[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] PING ARM [PATCH v2] xen/cmdline: Fix buggy strncmp(s, LITERAL, ss - s) construct
There are ARM changes in here, and this bugfix is needed for 4.12, and for backporting. The one change not represented here is switching strncmp() with memcmp() as recommended by Jan. ~Andrew On 04/01/2019 17:17, Andrew Cooper wrote: > When the command line parsing was updated to use const strings and no longer > tokenise with NUL characters, string matches could no longer be made with > strcmp(). > > Unfortunately, the replacement was buggy. strncmp(s, "opt", ss - s) matches > "o", "op" and "opt" on the command line, as ss - s may be shorter than the > passed literal. Furthermore, parse_bool() is affected by this, so substrings > such as "d", "e" and "o" are considered valid, with the latter being ambiguous > between "on" and "off". > > Introduce a new strcmp-like function for the task, which looks for exact > string matches, but declares success when the NUL of the literal matches a > comma, colon or semicolon in the command line fragment. > > No change to the intended parsing functionality, but fixes cases where a > partial string on the command line will inadvertently trigger options. > > A few areas were more than just a trivial change: > > * fdt_add_uefi_nodes(), while not command line parsing, had the same broken > strncmp() pattern. As a fix, perform an explicit length check first. > * parse_irq_vector_map_param() gained some style corrections. > * parse_vpmu_params() was rewritten to use the normal list-of-options form, > rather than just fixing up parse_vpmu_param() and leaving the parsing being > hard to follow. > * Instead of making the trivial fix of adding an explicit length check in > parse_bool(), use the length to select which token to we search for, which > is more efficient than the previous linear search over all possible tokens. > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > --- > CC: Jan Beulich <JBeulich@xxxxxxxx> > CC: Wei Liu <wei.liu2@xxxxxxxxxx> > CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> > CC: Stefano Stabellini <sstabellini@xxxxxxxxxx> > CC: Julien Grall <julien.grall@xxxxxxx> > > v2: > * Fix inverted check in parse_bool() for "no". Drop extranious else's. > * Fix cmdline_strcmp() to not have implementation defined results. > --- > xen/arch/arm/cpuerrata.c | 6 +-- > xen/arch/arm/efi/efi-boot.h | 2 +- > xen/arch/x86/cpu/vpmu.c | 49 ++++++++-------------- > xen/arch/x86/irq.c | 12 +++--- > xen/arch/x86/psr.c | 4 +- > xen/arch/x86/spec_ctrl.c | 6 +-- > xen/arch/x86/x86_64/mmconfig-shared.c | 4 +- > xen/common/efi/boot.c | 4 +- > xen/common/kernel.c | 79 > ++++++++++++++++++++++++++++------- > xen/drivers/cpufreq/cpufreq.c | 6 +-- > xen/drivers/passthrough/iommu.c | 28 ++++++------- > xen/drivers/passthrough/pci.c | 4 +- > xen/include/xen/lib.h | 7 ++++ > 13 files changed, 125 insertions(+), 86 deletions(-) > > diff --git a/xen/arch/arm/cpuerrata.c b/xen/arch/arm/cpuerrata.c > index adf88e7..f4815ca 100644 > --- a/xen/arch/arm/cpuerrata.c > +++ b/xen/arch/arm/cpuerrata.c > @@ -257,11 +257,11 @@ static int __init parse_spec_ctrl(const char *s) > { > s += 5; > > - if ( !strncmp(s, "force-disable", ss - s) ) > + if ( !cmdline_strcmp(s, "force-disable") ) > ssbd_state = ARM_SSBD_FORCE_DISABLE; > - else if ( !strncmp(s, "runtime", ss - s) ) > + else if ( !cmdline_strcmp(s, "runtime") ) > ssbd_state = ARM_SSBD_RUNTIME; > - else if ( !strncmp(s, "force-enable", ss - s) ) > + else if ( !cmdline_strcmp(s, "force-enable") ) > ssbd_state = ARM_SSBD_FORCE_ENABLE; > else > rc = -EINVAL; > diff --git a/xen/arch/arm/efi/efi-boot.h b/xen/arch/arm/efi/efi-boot.h > index ca655ff..22a86ec 100644 > --- a/xen/arch/arm/efi/efi-boot.h > +++ b/xen/arch/arm/efi/efi-boot.h > @@ -212,7 +212,7 @@ EFI_STATUS __init fdt_add_uefi_nodes(EFI_SYSTEM_TABLE > *sys_table, > break; > > type = fdt_getprop(fdt, node, "device_type", &len); > - if ( type && strncmp(type, "memory", len) == 0 ) > + if ( type && len == 6 && strncmp(type, "memory", 6) == 0 ) > { > fdt_del_node(fdt, node); > continue; > diff --git a/xen/arch/x86/cpu/vpmu.c b/xen/arch/x86/cpu/vpmu.c > index 8a4f753..13da7d0 100644 > --- a/xen/arch/x86/cpu/vpmu.c > +++ b/xen/arch/x86/cpu/vpmu.c > @@ -61,42 +61,31 @@ static unsigned vpmu_count; > > static DEFINE_PER_CPU(struct vcpu *, last_vcpu); > > -static int parse_vpmu_param(const char *s, unsigned int len) > -{ > - if ( !*s || !len ) > - return 0; > - if ( !strncmp(s, "bts", len) ) > - vpmu_features |= XENPMU_FEATURE_INTEL_BTS; > - else if ( !strncmp(s, "ipc", len) ) > - vpmu_features |= XENPMU_FEATURE_IPC_ONLY; > - else if ( !strncmp(s, "arch", len) ) > - vpmu_features |= XENPMU_FEATURE_ARCH_ONLY; > - else > - return 1; > - return 0; > -} > - > static int __init parse_vpmu_params(const char *s) > { > - const char *sep, *p = s; > + const char *ss; > > switch ( parse_bool(s, NULL) ) > { > case 0: > break; > default: > - for ( ; ; ) > - { > - sep = strchr(p, ','); > - if ( sep == NULL ) > - sep = strchr(p, 0); > - if ( parse_vpmu_param(p, sep - p) ) > - goto error; > - if ( !*sep ) > - /* reached end of flags */ > - break; > - p = sep + 1; > - } > + do { > + ss = strchr(s, ','); > + if ( !ss ) > + ss = strchr(s, '\0'); > + > + if ( !cmdline_strcmp(s, "bts") ) > + vpmu_features |= XENPMU_FEATURE_INTEL_BTS; > + else if ( !cmdline_strcmp(s, "ipc") ) > + vpmu_features |= XENPMU_FEATURE_IPC_ONLY; > + else if ( !cmdline_strcmp(s, "arch") ) > + vpmu_features |= XENPMU_FEATURE_ARCH_ONLY; > + else > + return -EINVAL; > + > + s = ss + 1; > + } while ( *ss ); > /* fall through */ > case 1: > /* Default VPMU mode */ > @@ -105,10 +94,6 @@ static int __init parse_vpmu_params(const char *s) > break; > } > return 0; > - > - error: > - printk("VPMU: unknown flags: %s - vpmu disabled!