| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAFnufp2zSsESBK-ZfCJD5dFzMGc9pU4R-VT1j8eu1f4xPde19w@mail.gmail.com>
Date: Sun, 1 Nov 2020 02:57:40 +0100
From: Matteo Croce <mcroce@...ux.microsoft.com>
To: Petr Mladek <pmladek@...e.com>
Cc: linux-kernel@...r.kernel.org, Guenter Roeck <linux@...ck-us.net>,
Arnd Bergmann <arnd@...db.de>, Mike Rapoport <rppt@...nel.org>,
Kees Cook <keescook@...omium.org>,
Pavel Tatashin <pasha.tatashin@...een.com>,
Robin Holt <robinmholt@...il.com>
Subject: Re: [PATCH v2 2/2] reboot: fix parsing of reboot cpu number
On Fri, Oct 30, 2020 at 3:30 PM Petr Mladek <pmladek@...e.com> wrote:
>
> On Tue 2020-10-27 14:35:45, Matteo Croce wrote:
> > From: Matteo Croce <mcroce@...rosoft.com>
> >
> > The kernel cmdline reboot= argument allows to specify the CPU used
> > for rebooting, with the syntax `s####` among the other flags, e.g.
> >
> > reboot=soft,s4
> > reboot=warm,s31,force
> >
> > In the early days the parsing was done with simple_strtoul(), later
> > deprecated in favor of the safer kstrtoint() which handles overflow.
> >
> > But kstrtoint() returns -EINVAL if there are non-digit characters
> > in a string, so if this flag is not the last given, it's silently
> > ignored as well as the subsequent ones.
> >
> > To fix it, revert the usage of simple_strtoul(), which is no longer
> > deprecated, and restore the old behaviour.
> >
> > While at it, merge two identical code blocks into one.
>
> > --- a/kernel/reboot.c
> > +++ b/kernel/reboot.c
> > @@ -552,25 +552,19 @@ static int __init reboot_setup(char *str)
> >
> > case 's':
> > {
> > - int rc;
> > -
> > - if (isdigit(*(str+1))) {
> > - rc = kstrtoint(str+1, 0, &reboot_cpu);
> > - if (rc)
> > - return rc;
> > - if (reboot_cpu >= num_possible_cpus()) {
> > - reboot_cpu = 0;
> > - return -ERANGE;
> > - }
> > - } else if (str[1] == 'm' && str[2] == 'p' &&
> > - isdigit(*(str+3))) {
> > - rc = kstrtoint(str+3, 0, &reboot_cpu);
> > - if (rc)
> > - return rc;
> > - if (reboot_cpu >= num_possible_cpus()) {
> > - reboot_cpu = 0;
>
> ^^^^^^
>
> > + int cpu;
> > +
> > + /*
> > + * reboot_cpu is s[mp]#### with #### being the processor
> > + * to be used for rebooting. Skip 's' or 'smp' prefix.
> > + */
> > + str += str[1] == 'm' && str[2] == 'p' ? 3 : 1;
> > +
> > + if (isdigit(str[0])) {
> > + cpu = simple_strtoul(str, NULL, 0);
> > + if (cpu >= num_possible_cpus())
> > return -ERANGE;
> > - }
> > + reboot_cpu = cpu;
>
> The original value stays when the new one is out of range. It is
> small functional change that should get mentioned in the commit
> message or better fixed separately.
>
Hi,
I didn't understand, the original value is 0 since reboot_cpu is global.
reboot_setup() is only called once at boot to parse the cmdline,
indeed it's __init.
I don't know any way to call it more than once (exept passing multiple
reboot= arguments)
> Hmm, I suggest to split this into 3 patches and switch the order:
>
> + 1st patch should simply revert the commit 616feab75397
> ("kernel/reboot.c: convert simple_strtoul to kstrtoint").
>
> + 2nd patch should merge the two branches without any
> functional change.
>
> + 3rd patch should add the check for num_possible_cpus()
> and update the value only when it is valid.
>
> I am sorry that I did not suggested this when reviewed v1.
> I have missed this functional change at that time.
>
Np :)
Bye,
--
per aspera ad upstream
Powered by blists - more mailing lists