linux-doc.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Steven Rostedt <rostedt@goodmis.org>
To: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Frank Rowand <frowand.list@gmail.com>,
	Ingo Molnar <mingo@redhat.com>,
	Randy Dunlap <rdunlap@infradead.org>,
	Namhyung Kim <namhyung@kernel.org>, Tim Bird <Tim.Bird@sony.com>,
	Jiri Olsa <jolsa@redhat.com>,
	Arnaldo Carvalho de Melo <acme@kernel.org>,
	Tom Zanussi <tom.zanussi@linux.intel.com>,
	Rob Herring <robh+dt@kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Alexey Dobriyan <adobriyan@gmail.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v5 01/22] bootconfig: Add Extra Boot Config support
Date: Tue, 7 Jan 2020 22:03:49 -0500	[thread overview]
Message-ID: <20200107220349.1e7424f9@rorschach.local.home> (raw)
In-Reply-To: <20200107205945.63e5d35a@rorschach.local.home>

On Tue, 7 Jan 2020 20:59:45 -0500
Steven Rostedt <rostedt@goodmis.org> wrote:

> 
> > +
> > +/*
> > + * Return delimiter or error, no node added. As same as lib/cmdline.c,
> > + * you can use " around spaces, but can't escape " for value.
> > + */
> > +static int __init __xbc_parse_value(char **__v, char **__n)
> > +{
> > +	char *p, *v = *__v;
> > +	int c, quotes = 0;
> > +
> > +	v = skip_spaces(v);
> > +	while (*v == '#') {
> > +		v = skip_comment(v);
> > +		v = skip_spaces(v);
> > +	}
> > +	if (*v == '"' || *v == '\'') {
> > +		quotes = *v;
> > +		v++;
> > +	}
> > +	p = v - 1;
> > +	while ((c = *++p)) {
> > +		if (!isprint(c) && !isspace(c))
> > +			return xbc_parse_error("Non printable value", p);
> > +		if (quotes) {
> > +			if (c != quotes)
> > +				continue;
> > +			quotes = 0;
> > +			*p++ = '\0';
> > +			p = skip_spaces(p);  
> 
> Hmm, if p here == "    \0" then skip_spaces() will make p == "\0"
> 
> > +			c = *p;
> > +			if (c && !strchr(",;\n#}", c))
> > +				return xbc_parse_error("No value delimiter", p);
> > +			p++;  
> 
> Now p == one passed "\0" which is in unknown territory.

I like how you have patch 3 use this code. It makes it easy to test,
and valgrind pointed out that this is a bug. With a file that just
contained:

   foo = "1"

I ran this:

  $ valgrind -v --leak-check=full ./tools/bootconfig/bootconfig -a /tmp/boot-bad /tmp/initrd  2>/tmp/out

Which gave me this:

==18929== Invalid read of size 1
==18929==    at 0x483FC02: strpbrk (vg_replace_strmem.c:1690)
==18929==    by 0x40263C: xbc_init (bootconfig.c:724)
==18929==    by 0x403162: apply_xbc (main.c:255)
==18929==    by 0x403346: main (main.c:331)
==18929==  Address 0x4a4e09f is 0 bytes after a block of size 15 alloc'd
==18929==    at 0x483780B: malloc (vg_replace_malloc.c:309)
==18929==    by 0x402B9D: load_xbc_fd (main.c:95)
==18929==    by 0x402C87: load_xbc_file (main.c:120)
==18929==    by 0x4030AC: apply_xbc (main.c:238)
==18929==    by 0x403346: main (main.c:331)

Which proves this the issue as when I apply the patch below, this goes
away:

-- Steve

diff --git a/lib/bootconfig.c b/lib/bootconfig.c
index 7a7cdc45bf62..0793ef9f48b8 100644
--- a/lib/bootconfig.c
+++ b/lib/bootconfig.c
@@ -468,7 +468,8 @@ static int __init __xbc_parse_value(char **__v, char **__n)
 			c = *p;
 			if (c && !strchr(",;\n#}", c))
 				return xbc_parse_error("No value delimiter", p);
-			p++;
+			if (*p)
+				p++;
 			break;
 		}
 		if (strchr(",;\n#}", c)) {