\n", s); > - return -EINVAL; > } > > void vpmu_lvtpc_update(uint32_t val) > diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c > index 8b44d6c..23b4f42 100644 > --- a/xen/arch/x86/irq.c > +++ b/xen/arch/x86/irq.c > @@ -70,12 +70,12 @@ static int __init parse_irq_vector_map_param(const char > *s) > if ( !ss ) > ss = strchr(s, '\0'); > > - if ( !strncmp(s, "none", ss - s)) > - opt_irq_vector_map=OPT_IRQ_VECTOR_MAP_NONE; > - else if ( !strncmp(s, "global", ss - s)) > - opt_irq_vector_map=OPT_IRQ_VECTOR_MAP_GLOBAL; > - else if ( !strncmp(s, "per-device", ss - s)) > - opt_irq_vector_map=OPT_IRQ_VECTOR_MAP_PERDEV; > + if ( !cmdline_strcmp(s, "none") ) > + opt_irq_vector_map = OPT_IRQ_VECTOR_MAP_NONE; > + else if ( !cmdline_strcmp(s, "global") ) > + opt_irq_vector_map = OPT_IRQ_VECTOR_MAP_GLOBAL; > + else if ( !cmdline_strcmp(s, "per-device") ) > + opt_irq_vector_map = OPT_IRQ_VECTOR_MAP_PERDEV; > else > rc = -EINVAL; > > diff --git a/xen/arch/x86/psr.c b/xen/arch/x86/psr.c > index 0ba8ef8..5866a26 100644 > --- a/xen/arch/x86/psr.c > +++ b/xen/arch/x86/psr.c > @@ -591,13 +591,13 @@ static int __init parse_psr_param(const char *s) > if ( val_delim > ss ) > val_delim = ss; > > - if ( *val_delim && !strncmp(s, "rmid_max", val_delim - s) ) > + if ( *val_delim && !cmdline_strcmp(s, "rmid_max") ) > { > opt_rmid_max = simple_strtoul(val_delim + 1, &q, 0); > if ( *q && *q != ',' ) > rc = -EINVAL; > } > - else if ( *val_delim && !strncmp(s, "cos_max", val_delim - s) ) > + else if ( *val_delim && !cmdline_strcmp(s, "cos_max") ) > { > opt_cos_max = simple_strtoul(val_delim + 1, &q, 0); > if ( *q && *q != ',' ) > diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c > index a36bcef..ad72ecd 100644 > --- a/xen/arch/x86/spec_ctrl.c > +++ b/xen/arch/x86/spec_ctrl.c > @@ -138,11 +138,11 @@ static int __init parse_spec_ctrl(const char *s) > { > s += 10; > > - if ( !strncmp(s, "retpoline", ss - s) ) > + if ( !cmdline_strcmp(s, "retpoline") ) > opt_thunk = THUNK_RETPOLINE; > - else if ( !strncmp(s, "lfence", ss - s) ) > + else if ( !cmdline_strcmp(s, "lfence") ) > opt_thunk = THUNK_LFENCE; > - else if ( !strncmp(s, "jmp", ss - s) ) > + else if ( !cmdline_strcmp(s, "jmp") ) > opt_thunk = THUNK_JMP; > else > rc = -EINVAL; > diff --git a/xen/arch/x86/x86_64/mmconfig-shared.c > b/xen/arch/x86/x86_64/mmconfig-shared.c > index 8675dbd..9e1c81d 100644 > --- a/xen/arch/x86/x86_64/mmconfig-shared.c > +++ b/xen/arch/x86/x86_64/mmconfig-shared.c > @@ -46,8 +46,8 @@ static int __init parse_mmcfg(const char *s) > case 1: > break; > default: > - if ( !strncmp(s, "amd_fam10", ss - s) || > - !strncmp(s, "amd-fam10", ss - s) ) > + if ( !cmdline_strcmp(s, "amd_fam10") || > + !cmdline_strcmp(s, "amd-fam10") ) > pci_probe |= PCI_CHECK_ENABLE_AMD_MMCONF; > else > rc = -EINVAL; > diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c > index 2ed5403..1e1a551 100644 > --- a/xen/common/efi/boot.c > +++ b/xen/common/efi/boot.c > @@ -1401,14 +1401,14 @@ static int __init parse_efi_param(const char *s) > if ( !ss ) > ss = strchr(s, '\0'); > > - if ( !strncmp(s, "rs", ss - s) ) > + if ( !cmdline_strcmp(s, "rs") ) > { > if ( val ) > __set_bit(EFI_RS, &efi_flags); > else > __clear_bit(EFI_RS, &efi_flags); > } > - else if ( !strncmp(s, "attr=uc", ss - s) ) > + else if ( !cmdline_strcmp(s, "attr=uc") ) > efi_map_uc = val; > else > rc = -EINVAL; > diff --git a/xen/common/kernel.c b/xen/common/kernel.c > index 5766a0f..053c31d 100644 > --- a/xen/common/kernel.c > +++ b/xen/common/kernel.c > @@ -221,25 +221,51 @@ void __init cmdline_parse(const char *cmdline) > > int parse_bool(const