Re: [PATCH v4 7/7] x86/setup: prepend embedded bootconfig cmdline before parse_early_param

[sashiko-bot@kernel.org]

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [High] Embedded bootconfig parameters leak into the kernel command line when an initrd bootconfig is provided, violating the override priority and creating duplicate keys.
--

commit 9c00cec56ea23ba4a68bbf333ebf81d192d7c851
Author: Breno Leitao <leitao@debian.org>

x86/setup: prepend embedded bootconfig cmdline before parse_early_param

This commit modifies setup_arch() to fold the embedded bootconfig
"kernel" subtree into the boot_command_line early. This allows
early_param() handlers to see values supplied via the embedded
bootconfig without parsing bootconfig at runtime.

> diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
> --- a/arch/x86/kernel/setup.c
> +++ b/arch/x86/kernel/setup.c
[ ... ]
> @@ -924,6 +926,31 @@ void __init setup_arch(char **cmdline_p)
>  	builtin_cmdline_added = true;
>  #endif
>  
> +	/*
> +	 * Match the runtime bootconfig parser's opt-in: only fold the
[ ... ]
> +	 * unconditionally.
> +	 */
> +	{
> +		char buf[8];
> +
> +		if (IS_ENABLED(CONFIG_BOOT_CONFIG_FORCE) ||
> +		    cmdline_find_option_bool(boot_command_line, "bootconfig") ||
> +		    cmdline_find_option(boot_command_line, "bootconfig",
> +					buf, sizeof(buf)) >= 0)
> +			xbc_prepend_embedded_cmdline(boot_command_line,
> +						     COMMAND_LINE_SIZE);

[Severity: High]
If an initrd bootconfig is present, does prepending the embedded bootconfig
here in setup_arch() defeat the ability for the initrd bootconfig to
override it?

Because the embedded bootconfig is prepended to boot_command_line before
the initrd is checked, early parameters (like mem= or earlycon=) will only
ever see the embedded bootconfig values.

> +	}
> +
>  	strscpy(command_line, boot_command_line, COMMAND_LINE_SIZE);
>  	*cmdline_p = command_line;

> diff --git a/init/main.c b/init/main.c
> --- a/init/main.c
> +++ b/init/main.c
[ ... ]
> @@ -378,12 +378,15 @@ static void __init setup_boot_config(void)
>  	int pos, ret;
>  	size_t size;
>  	char *err;
> +	bool from_embedded = false;
>  
>  	/* Cut out the bootconfig data even if we have no bootconfig option */
>  	data = get_boot_config_from_initrd(&size);
>  	/* If there is no bootconfig in initrd, try embedded one. */
> -	if (!data)
> +	if (!data) {
>  		data = xbc_get_embedded_bootconfig(&size);
> +		from_embedded = true;
> +	}

[Severity: High]
When setup_boot_config() discovers an initrd bootconfig, data will be
non-NULL and from_embedded will be false.

Won't this lead to extra_command_line containing the initrd keys, while
boot_command_line already contains the embedded keys prepended earlier?

This seems like it would cause both sets of keys to be merged into
saved_command_line, potentially creating conflicting or duplicate
arguments. Is there a way to defer or override the embedded keys if an
initrd bootconfig is provided?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260609-bootconfig_using_tools-v4-0-73c463f03a97@debian.org?part=7