Re: [PATCH v5 01/22] bootconfig: Add Extra Boot Config support

[PATCH v5 00/22] tracing: bootconfig: Boot-time tracing and Extra boot config · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 01/22] bootconfig: Add Extra Boot Config support · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
Re: [PATCH v5 01/22] bootconfig: Add Extra Boot Config support · Steven Rostedt <rostedt@goodmis.org> · 2020-01-08
Re: [PATCH v5 01/22] bootconfig: Add Extra Boot Config support · Steven Rostedt <rostedt@goodmis.org> · 2020-01-08
Re: [PATCH v5 01/22] bootconfig: Add Extra Boot Config support · Masami Hiramatsu <mhiramat@kernel.org> · 2020-01-08
Re: [PATCH v5 01/22] bootconfig: Add Extra Boot Config support · Steven Rostedt <rostedt@goodmis.org> · 2020-01-08
[PATCH v5 02/22] bootconfig: Load boot config from the tail of initrd · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 03/22] tools: bootconfig: Add bootconfig command · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 04/22] tools: bootconfig: Add bootconfig test script · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 05/22] proc: bootconfig: Add /proc/bootconfig to show boot config list · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
Re: [PATCH v5 05/22] proc: bootconfig: Add /proc/bootconfig to show boot config list · Steven Rostedt <rostedt@goodmis.org> · 2020-01-09
Re: [PATCH v5 05/22] proc: bootconfig: Add /proc/bootconfig to show boot config list · Masami Hiramatsu <mhiramat@kernel.org> · 2020-01-10
[PATCH v5 06/22] init/main.c: Alloc initcall_command_line in do_initcall() and free it · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 07/22] bootconfig: init: Allow admin to use bootconfig for kernel command line · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 08/22] bootconfig: init: Allow admin to use bootconfig for init command line · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 09/22] Documentation: bootconfig: Add a doc for extended boot config · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 10/22] tracing: Apply soft-disabled and filter to tracepoints printk · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 11/22] tracing: kprobes: Output kprobe event to printk buffer · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 12/22] tracing: kprobes: Register to dynevent earlier stage · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 13/22] tracing: Accept different type for synthetic event fields · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 14/22] tracing: Add NULL trace-array check in print_synth_event() · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 15/22] tracing/boot: Add boot-time tracing · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 16/22] tracing/boot: Add per-event settings · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 17/22] tracing/boot Add kprobe event support · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 18/22] tracing/boot: Add synthetic event support · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 19/22] tracing/boot: Add instance node support · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 20/22] tracing/boot: Add cpu_mask option support · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
[PATCH v5 21/22] tracing/boot: Add function tracer filter options · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
Re: [PATCH v5 21/22] tracing/boot: Add function tracer filter options · kbuild test robot <hidden> · 2019-12-26
Re: [PATCH v5 21/22] tracing/boot: Add function tracer filter options · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-27
[PATCH v5 22/22] Documentation: tracing: Add boot-time tracing document · Masami Hiramatsu <mhiramat@kernel.org> · 2019-12-26
Re: [PATCH v5 00/22] tracing: bootconfig: Boot-time tracing and Extra boot config · Steven Rostedt <rostedt@goodmis.org> · 2020-01-09
Re: [PATCH v5 00/22] tracing: bootconfig: Boot-time tracing and Extra boot config · Masami Hiramatsu <mhiramat@kernel.org> · 2020-01-10

From: Steven Rostedt <rostedt@goodmis.org>
Date: 2020-01-08 03:03:57
Also in: linux-fsdevel, lkml
Subsystem: extra boot config, library code, the rest · Maintainers: Masami Hiramatsu, Andrew Morton, Linus Torvalds

On Tue, 7 Jan 2020 20:59:45 -0500
Steven Rostedt [off-list ref] wrote:

quoted

+
+/*
+ * Return delimiter or error, no node added. As same as lib/cmdline.c,
+ * you can use " around spaces, but can't escape " for value.
+ */
+static int __init __xbc_parse_value(char **__v, char **__n)
+{
+	char *p, *v = *__v;
+	int c, quotes = 0;
+
+	v = skip_spaces(v);
+	while (*v == '#') {
+		v = skip_comment(v);
+		v = skip_spaces(v);
+	}
+	if (*v == '"' || *v == '\'') {
+		quotes = *v;
+		v++;
+	}
+	p = v - 1;
+	while ((c = *++p)) {
+		if (!isprint(c) && !isspace(c))
+			return xbc_parse_error("Non printable value", p);
+		if (quotes) {
+			if (c != quotes)
+				continue;
+			quotes = 0;
+			*p++ = '\0';
+			p = skip_spaces(p);

Hmm, if p here == "    \0" then skip_spaces() will make p == "\0"

quoted

+			c = *p;
+			if (c && !strchr(",;\n#}", c))
+				return xbc_parse_error("No value delimiter", p);
+			p++;

Now p == one passed "\0" which is in unknown territory.

I like how you have patch 3 use this code. It makes it easy to test,
and valgrind pointed out that this is a bug. With a file that just
contained:

   foo = "1"

I ran this:

  $ valgrind -v --leak-check=full ./tools/bootconfig/bootconfig -a /tmp/boot-bad /tmp/initrd  2>/tmp/out

Which gave me this:

==18929== Invalid read of size 1
==18929==    at 0x483FC02: strpbrk (vg_replace_strmem.c:1690)
==18929==    by 0x40263C: xbc_init (bootconfig.c:724)
==18929==    by 0x403162: apply_xbc (main.c:255)
==18929==    by 0x403346: main (main.c:331)
==18929==  Address 0x4a4e09f is 0 bytes after a block of size 15 alloc'd
==18929==    at 0x483780B: malloc (vg_replace_malloc.c:309)
==18929==    by 0x402B9D: load_xbc_fd (main.c:95)
==18929==    by 0x402C87: load_xbc_file (main.c:120)
==18929==    by 0x4030AC: apply_xbc (main.c:238)
==18929==    by 0x403346: main (main.c:331)

Which proves this the issue as when I apply the patch below, this goes
away:

-- Steve

diff --git a/lib/bootconfig.c b/lib/bootconfig.c
index 7a7cdc45bf62..0793ef9f48b8 100644
--- a/lib/bootconfig.c
+++ b/lib/bootconfig.c

@@ -468,7 +468,8 @@ static int __init __xbc_parse_value(char **__v, char **__n)
 			c = *p;
 			if (c && !strchr(",;\n#}", c))
 				return xbc_parse_error("No value delimiter", p);
-			p++;
+			if (*p)
+				p++;
 			break;
 		}
 		if (strchr(",;\n#}", c)) {

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help