Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4466255pxf;
        Tue, 16 Mar 2021 14:23:19 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyDykqcLChVS9L9nLE/zs6yHK9DLjaVqGRFF0/tVmChhSkyYnVpJYOcawKa26KApOGAnpdz
X-Received: by 2002:a50:d71e:: with SMTP id t30mr37922220edi.58.1615929799547;
        Tue, 16 Mar 2021 14:23:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1615929799; cv=none;
        d=google.com; s=arc-20160816;
        b=t95FD9lRPbHhw3Dk89GVeCVFuP5l99zX4p5dGPbLDy0hwoy335//nkHZ0WNqrq2RKG
         cI6hheCTiD82cSRYFHnZxm23jxDeCfPVtAjMsVBFjgL88n/8Weov/ND88p0LncXv8kfq
         WTY2kt2fgOfl1Clb0YiR6Fni2ke/yhpyuJNvpjGsGv1o/t7jpOuNqiuC3syh/2qk7V2s
         FnE0JOOletKohWZmm0FOmkvzfh/etekai4R4NPTKQ8EY2cBzIQlOp/hrklNRWqzDU0Id
         I7XPvSbuQaT+6piD0vNAy00DkuCZCGC7KKAWi8DFfrEp+p+68VPXJ6WfykWfLD9366fY
         qydg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=T1dptB8DGiAtVy78fP9gxkodKZig+FCTOhvmmXEmIPc=;
        b=gc77lfKDrqCX0DlR5zLhARyUwdRaeK1BGbiyCqMczj11SlBmdosQgaUCvJpCc5cesw
         GBAqo3HJ9yILd0O5tggx53qAtShpwjPn3dVSCvq4SGUgEwOUnYV0iSz9pX+boSBndIsb
         jPdWcQyKsLX7wVZX2PxfiUXtcsfIyYbkj/m8R2JXU10tFJWmGWQeHhF4qGVZ3ih3eJ63
         gPvUHv+aNGBMmejs05qaJheVY/fYcS8FHQzvWEp1P/VPZIcEvv1nXpEVGWXOq3AjWLfp
         cgD6qmzrrxiOXUXGdMVmFwqm3k/Ci3fSQ8JIRSLKHqR2N1BpfGjRhg5zDpU/s0o+/tDX
         dUlg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dx21si13237318ejb.567.2021.03.16.14.22.56;
        Tue, 16 Mar 2021 14:23:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240077AbhCPTid (ORCPT <rfc822;machinecat1666@gmail.com>
        + 99 others); Tue, 16 Mar 2021 15:38:33 -0400
Received: from relay10.mail.gandi.net ([217.70.178.230]:59913 "EHLO
        relay10.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234578AbhCPTiY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 16 Mar 2021 15:38:24 -0400
Received: from debian.home (lfbn-lyo-1-457-219.w2-7.abo.wanadoo.fr [2.7.49.219])
        (Authenticated sender: alex@ghiti.fr)
        by relay10.mail.gandi.net (Postfix) with ESMTPSA id 30ACF240006;
        Tue, 16 Mar 2021 19:38:21 +0000 (UTC)
From:   Alexandre Ghiti <alex@ghiti.fr>
To:     Rob Herring <robh+dt@kernel.org>,
        Frank Rowand <frowand.list@gmail.com>,
        Dmitry Vyukov <dvyukov@google.com>, devicetree@vger.kernel.org,
        linux-kernel@vger.kernel.org
Cc:     Alexandre Ghiti <alex@ghiti.fr>
Subject: [PATCH] driver: of: Properly truncate command line if too long
Date:   Tue, 16 Mar 2021 15:38:20 -0400
Message-Id: <20210316193820.3137-1-alex@ghiti.fr>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In case the command line given by the user is too long, warn about it
and truncate it to the last full argument.

This is what efi already does in commit 80b1bfe1cb2f ("efi/libstub:
Don't parse overlong command lines").

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Alexandre Ghiti <alex@ghiti.fr>
---
 drivers/of/fdt.c | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index dcc1dd96911a..de4c6f9bac39 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -25,6 +25,7 @@
 #include <linux/serial_core.h>
 #include <linux/sysfs.h>
 #include <linux/random.h>
+#include <linux/ctype.h>
 
 #include <asm/setup.h>  /* for COMMAND_LINE_SIZE */
 #include <asm/page.h>
@@ -1050,9 +1051,27 @@ int __init early_init_dt_scan_chosen(unsigned long node, const char *uname,
 
 	/* Retrieve command line */
 	p = of_get_flat_dt_prop(node, "bootargs", &l);
-	if (p != NULL && l > 0)
+	if (p != NULL && l > 0) {
 		strlcpy(data, p, min(l, COMMAND_LINE_SIZE));
 
+		/*
+		 * If the given command line size is larger than
+		 * COMMAND_LINE_SIZE, truncate it to the last complete
+		 * parameter.
+		 */
+		if (l > COMMAND_LINE_SIZE) {
+			char *cmd_p = (char *)data + COMMAND_LINE_SIZE - 1;
+
+			while (!isspace(*cmd_p))
+				cmd_p--;
+
+			*cmd_p = '\0';
+
+			pr_err("Command line is too long: truncated to %d bytes\n",
+			       (int)(cmd_p - (char *)data + 1));
+		}
+	}
+
 	/*
 	 * CONFIG_CMDLINE is meant to be a default in case nothing else
 	 * managed to set the command line, unless CONFIG_CMDLINE_FORCE
-- 
2.20.1