char *s, const char *e) > { > - unsigned int len; > + size_t len = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); > > - len = e ? ({ ASSERT(e >= s); e - s; }) : strlen(s); > - if ( !len ) > - return -1; > + switch ( len ) > + { > + case 1: > + if ( *s == '1' ) > + return 1; > + if ( *s == '0' ) > + return 0; > + break; > > - if ( !strncmp("no", s, len) || > - !strncmp("off", s, len) || > - !strncmp("false", s, len) || > - !strncmp("disable", s, len) || > - !strncmp("0", s, len) ) > - return 0; > + case 2: > + if ( !strncmp("on", s, 2) ) > + return 1; > + if ( !strncmp("no", s, 2) ) > + return 0; > + break; > + > + case 3: > + if ( !strncmp("yes", s, 3) ) > + return 1; > + if ( !strncmp("off", s, 3) ) > + return 0; > + break; > + > + case 4: > + if ( !strncmp("true", s, 4) ) > + return 1; > + break; > + > + case 5: > + if ( !strncmp("false", s, 5) ) > + return 0; > + break; > > - if ( !strncmp("yes", s, len) || > - !strncmp("on", s, len) || > - !strncmp("true", s, len) || > - !strncmp("enable", s, len) || > - !strncmp("1", s, len) ) > - return 1; > + case 6: > + if ( !strncmp("enable", s, 6) ) > + return 1; > + break; > + > + case 7: > + if ( !strncmp("disable", s, 7) ) > + return 0; > + break; > + } > > return -1; > } > @@ -271,6 +297,27 @@ int parse_boolean(const char *name, const char *s, const > char *e) > return -1; > } > > +int cmdline_strcmp(const char *frag, const char *name) > +{ > + for ( ; ; frag++, name++ ) > + { > + unsigned char f = *frag, n = *name; > + int res = f - n; > + > + if ( res || n == '\0' ) > + { > + /* > + * NUL in 'name' matching a comma, colon or semicolon in 'frag' > + * implies success. > + */ > + if ( n == '\0' && (f == ',' || f == ':' || f == ';') ) > + res = 0; > + > + return res; > + } > + } > +} > + > unsigned int tainted; > > /** > diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c > index 4d6badc..ba9897a 100644 > --- a/xen/drivers/cpufreq/cpufreq.c > +++ b/xen/drivers/cpufreq/cpufreq.c > @@ -73,7 +73,7 @@ static int __init setup_cpufreq_option(const char *str) > arg = strchr(str, '\0'); > choice = parse_bool(str, arg); > > - if ( choice < 0 && !strncmp(str, "dom0-kernel", arg - str) ) > + if ( choice < 0 && !cmdline_strcmp(str, "dom0-kernel") ) > { > xen_processor_pmbits &= ~XEN_PROCESSOR_PM_PX; > cpufreq_controller = FREQCTL_dom0_kernel; > @@ -81,14 +81,14 @@ static int __init setup_cpufreq_option(const char *str) > return 0; > } > > - if ( choice == 0 || !strncmp(str, "none", arg - str) ) > + if ( choice == 0 || !cmdline_strcmp(str, "none") ) > { > xen_processor_pmbits &= ~XEN_PROCESSOR_PM_PX; > cpufreq_controller = FREQCTL_none; > return 0; > } > > - if ( choice > 0 || !strncmp(str, "xen", arg - str) ) > + if ( choice > 0 || !cmdline_strcmp(str, "xen") ) > { > xen_processor_pmbits |= XEN_PROCESSOR_PM_PX; > cpufreq_controller = FREQCTL_xen; > diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c > index caff3ab..f097394 100644 > --- a/xen/drivers/passthrough/iommu.c > +++ b/xen/drivers/passthrough/iommu.c > @@ -98,36 +98,36 @@ static int __init parse_iommu_param(const char *s) > b = parse_bool(s, ss); > if ( b >= 0 ) > iommu_enable = b; > - else if ( !strncmp(s, "force", ss - s) || > - !strncmp(s, "required", ss - s) ) > + else if ( !cmdline_strcmp(s, "force") || > + !cmdline_strcmp(s, "required") ) > force_iommu = val; > - else if ( !strncmp(s, "workaround_bios_bug", ss - s) ) > + else if ( !cmdline_strcmp(s, "workaround_bios_bug") ) > iommu_workaround_bios_bug = val; > - else if ( !strncmp(s, "igfx", ss - s) ) > + else if ( !cmdline_strcmp(s, "igfx") ) > iommu_igfx = val; > - else if ( !strncmp(s, "verbose", ss - s) ) > + else if ( !cmdline_strcmp(s, "verbose") ) > iommu_verbose = val; > - else if ( !strncmp(s, "snoop", ss - s) ) > + else if ( !cmdline_strcmp(s, "snoop") ) > iommu_snoop = val; > - else if ( !strncmp(s, "qinval", ss - s) ) > + else if ( !cmdline_strcmp(s, "qinval") ) > iommu_qinval = val; > - else if ( !strncmp(s, "intremap", ss - s) ) > + else if ( !cmdline_strcmp(s, "intremap") ) > iommu_intremap = val; > - else if ( !strncmp(s, "intpost", ss - s) ) > + else if ( !cmdline_strcmp(s, "intpost") ) > iommu_intpost = val; > - else if ( !strncmp(s, "debug", ss - s) ) > + else if ( !cmdline_strcmp(s, "debug") ) > { > iommu_debug = val; > if ( val ) > iommu_verbose = 1; > } > - else if ( !strncmp(s, "amd-iommu-perdev-intremap", ss - s) ) > + else if ( !cmdline_strcmp(s, "amd-iommu-perdev-intremap") ) > amd_iommu_perdev_intremap = val; > - else if ( !strncmp(s, "dom0-passthrough", ss - s) ) > + else if ( !cmdline_strcmp(s, "dom0-passthrough") ) > iommu_hwdom_passthrough = val; > - else if ( !strncmp(s, "dom0-strict", ss - s) ) > + else if ( !cmdline_strcmp(s, "dom0-strict") ) > iommu_hwdom_strict = val; > - else if ( !strncmp(s, "sharept", ss - s) ) > + else if ( !cmdline_strcmp(s, "sharept") ) > iommu_hap_pt_share = val; > else > rc = -EINVAL; > diff --git a/xen/drivers/passthrough/pci.c b/xen/drivers/passthrough/pci.c > index 1277ce2..93c20b9 100644 > --- a/xen/drivers/passthrough/pci.c > +++ b/xen/drivers/passthrough/pci.c > @@ -213,12 +213,12 @@ static int __init parse_pci_param(const char *s) > if ( !ss ) > ss = strchr(s, '\0'); > > - if ( !strncmp(s, "serr", ss - s) ) > + if ( !cmdline_strcmp(s, "serr") ) > { > cmd_mask = PCI_COMMAND_SERR; > brctl_mask = PCI_BRIDGE_CTL_SERR | PCI_BRIDGE_CTL_DTMR_SERR; > } > - else if ( !strncmp(s, "perr", ss - s) ) > + else if ( !cmdline_strcmp(s, "perr") ) > { > cmd_mask = PCI_COMMAND_PARITY; > brctl_mask = PCI_BRIDGE_CTL_PARITY; > diff --git a/xen/include/xen/lib.h b/xen/include/xen/lib.h > index 972fc84..89939f4 100644 > --- a/xen/include/xen/lib.h > +++ b/xen/include/xen/lib.h > @@ -79,6 +79,13 @@ int parse_bool(const char *s, const char *e); > */ > int parse_boolean(const char *name, const char *s, const char *e); > > +/** > + * Very similar to strcmp(), but will declare a match if the NUL in 'name' > + * lines up with comma, colon or semicolon in 'frag'. Designed for picking > + * exact string matches out of a delimited command line list. > + */ > +int cmdline_strcmp(const char *frag, const char *name); > + > /*#define DEBUG_TRACE_DUMP*/ > #ifdef DEBUG_TRACE_DUMP > extern void debugtrace_dump(void); _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |