next option * (or break out if there are no more). */ if (options_buf->pos < options_buf->len && buf_getbyte(options_buf) != ',') { goto bad_option; } /* Process the next option. */ } /* parsed all options with no problem */ ret = DROPBEAR_SUCCESS; goto end; bad_option: ret = DROPBEAR_FAILURE; m_free(ses.authstate.pubkey_options); ses.authstate.pubkey_options = NULL; dropbear_log(LOG_WARNING, "Bad public key options at %s:%d", filename, line_num); end: TRACE(("leave addpubkeyoptions")) return ret; }
int exfat_mount(struct exfat* ef, const char* spec, const char* options) { int rc; enum exfat_mode mode; exfat_tzset(); memset(ef, 0, sizeof(struct exfat)); parse_options(ef, options); if (match_option(options, "ro")) mode = EXFAT_MODE_RO; else if (match_option(options, "ro_fallback")) mode = EXFAT_MODE_ANY; else mode = EXFAT_MODE_RW; ef->dev = exfat_open(spec, mode); if (ef->dev == NULL) return -EIO; if (exfat_get_mode(ef->dev) == EXFAT_MODE_RO) { if (mode == EXFAT_MODE_ANY) ef->ro = -1; else ef->ro = 1; } ef->sb = malloc(sizeof(struct exfat_super_block)); if (ef->sb == NULL) { exfat_close(ef->dev); exfat_error("failed to allocate memory for the super block"); return -ENOMEM; } memset(ef->sb, 0, sizeof(struct exfat_super_block)); if (exfat_pread(ef->dev, ef->sb, sizeof(struct exfat_super_block), 0) < 0) { exfat_close(ef->dev); free(ef->sb); exfat_error("failed to read boot sector"); return -EIO; } if (memcmp(ef->sb->oem_name, "EXFAT ", 8) != 0) { exfat_close(ef->dev); free(ef->sb); exfat_error("exFAT file system is not found"); return -EIO; } /* sector cannot be smaller than 512 bytes */ if (ef->sb->sector_bits < 9) { exfat_close(ef->dev); exfat_error("too small sector size: 2^%hhd", ef->sb->sector_bits); free(ef->sb); return -EIO; } /* officially exFAT supports cluster size up to 32 MB */ if ((int) ef->sb->sector_bits + (int) ef->sb->spc_bits > 25) { exfat_close(ef->dev); exfat_error("too big cluster size: 2^(%hhd+%hhd)", ef->sb->sector_bits, ef->sb->spc_bits); free(ef->sb); return -EIO; } ef->zero_cluster = malloc(CLUSTER_SIZE(*ef->sb)); if (ef->zero_cluster == NULL) { exfat_close(ef->dev); free(ef->sb); exfat_error("failed to allocate zero sector"); return -ENOMEM; } /* use zero_cluster as a temporary buffer for VBR checksum verification */ if (!verify_vbr_checksum(ef->dev, ef->zero_cluster, SECTOR_SIZE(*ef->sb))) { free(ef->zero_cluster); exfat_close(ef->dev); free(ef->sb); return -EIO; } memset(ef->zero_cluster, 0, CLUSTER_SIZE(*ef->sb)); if (ef->sb->version.major != 1 || ef->sb->version.minor != 0) { free(ef->zero_cluster); exfat_close(ef->dev); exfat_error("unsupported exFAT version: %hhu.%hhu", ef->sb->version.major, ef->sb->version.minor); free(ef->sb); return -EIO; } if (ef->sb->fat_count != 1) { free(ef->zero_cluster); exfat_close(ef->dev); exfat_error("unsupported FAT count: %hhu", ef->sb->fat_count); free(ef->sb); return -EIO; } if (le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb) > exfat_get_size(ef->dev)) { /* this can cause I/O errors later but we don't fail mounting to let user rescue data */ exfat_warn("file system is larger than underlying device: " "%"PRIu64" > %"PRIu64, le64_to_cpu(ef->sb->sector_count) * SECTOR_SIZE(*ef->sb), exfat_get_size(ef->dev)); } ef->root = malloc(sizeof(struct exfat_node)); if (ef->root == NULL) { free(ef->zero_cluster); exfat_close(ef->dev); free(ef->sb); exfat_error("failed to allocate root node"); return -ENOMEM; } memset(ef->root, 0, sizeof(struct exfat_node)); ef->root->flags = EXFAT_ATTRIB_DIR; ef->root->start_cluster = le32_to_cpu(ef->sb->rootdir_cluster); ef->root->fptr_cluster = ef->root->start_cluster; ef->root->name[0] = cpu_to_le16('\0'); ef->root->size = rootdir_size(ef); if (ef->root->size == 0) { free(ef->root); free(ef->zero_cluster); exfat_close(ef->dev); free(ef->sb); return -EIO; } /* exFAT does not have time attributes for the root directory */ ef->root->mtime = 0; ef->root->atime = 0; /* always keep at least 1 reference to the root node */ exfat_get_node(ef->root); rc = exfat_cache_directory(ef, ef->root); if (rc != 0) goto error; if (ef->upcase == NULL) { exfat_error("upcase table is not found"); goto error; } if (ef->cmap.chunk == NULL) { exfat_error("clusters bitmap is not found"); goto error; } if (prepare_super_block(ef) != 0) goto error; return 0; error: exfat_put_node(ef, ef->root); exfat_reset_cache(ef); free(ef->root); free(ef->zero_cluster); exfat_close(ef->dev); free(ef->sb); return -EIO; }
int parse_args(int argc, char **argv) { int i; argc--; argv++; if (!argc) { printf("Invalid usage.\n\n"); displayUsage(); return -1; } for (i = 0; i < argc; i++) { if (match_option("-c", "--config")) { i++; packager.configName = argv[i]; } else if (match_option("-e", "--extract")) { packager.pack = 0; } else if (match_option("-s", "--stub")) { packager.stub = 1; } else if (match_option("-h", "--help")) { displayUsage(); return 1; } else if (match_option("-i", "--info")) { packager.pack = 0; packager.printMeta = 1; } else if (match_option("-k", "--sum")) { i++; if (strcmp(argv[i], "crc16") == 0) { packager.sumType = SUM_CRC16; } else if (strcmp(argv[i], "sha1") == 0) { packager.sumType = SUM_SHA1; } else if (strcmp(argv[i], "md5") == 0) { packager.sumType = SUM_MD5; } else if (strcmp(argv[i], "none") == 0) { packager.sumType = SUM_NONE; } else { printf("Invalid checksum type. See kpack --help.\n"); return -1; } } else if (match_option("-x", "--compressor")) { i++; if (strcmp(argv[i], "pucrunch") == 0) { packager.compressionType = COMPRESSION_PUCRUNCH; } else if (strcmp(argv[i], "rle") == 0) { packager.compressionType = COMPRESSION_RLE; } else if (strcmp(argv[i], "none") == 0) { packager.compressionType = COMPRESSION_NONE; } else { printf("Invalid compression type. See kpack --help.\n"); return -1; } } else if(match_option("-v", "--version")) { printf("kpack (KnightOS) %s\n", GIT_SHORT_VERSION); printf(COPYRIGHT); printf(LICENSE); return 1; } else if (*argv[i] == '-') { printf("Unknown option %s. See kpack --help for usage.\n", argv[i]); return -1; } else { if (!packager.filename) { packager.filename = argv[i]; } else if (!packager.rootName) { packager.rootName = argv[i]; if (packager.rootName[strlen(packager.rootName) - 1] == '/') { /* Remove trailing slash */ packager.rootName[strlen(packager.rootName) - 1] = 0; } } else { printf("Error: unrecognized argument %s.\n", argv[i]); return -1; } } } if (!packager.filename) { printf("Invalid usage - no package specified. See kpack --help.\n"); return -1; } if (!packager.rootName && !packager.printMeta) { /* if we are going to unpack then we need a target dir */ if(!packager.pack) { printf("Invalid usage - no target directory specified for unpacking. See kpack --help.\n"); return -1; } printf("Invalid usage - no model specified. See kpack --help.\n"); } if(!packager.printMeta && packager.pack) { if (!packager.configName) { packager.configName = "package.config"; } packager.config = fopen(packager.configName, "r"); if (!packager.config) { printf("Config file '%s' not found.\n", packager.configName); return -1; } } return 0; }