From: Ard Biesheuvel <ardb@kernel.org>
To: Arvind Sankar <nivedita@alum.mit.edu>
Cc: linux-efi <linux-efi@vger.kernel.org>
Subject: Re: [PATCH 00/24] efi/libstub: Add printf implementation
Date: Tue, 19 May 2020 18:44:27 +0200 [thread overview]
Message-ID: <CAMj1kXGuM6sEE5HoAmGP7EZDnyUsW73FH+f2C_MvH76UCMYkpg@mail.gmail.com> (raw)
In-Reply-To: <20200519150629.GB1526900@rani.riverdale.lan>
On Tue, 19 May 2020 at 17:06, Arvind Sankar <nivedita@alum.mit.edu> wrote:
>
> On Tue, May 19, 2020 at 09:53:47AM +0200, Ard Biesheuvel wrote:
> >
> > Thanks Arvind, this is looking really good!
> >
> > Did you use any test code for the printf() parsing? Given that the
> > kernel command line is not covered by secure boot signing (or the
> > initrd, come to think of it), I'd hate to open up a security hole
> > here.
> >
> I only did basic functional testing, I haven't tried to actually break
> it.
>
> I think the code will be robust enough to avoid overflowing the buffer
> passed to vsnprintf, even if the output ends up being garbage due to
> bugs.
>
> That said, one thing in efi_convert_cmdline is that we use int to hold
> both options_chars and options_bytes. The size of load options is
> limited to uint32, so int should be ok for options_chars but
> options_bytes could theoretically overflow?
>
> In any case, there's no point parsing beyond COMMAND_LINE_SIZE anyway,
> so we should limit options_bytes to COMMAND_LINE_SIZE-1 + terminating
> NUL, and if it's longer we can either truncate it (blindly or at
> whitespace?) or ignore the options altogether. I can add that in v2.
>
Anything that will make it more robust is good to have.
> One more question -- since the first version of the stub, we truncate
> the command line at the first newline character. Do you know if there's
> something that actually needs that?
>
Not that I am aware of.
> efibootmgr can actually even set up the load options as a series of
> NUL-terminated strings if you miss putting them all inside quotes :)
Someone else may have thought of that already, so we can't simply
start treating anything past the first newline or \0 as part of the
command line.
next prev parent reply other threads:[~2020-05-19 16:44 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-18 19:06 [PATCH 00/24] efi/libstub: Add printf implementation Arvind Sankar
2020-05-18 19:06 ` [PATCH 01/24] efi/libstub: Include dependencies of efistub.h Arvind Sankar
2020-05-18 19:06 ` [PATCH 02/24] efi/libstub: Rename efi_[char16_]printk to efi_[char16_]puts Arvind Sankar
2020-05-18 19:06 ` [PATCH 03/24] efi/libstub: Buffer output of efi_puts Arvind Sankar
2020-05-18 19:06 ` [PATCH 04/24] efi/libstub: Add a basic printf implementation Arvind Sankar
2020-05-18 19:06 ` [PATCH 05/24] efi/libstub: Optimize for size instead of speed Arvind Sankar
2020-06-05 0:31 ` Andrey Ignatov
2020-06-05 6:33 ` Ard Biesheuvel
2020-06-05 13:14 ` Arvind Sankar
2020-06-05 13:32 ` Arvind Sankar
2020-06-05 14:53 ` Ard Biesheuvel
2020-06-05 15:10 ` Arvind Sankar
2020-06-05 15:11 ` Ard Biesheuvel
2020-06-05 15:06 ` [PATCH] efi/x86: Fix build with gcc 4 Arvind Sankar
2020-06-05 16:09 ` Andrey Ignatov
2020-06-15 9:43 ` Ard Biesheuvel
2020-06-19 16:46 ` [tip: efi/urgent] " tip-bot2 for Arvind Sankar
2020-05-18 19:06 ` [PATCH 06/24] efi/printf: Drop %n format and L qualifier Arvind Sankar
2020-05-18 19:06 ` [PATCH 07/24] efi/printf: Add 64-bit and 8-bit integer support Arvind Sankar
2020-05-18 19:07 ` [PATCH 08/24] efi/printf: Factor out flags parsing and handle '%' earlier Arvind Sankar
2020-05-18 19:07 ` [PATCH 09/24] efi/printf: Fix minor bug in precision handling Arvind Sankar
2020-05-18 19:07 ` [PATCH 10/24] efi/printf: Merge 'p' with the integer formats Arvind Sankar
2020-05-18 19:07 ` [PATCH 11/24] efi/printf: Factor out width/precision parsing Arvind Sankar
2020-05-18 19:07 ` [PATCH 12/24] efi/printf: Factor out integer argument retrieval Arvind Sankar
2020-05-18 19:07 ` [PATCH 13/24] efi/printf: Handle null string input Arvind Sankar
2020-05-18 19:07 ` [PATCH 14/24] efi/printf: Refactor code to consolidate padding and output Arvind Sankar
2020-05-18 19:07 ` [PATCH 15/24] efi/printf: Abort on invalid format Arvind Sankar
2020-05-18 19:07 ` [PATCH 16/24] efi/printf: Turn vsprintf into vsnprintf Arvind Sankar
2020-05-18 19:07 ` [PATCH 17/24] efi/libstub: Implement printk-style logging Arvind Sankar
2020-05-19 8:22 ` Ard Biesheuvel
2020-05-19 15:07 ` Arvind Sankar
2020-05-20 16:38 ` Arvind Sankar
2020-05-20 16:38 ` Ard Biesheuvel
2020-05-20 17:02 ` Arvind Sankar
2020-05-20 17:09 ` Ard Biesheuvel
2020-05-18 19:07 ` [PATCH 18/24] efi/libstub: Add definitions for console input and events Arvind Sankar
2020-05-18 19:07 ` [PATCH 19/24] efi/gop: Add an option to list out the available GOP modes Arvind Sankar
2020-05-18 19:07 ` [PATCH 20/24] efi/printf: Add support for wchar_t (UTF-16) Arvind Sankar
2020-05-18 19:07 ` [PATCH 21/24] efi/libstub: Add UTF-8 decoding to efi_puts Arvind Sankar
2020-05-18 19:07 ` [PATCH 22/24] efi/libstub: Use %ls for filename Arvind Sankar
2020-05-18 19:07 ` [PATCH 23/24] efi/libstub: Get the exact UTF-8 length Arvind Sankar
2020-05-18 19:07 ` [PATCH 24/24] efi/libstub: Use snprintf with %ls to convert the command line Arvind Sankar
2020-05-19 7:53 ` [PATCH 00/24] efi/libstub: Add printf implementation Ard Biesheuvel
2020-05-19 15:06 ` Arvind Sankar
2020-05-19 16:44 ` Ard Biesheuvel [this message]
2020-05-21 0:29 ` [PATCH] efi/libstub: Don't parse overlong command lines Arvind Sankar
2020-05-22 13:13 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMj1kXGuM6sEE5HoAmGP7EZDnyUsW73FH+f2C_MvH76UCMYkpg@mail.gmail.com \
--to=ardb@kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=nivedita@alum.mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.