[RFC PATCH 2/2] x86/cmdline: Use strscpy to initialize boot_command_line

From: Arvind Sankar
Date: Sat Sep 05 2020 - 18:23:52 EST

Next message: Dmitry Osipenko: "Re: [PATCH v4 11/31] i2c: tegra: Factor out runtime PM and hardware initialization"
Previous message: Michał Mirosław: "Re: [PATCH v4 16/31] i2c: tegra: Remove "dma" variable from tegra_i2c_xfer_msg()"
In reply to: Arvind Sankar: "[RFC PATCH 1/2] lib/string: Disable instrumentation"
Next in thread: Randy Dunlap: "Re: [RFC PATCH 2/2] x86/cmdline: Use strscpy to initialize boot_command_line"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The x86 boot protocol requires the kernel command line to be a
NUL-terminated string of length at most COMMAND_LINE_SIZE (including the
terminating NUL). In case the bootloader messed up and the command line
is too long (hence not NUL-terminated), use strscpy to copy the command
line into boot_command_line. This ensures that boot_command_line is
NUL-terminated, and it also avoids accessing beyond the actual end of
the command line if it was properly NUL-terminated.

Note that setup_arch() will already force command_line to be
NUL-terminated by using strlcpy(), as well as boot_command_line if a
builtin command line is configured. If boot_command_line was not
initially NUL-terminated, the strlen() inside of strlcpy()/strlcat()
will run beyond boot_command_line, but this is almost certainly
harmless in practice.

Signed-off-by: Arvind Sankar <nivedita@xxxxxxxxxxxx>
---
arch/x86/kernel/head64.c | 2 +-
arch/x86/kernel/head_32.S | 11 +++++------
2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index cbb71c1b574f..740dd05b9462 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -410,7 +410,7 @@ static void __init copy_bootdata(char *real_mode_data)
cmd_line_ptr = get_cmd_line_ptr();
if (cmd_line_ptr) {
command_line = __va(cmd_line_ptr);
- memcpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
+ strscpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
}

/*
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index 7ed84c282233..2a7ced159d6b 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -102,13 +102,12 @@ SYM_CODE_START(startup_32)
cld
rep
movsl
- movl pa(boot_params) + NEW_CL_POINTER,%esi
- andl %esi,%esi
+ movl pa(boot_params) + NEW_CL_POINTER,%edx
+ testl %edx,%edx
jz 1f # No command line
- movl $pa(boot_command_line),%edi
- movl $(COMMAND_LINE_SIZE/4),%ecx
- rep
- movsl
+ movl $pa(boot_command_line),%eax
+ movl $COMMAND_LINE_SIZE,%ecx
+ call strscpy
1:

#ifdef CONFIG_OLPC
--
2.26.2

Next message: Dmitry Osipenko: "Re: [PATCH v4 11/31] i2c: tegra: Factor out runtime PM and hardware initialization"
Previous message: Michał Mirosław: "Re: [PATCH v4 16/31] i2c: tegra: Remove "dma" variable from tegra_i2c_xfer_msg()"
In reply to: Arvind Sankar: "[RFC PATCH 1/2] lib/string: Disable instrumentation"
Next in thread: Randy Dunlap: "Re: [RFC PATCH 2/2] x86/cmdline: Use strscpy to initialize boot_command_line"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]