A command line such as "cpuid=no-ibrsb,no-stibp" tickles a bug in
parse_boolean() because the separating comma fails the NUL case.

Instead, check for slen == nlen which accounts for the boundary (if any)
passed via the 'e' parameter.

Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
---
CC: Jan Beulich <jbeul...@suse.com>

This wants backporting everywhere the spectre series has gone.
---
 xen/common/kernel.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/xen/common/kernel.c b/xen/common/kernel.c
index 19f9bad..5766a0f 100644
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -259,12 +259,16 @@ int parse_boolean(const char *name, const char *s, const 
char *e)
     if ( slen < nlen || strncmp(s, name, nlen) )
         return -1;
 
-    switch ( s[nlen] )
-    {
-    case '\0': return val;
-    case '=':  return parse_bool(&s[nlen + 1], e);
-    default:   return -1;
-    }
+    /* Exact, unadorned name?  Result depends on the 'no-' prefix. */
+    if ( slen == nlen )
+        return val;
+
+    /* =$SOMETHING?  Defer to the regular boolean parsing. */
+    if ( s[nlen] == '=' )
+        return parse_bool(&s[nlen + 1], e);
+
+    /* Unrecognised.  Give up. */
+    return -1;
 }
 
 unsigned int tainted;
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to