From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933621AbbLVWxg (ORCPT ); Tue, 22 Dec 2015 17:53:36 -0500 Received: from mga14.intel.com ([192.55.52.115]:21157 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932904AbbLVWwk (ORCPT ); Tue, 22 Dec 2015 17:52:40 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,466,1444719600"; d="scan'208";a="17867033" Subject: [PATCH 2/5] x86: fix early command-line parsing, when partial word match To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, Dave Hansen , dave.hansen@linux.intel.com, bp@suse.de, hpa@zytor.com, fenghua.yu@intel.com, yu-cheng.yu@intel.com From: Dave Hansen Date: Tue, 22 Dec 2015 14:52:39 -0800 References: <20151222225237.08CDE5F1@viggo.jf.intel.com> In-Reply-To: <20151222225237.08CDE5F1@viggo.jf.intel.com> Message-Id: <20151222225239.8E1DCA58@viggo.jf.intel.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Hansen cmdline_find_option_bool() keeps track of position in two strings: 1. the command-line 2. the option we are searchign for in the command-line We plow through each character in the command-line one at a time, always moving forward. We move forward in the option ('opptr') when we match characters in 'cmdline'. We reset the 'opptr' only when we go in to the 'st_wordstart' state. But, if we fail to match an option because we see a space ( state=st_wordcmp, *opptr='\0',c=' '), we set state='st_wordskip' and 'break', moving to the next character. But, that move to the next character is the one *after* the ' '. This means that we will miss a 'st_wordstart' state. For instance, if we have cmdline = "foo fool"; and are searching for "fool", we have: "fool" opptr = ----^ "foo fool" c = --------^ We see that 'l' != ' ', set state=st_wordskip, break, and then move 'c', so: "foo fool" c = ---------^ and are still in state=st_wordskip. We will stay in wordskip until we have skipped "fool", thus missing the option we were looking for. This *only* happens when you have a partially- matching word followed by a matching one. To fix this, we always fall *into* the 'st_wordskip' state when we set it. Signed-off-by: Dave Hansen Cc: Borislav Petkov Cc: H. Peter Anvin Cc: linux-kernel@vger.kernel.org Cc: fenghua.yu@intel.com Cc: yu-cheng.yu@intel.com --- b/arch/x86/lib/cmdline.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff -puN arch/x86/lib/cmdline.c~x86-mid-option-match-command-line-parsing arch/x86/lib/cmdline.c --- a/arch/x86/lib/cmdline.c~x86-mid-option-match-command-line-parsing 2015-12-22 11:56:59.047167827 -0800 +++ b/arch/x86/lib/cmdline.c 2015-12-22 11:56:59.050167962 -0800 @@ -72,18 +72,26 @@ int cmdline_find_option_bool(const char */ if (!c || myisspace(c)) return wstart; - else - state = st_wordskip; + /* + * We hit the end of the option, but _not_ + * the end of a word on the cmdline. Not + * a match. + */ } else if (!c) { /* * Hit the NULL terminator on the end of * cmdline. */ return 0; - } else if (c != *opptr++) { - state = st_wordskip; + } else if (c == *opptr++) { + /* + * We are currently matching, so continue + * to the next character on the cmdline. + */ + break; } - break; + state = st_wordskip; + /* fall through */ case st_wordskip: if (!c) _