From: Andrew Cooper <andrew.cooper3@citrix.com>
To: "xen-de >> \"xen-devel@lists.xen.org\"" <xen-devel@lists.xen.org>,
Keir Fraser <keir@xen.org>, Jan Beulich <jbeulich@suse.com>,
Ian Campbell <Ian.Campbell@eu.citrix.com>
Subject: xen: Fix off-by-one error when parsing command line arguments
Date: Mon, 2 Jul 2012 13:52:49 +0100 [thread overview]
Message-ID: <4FF199A1.8080706@citrix.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 261 bytes --]
This is a bug which is present in at least unstable and 4.1, so should
be considered for 4.2, as well as being considered for backport to older
versions.
--
Andrew Cooper - Dom0 Kernel Engineer, Citrix XenServer
T: +44 (0)1223 225 900, http://www.citrix.com
[-- Attachment #2: xen-fix-cmdline-parsing.patch --]
[-- Type: text/x-patch, Size: 1239 bytes --]
# HG changeset patch
# Parent 4f92bdf3370c4fe5ed0f00cdeaf8156e4818ecb5
xen: Fix off-by-one error when parsing command line arguments
As Xen currently stands, it will attempt to interpret the first few bytes of the
initcall section as a struct kernel_param.
This can be verified as
for ( param = &__setup_start; param <= &__setup_end; param++ )
{
+ if ( (unsigned long)param == (unsigned long)&__initcall_start )
+ BUG();
causes Xen to BUG() during early boot.
The reason that this not caused problems is because in the overflow case,
param->name is actually a function pointer to the first initcall, and
intepreting it as string is very unlikely to match an ASCII command line
parameter name.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
diff -r 4f92bdf3370c xen/common/kernel.c
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -90,7 +90,7 @@ void __init cmdline_parse(const char *cm
if ( !bool_assert )
optkey += 3;
- for ( param = &__setup_start; param <= &__setup_end; param++ )
+ for ( param = &__setup_start; param < &__setup_end; param++ )
{
if ( strcmp(param->name, optkey) )
continue;
[-- Attachment #3: Type: text/plain, Size: 126 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next reply other threads:[~2012-07-02 12:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-02 12:52 Andrew Cooper [this message]
2012-07-03 9:34 ` xen: Fix off-by-one error when parsing command line arguments Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4FF199A1.8080706@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Ian.Campbell@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.