From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
To: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Yuntao Wang <ytcoode@gmail.com>,
linux-kernel@vger.kernel.org,
Thomas Gleixner <tglx@linutronix.de>,
Andrew Morton <akpm@linux-foundation.org>,
"ndesaulniers@google.com" <ndesaulniers@google.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Tejun Heo <tj@kernel.org>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Krister Johansen <kjlx@templeofstupid.com>,
Arnd Bergmann <arnd@arndb.de>, Mike Rapoport <rppt@kernel.org>,
Masami Hiramatsu <mhiramat@kernel.org>
Subject: Re: [PATCH] init/main.c: Fix potential static_command_line memory overflow
Date: Thu, 11 Apr 2024 23:29:01 +0900 [thread overview]
Message-ID: <20240411232901.2c0aaa13f790d0ef97e484cd@kernel.org> (raw)
In-Reply-To: <CAMuHMdULF9KemeFkv09s3b9T8Ka-AkC8A8-pc_FpdXnjrOjwgQ@mail.gmail.com>
On Thu, 11 Apr 2024 09:23:47 +0200
Geert Uytterhoeven <geert@linux-m68k.org> wrote:
> CC Hiramatsu-san
>
> On Thu, Apr 11, 2024 at 5:25 AM Yuntao Wang <ytcoode@gmail.com> wrote:
> > We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for
> > static_command_line, but the strings copied into static_command_line are
> > extra_command_line and command_line, rather than extra_command_line and
> > boot_command_line.
> >
> > When strlen(command_line) > strlen(boot_command_line), static_command_line
> > will overflow.
Hi Yuntao,
OK, but this is not a good way to fix.
We should introduce "slen = strlen(command_line) + xlen + 1" and use it for
allocating static_command_line.
> >
> > Fixes: f5c7310ac73e ("init/main: add checks for the return value of memblock_alloc*()")
As Mike pointed, this is not the best commit.
Fixes: 51887d03aca1 ("bootconfig: init: Allow admin to use bootconfig for kernel command line")
Thank you,
> > Signed-off-by: Yuntao Wang <ytcoode@gmail.com>
> > ---
> > init/main.c | 8 +++++---
> > 1 file changed, 5 insertions(+), 3 deletions(-)
> >
> > diff --git a/init/main.c b/init/main.c
> > index 2ca52474d0c3..a7b1f5f3e3b6 100644
> > --- a/init/main.c
> > +++ b/init/main.c
> > @@ -625,11 +625,13 @@ static void __init setup_command_line(char *command_line)
> > if (extra_init_args)
> > ilen = strlen(extra_init_args) + 4; /* for " -- " */
> >
> > - len = xlen + strlen(boot_command_line) + 1;
> > + len = xlen + strlen(boot_command_line) + ilen + 1;
> >
> > - saved_command_line = memblock_alloc(len + ilen, SMP_CACHE_BYTES);
> > + saved_command_line = memblock_alloc(len, SMP_CACHE_BYTES);
> > if (!saved_command_line)
> > - panic("%s: Failed to allocate %zu bytes\n", __func__, len + ilen);
> > + panic("%s: Failed to allocate %zu bytes\n", __func__, len);
> > +
> > + len = xlen + strlen(command_line) + 1;
> >
> > static_command_line = memblock_alloc(len, SMP_CACHE_BYTES);
> > if (!static_command_line)
>
> Gr{oetje,eeting}s,
>
> Geert
>
> --
> Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68korg
>
> In personal conversations with technical people, I call myself a hacker. But
> when I'm talking to journalists I just say "programmer" or something like that.
> -- Linus Torvalds
>
--
Masami Hiramatsu (Google) <mhiramat@kernel.org>
next prev parent reply other threads:[~2024-04-11 14:29 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-11 3:21 [PATCH] init/main.c: Fix potential static_command_line memory overflow Yuntao Wang
2024-04-11 7:23 ` Geert Uytterhoeven
2024-04-11 13:21 ` Mike Rapoport
2024-04-11 14:27 ` Yuntao Wang
2024-04-11 15:08 ` Masami Hiramatsu
2024-04-11 15:47 ` Yuntao Wang
2024-04-12 3:51 ` Yuntao Wang
2024-04-12 5:15 ` Masami Hiramatsu
2024-04-12 8:17 ` [PATCH v2 0/2] " Yuntao Wang
2024-04-12 8:17 ` [PATCH v2 1/2] init/main.c: " Yuntao Wang
2024-04-12 8:17 ` [PATCH v2 2/2] init/main.c: Minor cleanup for the setup_command_line() function Yuntao Wang
2024-04-12 15:58 ` [PATCH v2 0/2] Fix potential static_command_line memory overflow Masami Hiramatsu
2024-04-11 14:29 ` Masami Hiramatsu [this message]
2024-04-11 14:59 ` [PATCH] init/main.c: " Yuntao Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240411232901.2c0aaa13f790d0ef97e484cd@kernel.org \
--to=mhiramat@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=christophe.leroy@csgroup.eu \
--cc=geert@linux-m68k.org \
--cc=jpoimboe@kernel.org \
--cc=kjlx@templeofstupid.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ndesaulniers@google.com \
--cc=peterz@infradead.org \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=ytcoode@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.