lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1810021241000.32062@nanos.tec.linutronix.de>
Date:   Tue, 2 Oct 2018 12:44:36 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Feng Tang <feng.tang@...el.com>
cc:     Borislav Petkov <bp@...en8.de>, Ingo Molnar <mingo@...nel.org>,
        H Peter Anvin <hpa@...ux.intel.com>,
        Peter Zijlstra <peterz@...radead.org>,
        "Stuart R . Anderson" <stuart.r.anderson@...el.com>,
        alan@...ux.intel.com, x86@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86/earlyprintk: Add a force option for pciserial
 device

On Tue, 2 Oct 2018, Feng Tang wrote:
> On Tue, Oct 02, 2018 at 11:17:57AM +0200, Thomas Gleixner wrote:
> > On Tue, 2 Oct 2018, Feng Tang wrote:
> > 
> > > Hi Boris,
> > > 
> > > On Mon, Oct 01, 2018 at 10:30:04PM +0200, Borislav Petkov wrote:
> > > > On Mon, Oct 01, 2018 at 10:18:10PM +0800, Feng Tang wrote:
> > > > > As I rechecked, the baud rate for pciserial is optional, so there may
> > > > > be no ",baudrate" following the "force". So this 2 strncmp is to
> > > > > cover conditions for with and without baudrate.
> > > > 
> > > > And what guarantees you have a space after the "force"?
> > > > 
> > > > 	!strncmp(s, "force ", 6)
> > > > 			  ^
> > > 
> > > You are right, it can't be guranteed. Can we still use strncmp(s, "force", 5)
> > > and rely on developer to set it right? any suggestions? thanks,
> > 
> > I don't know why you want strncmp() in the first place. "force" is null
> > terminated already.
> 
> Current code uses: 
> 	earlyprintk=pciserial,bus:device.function[,baudrate]
> with the patch, it will be:
> 	earlyprintk=pciserial,bus:device.function[,force][,baudrate]
> 
> So the force could be followed by ",baudrate".

Sure, but that has nothing to do with strncmp(). The earlyprintk argument
string is tokenized by commata. It really does not matter where the 'force'
string is, but it matters that you check whether it is 'force' and not
'force$RANDOMCHARACTERS'. That's why strncmp() is the wrong thing to do,
because it only compares the first 5 characters and ignores anything
beyond, unless you make sure that the command line part is exactly 5
characters long.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