releases/3.2.98/x86-boot-simplify-early-command-line-parsing.patch - pub/scm/linux/kernel/git/bwh/linux-stable-queue - Git at Google

 From: Dave Hansen <dave.hansen@linux.intel.com>
 Date: Tue, 22 Dec 2015 14:52:41 -0800
 Subject: x86/boot: Simplify early command line parsing

 commit 4de07ea481361b08fe13735004dafae862482d38 upstream.

 __cmdline_find_option_bool() tries to account for both NULL-terminated
 and non-NULL-terminated strings. It keeps 'pos' to look for the end of
 the buffer and also looks for '!c' in a bunch of places to look for NULL
 termination.

 But, it also calls strlen(). You can't call strlen on a
 non-NULL-terminated string.

 If !strlen(cmdline), then cmdline[0]=='\0'. In that case, we will go in
 to the while() loop, set c='\0', hit st_wordstart, notice !c, and will
 immediately return 0.

 So, remove the strlen().  It is unnecessary and unsafe.

 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
 Signed-off-by: Borislav Petkov <bp@suse.de>
 Cc: Andy Lutomirski <luto@amacapital.net>
 Cc: Borislav Petkov <bp@alien8.de>
 Cc: Brian Gerst <brgerst@gmail.com>
 Cc: Denys Vlasenko <dvlasenk@redhat.com>
 Cc: H. Peter Anvin <hpa@zytor.com>
 Cc: Linus Torvalds <torvalds@linux-foundation.org>
 Cc: Peter Zijlstra <peterz@infradead.org>
 Cc: Thomas Gleixner <tglx@linutronix.de>
 Cc: fenghua.yu@intel.com
 Cc: yu-cheng.yu@intel.com
 Link: http://lkml.kernel.org/r/20151222225241.15365E43@viggo.jf.intel.com
 Signed-off-by: Ingo Molnar <mingo@kernel.org>
 Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 ---
  arch/x86/lib/cmdline.c | 3 ---
  1 file changed, 3 deletions(-)

 diff --git a/arch/x86/lib/cmdline.c b/arch/x86/lib/cmdline.c
 index ff8d1beead6c..945a639c02dd 100644
 --- a/arch/x86/lib/cmdline.c
 +++ b/arch/x86/lib/cmdline.c
 @@ -39,9 +39,6 @@ int cmdline_find_option_bool(const char *cmdline, const char *option)
  	if (!cmdline)
  		return -1;      /* No command line */

 -	if (!strlen(cmdline))
 -		return 0;
 -
  	/*
  	 * This 'pos' check ensures we do not overrun
  	 * a non-NULL-terminated 'cmdline'
	From: Dave Hansen <dave.hansen@linux.intel.com>
	Date: Tue, 22 Dec 2015 14:52:41 -0800
	Subject: x86/boot: Simplify early command line parsing

	commit 4de07ea481361b08fe13735004dafae862482d38 upstream.

	__cmdline_find_option_bool() tries to account for both NULL-terminated
	and non-NULL-terminated strings. It keeps 'pos' to look for the end of
	the buffer and also looks for '!c' in a bunch of places to look for NULL
	termination.

	But, it also calls strlen(). You can't call strlen on a
	non-NULL-terminated string.

	If !strlen(cmdline), then cmdline[0]=='\0'. In that case, we will go in
	to the while() loop, set c='\0', hit st_wordstart, notice !c, and will
	immediately return 0.

	So, remove the strlen(). It is unnecessary and unsafe.

	Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
	Signed-off-by: Borislav Petkov <bp@suse.de>
	Cc: Andy Lutomirski <luto@amacapital.net>
	Cc: Borislav Petkov <bp@alien8.de>
	Cc: Brian Gerst <brgerst@gmail.com>
	Cc: Denys Vlasenko <dvlasenk@redhat.com>
	Cc: H. Peter Anvin <hpa@zytor.com>
	Cc: Linus Torvalds <torvalds@linux-foundation.org>
	Cc: Peter Zijlstra <peterz@infradead.org>
	Cc: Thomas Gleixner <tglx@linutronix.de>
	Cc: fenghua.yu@intel.com
	Cc: yu-cheng.yu@intel.com
	Link: http://lkml.kernel.org/r/20151222225241.15365E43@viggo.jf.intel.com
	Signed-off-by: Ingo Molnar <mingo@kernel.org>
	Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
	---
	arch/x86/lib/cmdline.c \| 3 ---
	1 file changed, 3 deletions(-)

	diff --git a/arch/x86/lib/cmdline.c b/arch/x86/lib/cmdline.c
	index ff8d1beead6c..945a639c02dd 100644
	--- a/arch/x86/lib/cmdline.c
	+++ b/arch/x86/lib/cmdline.c
	@@ -39,9 +39,6 @@ int cmdline_find_option_bool(const char cmdline, const char option)
	if (!cmdline)
	return -1; /* No command line */

	- if (!strlen(cmdline))
	- return 0;
	-
	/*
	* This 'pos' check ensures we do not overrun
	* a non-NULL-terminated 'cmdline'