The x86 boot protocol requires the kernel command line to be a
NUL-terminated string of length at most COMMAND_LINE_SIZE (including the
terminating NUL). In case the bootloader messed up and the command line
is too long (hence not NUL-terminated), use strscpy to copy the command
line into boot_command_line. This ensures that boot_command_line is
NUL-terminated, and it also avoids accessing beyond the actual end of
the command line if it was properly NUL-terminated.
Note that setup_arch() will already force command_line to be
NUL-terminated by using strlcpy(), as well as boot_command_line if a
builtin command line is configured. If boot_command_line was not
initially NUL-terminated, the strlen() inside of strlcpy()/strlcat()
will run beyond boot_command_line, but this is almost certainly
harmless in practice.
Signed-off-by: Arvind Sankar <nived...@alum.mit.edu>
---
arch/x86/kernel/head64.c | 2 +-
arch/x86/kernel/head_32.S | 11 +++++------
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index cbb71c1b574f..740dd05b9462 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -410,7 +410,7 @@ static void __init copy_bootdata(char *real_mode_data)
cmd_line_ptr = get_cmd_line_ptr();
if (cmd_line_ptr) {
command_line = __va(cmd_line_ptr);
- memcpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
+ strscpy(boot_command_line, command_line, COMMAND_LINE_SIZE);
}
/*
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index 7ed84c282233..2a7ced159d6b 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -102,13 +102,12 @@ SYM_CODE_START(startup_32)
cld
rep
movsl
- movl pa(boot_params) + NEW_CL_POINTER,%esi
- andl %esi,%esi
+ movl pa(boot_params) + NEW_CL_POINTER,%edx
+ testl %edx,%edx
jz 1f # No command line
- movl $pa(boot_command_line),%edi
- movl $(COMMAND_LINE_SIZE/4),%ecx
- rep
- movsl
+ movl $pa(boot_command_line),%eax
+ movl $COMMAND_LINE_SIZE,%ecx
+ call strscpy
1:
#ifdef CONFIG_OLPC
--
2.26.2