  reply	other threads:[~2020-01-08  3:03 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-12-26 14:03 [PATCH v5 00/22] tracing: bootconfig: Boot-time tracing and Extra boot config Masami Hiramatsu
2019-12-26 14:04 ` [PATCH v5 01/22] bootconfig: Add Extra Boot Config support Masami Hiramatsu
2020-01-08  1:59   ` Steven Rostedt
2020-01-08  3:03     ` Steven Rostedt [this message]
2020-01-08  5:17     ` Masami Hiramatsu
2020-01-08 14:01       ` Steven Rostedt
2019-12-26 14:04 ` [PATCH v5 02/22] bootconfig: Load boot config from the tail of initrd Masami Hiramatsu
2019-12-26 14:04 ` [PATCH v5 03/22] tools: bootconfig: Add bootconfig command Masami Hiramatsu
2019-12-26 14:04 ` [PATCH v5 04/22] tools: bootconfig: Add bootconfig test script Masami Hiramatsu
2019-12-26 14:04 ` [PATCH v5 05/22] proc: bootconfig: Add /proc/bootconfig to show boot config list Masami Hiramatsu
2020-01-09 21:37   ` Steven Rostedt
2020-01-10  0:52     ` Masami Hiramatsu
2019-12-26 14:05 ` [PATCH v5 06/22] init/main.c: Alloc initcall_command_line in do_initcall() and free it Masami Hiramatsu
2019-12-26 14:05 ` [PATCH v5 07/22] bootconfig: init: Allow admin to use bootconfig for kernel command line Masami Hiramatsu
2019-12-26 14:05 ` [PATCH v5 08/22] bootconfig: init: Allow admin to use bootconfig for init " Masami Hiramatsu
2019-12-26 14:05 ` [PATCH v5 09/22] Documentation: bootconfig: Add a doc for extended boot config Masami Hiramatsu
2019-12-26 14:05 ` [PATCH v5 10/22] tracing: Apply soft-disabled and filter to tracepoints printk Masami Hiramatsu
2019-12-26 14:06 ` [PATCH v5 11/22] tracing: kprobes: Output kprobe event to printk buffer Masami Hiramatsu
2019-12-26 14:06 ` [PATCH v5 12/22] tracing: kprobes: Register to dynevent earlier stage Masami Hiramatsu
2019-12-26 14:06 ` [PATCH v5 13/22] tracing: Accept different type for synthetic event fields Masami Hiramatsu
2019-12-26 14:06 ` [PATCH v5 14/22] tracing: Add NULL trace-array check in print_synth_event() Masami Hiramatsu
2019-12-26 14:06 ` [PATCH v5 15/22] tracing/boot: Add boot-time tracing Masami Hiramatsu
2019-12-26 14:07 ` [PATCH v5 16/22] tracing/boot: Add per-event settings Masami Hiramatsu
2019-12-26 14:07 ` [PATCH v5 17/22] tracing/boot Add kprobe event support Masami Hiramatsu
2019-12-26 14:07 ` [PATCH v5 18/22] tracing/boot: Add synthetic " Masami Hiramatsu
2019-12-26 14:07 ` [PATCH v5 19/22] tracing/boot: Add instance node support Masami Hiramatsu
2019-12-26 14:07 ` [PATCH v5 20/22] tracing/boot: Add cpu_mask option support Masami Hiramatsu
2019-12-26 14:08 ` [PATCH v5 21/22] tracing/boot: Add function tracer filter options Masami Hiramatsu
2019-12-26 18:05   ` kbuild test robot
2019-12-27  2:56     ` Masami Hiramatsu
2019-12-26 14:08 ` [PATCH v5 22/22] Documentation: tracing: Add boot-time tracing document Masami Hiramatsu
2020-01-09 23:10 ` [PATCH v5 00/22] tracing: bootconfig: Boot-time tracing and Extra boot config Steven Rostedt
2020-01-10 15:30   ` Masami Hiramatsu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200107220349.1e7424f9@rorschach.local.home \
    --to=rostedt@goodmis.org \
    --cc=Tim.Bird@sony.com \
    --cc=acme@kernel.org \
    --cc=adobriyan@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=corbet@lwn.net \
    --cc=frowand.list@gmail.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=jolsa@redhat.com \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mhiramat@kernel.org \
    --cc=mingo@redhat.com \
    --cc=namhyung@kernel.org \
    --cc=rdunlap@infradead.org \
    --cc=robh+dt@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=tom.zanussi@linux.intel.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).