From: Rask Ingemann Lambertsen <rask@formelder.dk>
To: Richard Genoud <richard.genoud@gmail.com>
Cc: Russell King <linux@armlinux.org.uk>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH] ARM: zImage: Fix stack overflow in merge_fdt_bootargs()
Date: Tue, 18 Jul 2017 23:40:22 +0200 [thread overview]
Message-ID: <20170718214022.znbme3ipirwtnuvn@localhost> (raw)
In-Reply-To: <74e55919-5378-1412-5c20-aae9db56495f@gmail.com>
On Tue, Jul 18, 2017 at 09:39:10AM +0200, Richard Genoud wrote:
> On 16/07/2017 23:43, Rask Ingemann Lambertsen wrote:
[snip]
> > +/* This is called early on from head.S, so it can't use much stack. */
> > +static void merge_fdt_bootargs(void *fdt, const char *atag_cmdline)
> > +{
> > + char *fdt_bootargs;
> > + int len = 0;
> > +
> > + /* With no ATAG command line or an empty one, there is nothing to do. */
> > + if (!atag_cmdline || strlen(atag_cmdline) == 0)
> > + return;
> > +
> > + fdt_bootargs = getprop_w(fdt, "/chosen", "bootargs", &len);
> > +
> > + /* With no FDT command line or an empty one, just use the ATAG one. */
> > + if (!fdt_bootargs || len <= 1) {
> > + setprop_string(fdt, "/chosen", "bootargs", atag_cmdline);
> > + return;
> > + }
> > + fdt_bootargs[len - 1] = ' ';
> > + appendprop_string(fdt, "/chosen", "bootargs", atag_cmdline);
> Let's say appendprop_string() fails for whatever reason, the /chosen
> string won't be null terminated anymore.
Good catch, I will fix that. Thank you for your review.
> Won't it cause some problems ?
It's OK at the moment because the last character of the "bootargs" property
is not used. This is the code from early_init_dt_scan_chosen() in
drivers/of/fdt.c:
/* Retrieve command line */
p = of_get_flat_dt_prop(node, "bootargs", &l);
if (p != NULL && l > 0)
strlcpy(data, p, min((int)l, COMMAND_LINE_SIZE));
But not all accesses are that careful. I found get_cmdline() in
arch/arm64/kernel/kaslr.c using
prop = fdt_getprop(fdt, node, "bootargs", NULL);
so there is an expectation that the string is NUL terminated.
--
Rask Ingemann Lambertsen
next prev parent reply other threads:[~2017-07-18 21:40 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-16 21:43 [PATCH] ARM: zImage: Fix stack overflow in merge_fdt_bootargs() Rask Ingemann Lambertsen
2017-07-18 7:39 ` Richard Genoud
2017-07-18 21:40 ` Rask Ingemann Lambertsen [this message]
2017-07-19 8:15 ` [v4.13 regression] " Pavel Machek
2017-07-19 8:47 ` Sebastian Reichel
2017-07-19 9:12 ` Sebastian Reichel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170718214022.znbme3ipirwtnuvn@localhost \
--to=rask@formelder.dk \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=richard.genoud@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox