[tip:x86/boot] x86/boot: Fix early command-line parsing when partial word matches - tip-bot for Dave Hansen

From: tip-bot for Dave Hansen <tipbot@zytor.com>
To: linux-tip-commits@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, tglx@linutronix.de,
	luto@amacapital.net, bp@alien8.de, hpa@zytor.com,
	dvlasenk@redhat.com, dave.hansen@linux.intel.com,
	brgerst@gmail.com, torvalds@linux-foundation.org,
	mingo@kernel.org, peterz@infradead.org, bp@suse.de
Subject: [tip:x86/boot] x86/boot: Fix early command-line parsing when partial word matches
Date: Wed, 3 Feb 2016 03:35:20 -0800	[thread overview]
Message-ID: <tip-abcdc1c694fa4055323cbec1cde4c2cb6b68398c@git.kernel.org> (raw)
In-Reply-To: <20151222225239.8E1DCA58@viggo.jf.intel.com>

Commit-ID:  abcdc1c694fa4055323cbec1cde4c2cb6b68398c
Gitweb:     http://git.kernel.org/tip/abcdc1c694fa4055323cbec1cde4c2cb6b68398c
Author:     Dave Hansen <dave.hansen@linux.intel.com>
AuthorDate: Tue, 22 Dec 2015 14:52:39 -0800
Committer:  Ingo Molnar <mingo@kernel.org>
CommitDate: Wed, 3 Feb 2016 12:03:16 +0100

x86/boot: Fix early command-line parsing when partial word matches

cmdline_find_option_bool() keeps track of position in two strings:

 1. the command-line
 2. the option we are searchign for in the command-line

We plow through each character in the command-line one at a time, always
moving forward. We move forward in the option ('opptr') when we match
characters in 'cmdline'. We reset the 'opptr' only when we go in to the
'st_wordstart' state.

But, if we fail to match an option because we see a space
(state=st_wordcmp, *opptr='\0',c=' '), we set state='st_wordskip' and
'break', moving to the next character. But, that move to the next
character is the one *after* the ' '. This means that we will miss a
'st_wordstart' state.

For instance, if we have

  cmdline = "foo fool";

and are searching for "fool", we have:

	  "fool"
  opptr = ----^

           "foo fool"
   c = --------^

We see that 'l' != ' ', set state=st_wordskip, break, and then move 'c', so:

          "foo fool"
  c = ---------^

and are still in state=st_wordskip. We will stay in wordskip until we
have skipped "fool", thus missing the option we were looking for. This
*only* happens when you have a partially- matching word followed by a
matching one.

To fix this, we always fall *into* the 'st_wordskip' state when we set
it.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: fenghua.yu@intel.com
Cc: yu-cheng.yu@intel.com
Link: http://lkml.kernel.org/r/20151222225239.8E1DCA58@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
---
 arch/x86/lib/cmdline.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/arch/x86/lib/cmdline.c b/arch/x86/lib/cmdline.c
index 49548be..ff8d1be 100644
--- a/arch/x86/lib/cmdline.c
+++ b/arch/x86/lib/cmdline.c
@@ -72,18 +72,26 @@ int cmdline_find_option_bool(const char *cmdline, const char *option)
 				 */
 				if (!c || myisspace(c))
 					return wstart;
-				else
-					state = st_wordskip;
+				/*
+				 * We hit the end of the option, but _not_
+				 * the end of a word on the cmdline.  Not
+				 * a match.
+				 */
 			} else if (!c) {
 				/*
 				 * Hit the NULL terminator on the end of
 				 * cmdline.
 				 */
 				return 0;
-			} else if (c != *opptr++) {
-				state = st_wordskip;
+			} else if (c == *opptr++) {
+				/*
+				 * We are currently matching, so continue
+				 * to the next character on the cmdline.
+				 */
+				break;
 			}
-			break;
+			state = st_wordskip;
+			/* fall through */
 
 		case st_wordskip:
 			if (!c)
