[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200905231644.GA1506363@rani.riverdale.lan>
Date: Sat, 5 Sep 2020 19:16:44 -0400
From: Arvind Sankar <nivedita@...m.mit.edu>
To: Randy Dunlap <rdunlap@...radead.org>
Cc: Arvind Sankar <nivedita@...m.mit.edu>, x86@...nel.org,
kasan-dev@...glegroups.com, Kees Cook <keescook@...omium.org>,
linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH 2/2] x86/cmdline: Use strscpy to initialize
boot_command_line
On Sat, Sep 05, 2020 at 03:59:04PM -0700, Randy Dunlap wrote:
> On 9/5/20 3:23 PM, Arvind Sankar wrote:
> > The x86 boot protocol requires the kernel command line to be a
> > NUL-terminated string of length at most COMMAND_LINE_SIZE (including the
> > terminating NUL). In case the bootloader messed up and the command line
> > is too long (hence not NUL-terminated), use strscpy to copy the command
> > line into boot_command_line. This ensures that boot_command_line is
> > NUL-terminated, and it also avoids accessing beyond the actual end of
> > the command line if it was properly NUL-terminated.
> >
> > Note that setup_arch() will already force command_line to be
> > NUL-terminated by using strlcpy(), as well as boot_command_line if a
> > builtin command line is configured. If boot_command_line was not
> > initially NUL-terminated, the strlen() inside of strlcpy()/strlcat()
> > will run beyond boot_command_line, but this is almost certainly
> > harmless in practice.
> >
> > Signed-off-by: Arvind Sankar <nivedita@...m.mit.edu>
>
> Hi,
> Just for my enlightenment, what would be wrong with:
>
> (which is done in arch/m68/kernel/setup_no.c)
>
> > ---
> > arch/x86/kernel/head64.c | 2 +-
> > arch/x86/kernel/head_32.S | 11 +++++------
> > 2 files changed, 6 insertions(+), 7 deletions(-)
> >
> > diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
> > index cbb71c1b574f..740dd05b9462 100644
> > --- a/arch/x86/kernel/head64.c
> > +++ b/arch/x86/kernel/head64.c
> > @@ -410,7 +410,7 @@ static void __init copy_bootdata(char *real_mode_data)
> > cmd_line_ptr = get_cmd_line_ptr();
> > if (cmd_line_ptr) {
> > command_line = __va(cmd_line_ptr);
> > memcpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
> > + boot_command_line[COMMAND_LINE_SIZE - 1] = 0;
> > }
> >
> > /*
>
>
> thanks.
> --
> ~Randy
>
That still accesses beyond the end of the bootloader's command line,
which could theoretically be a bad thing: eg the EFI stub only allocates
enough space for the actual length of the command line, rather than the
full COMMAND_LINE_SIZE. But yeah, that was my first version of this
patch.
> > NUL-terminated, and it also avoids accessing beyond the actual end of
> > the command line if it was properly NUL-terminated.
Powered by blists - more mailing lists