From nobody Wed Apr 1 20:39:02 2026 Received: from cstnet.cn (smtp21.cstnet.cn [159.226.251.21]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 37C3B4657CD for ; Wed, 1 Apr 2026 16:03:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=159.226.251.21 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775059408; cv=none; b=Tx+FXwRv9j9ATWwmy/t9chbHt/phSfsxZ4xgtkJZ/NFHhUkIg6JAb1z+t4r8Zolt3gxY1GX7VV/Qr2KqELODq1WD3AdPEz93ImHxov2oKK9UAgUzaaZJUXuFXRlnefCm8a3UIjh2dudXVL2xehbivmbmjJJ5gWBX5tKw5ovleEk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775059408; c=relaxed/simple; bh=KLklCzUAtm6e3FdwZ+xUcPmPb6S7OruPQkhZPMA1bVY=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=jhqHgzxQGSLlmDPK888SO+eUWQdlVX5AP+sixLL89TZkG+XhTOlI7yte9JSmmHOrvR7nh/JrTqbtAFpq+jva5f/nVM15/AcXRlnKEGscD7Kd1AgwopX5Yz9uD4FWF63dwcvy3eKjmYUGkvszTP68l9zvFw5hxBMHb5zCHWttiLI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=iscas.ac.cn; spf=pass smtp.mailfrom=iscas.ac.cn; arc=none smtp.client-ip=159.226.251.21 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=iscas.ac.cn Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iscas.ac.cn Received: from localhost.localdomain (unknown [111.196.245.197]) by APP-01 (Coremail) with SMTP id qwCowAC3XWnAQc1pYxThCw--.21090S2; Thu, 02 Apr 2026 00:03:13 +0800 (CST) From: Pengpeng Hou To: maddy@linux.ibm.com Cc: mpe@ellerman.id.au, npiggin@gmail.com, chleroy@kernel.org, geoff@infradead.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, pengpeng@iscas.ac.cn Subject: [PATCH] powerpc/boot: avoid overflowing the bootwrapper printf buffer with bootargs Date: Thu, 2 Apr 2026 00:03:12 +0800 Message-ID: <20260401160312.88459-1-pengpeng@iscas.ac.cn> X-Mailer: git-send-email 2.50.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-CM-TRANSID: qwCowAC3XWnAQc1pYxThCw--.21090S2 X-Coremail-Antispam: 1UD129KBjvJXoWxJw18JFyktF1ruw4UWr4DJwb_yoW5Wry3pw 4qkFnxJanYk3W5Ja42vFs8uryrZwn7J3srC3yDW3yDZFnxXrZ2qan5Za45t34UJFyrAF10 vFsIkFyxKF9xCw7anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUkm14x267AKxVW8JVW5JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26r1I6r4UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r4j 6F4UM28EF7xvwVC2z280aVAFwI0_Jr0_Gr1l84ACjcxK6I8E87Iv6xkF7I0E14v26r1j6r 4UM2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6xII jxv20xvE14v26r1j6r18McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr 1lF7xvr2IYc2Ij64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7MxkF7I0En4kS14v26r12 6r1DMxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI 0_Jr0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVWUtVW8ZwCIc40Y 0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxV WUJVW8JwCI42IY6xAIw20EY4v20xvaj40_Jr0_JF4lIxAIcVC2z280aVAFwI0_Jr0_Gr1l IxAIcVC2z280aVCY1x0267AKxVWUJVW8JbIYCTnIWIevJa73UjIFyTuYvjfUYCJmUUUUU X-CM-SenderInfo: pshqw1xhqjqxpvfd2hldfou0/ Content-Type: text/plain; charset="utf-8" The bootwrapper printf path formats strings through a fixed 1024-byte scratch buffer in arch/powerpc/boot/stdio.c. Both prep_cmdline() in main.c and ps3.c print the full bootargs string with a %s conversion even though the command line buffer itself is 2048 bytes. A long firmware-provided or built-in command line can therefore overrun the bootwrapper printf staging buffer while the kernel is still starting. Print the command line through console_ops.write() in bounded chunks instead of passing it to printf() as a single %s argument. Signed-off-by: Pengpeng Hou --- arch/powerpc/boot/main.c | 12 +++++++++++- arch/powerpc/boot/ps3.c | 12 +++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/boot/main.c b/arch/powerpc/boot/main.c index 2c0e2a1cab01..d02f77ad4df7 100644 --- a/arch/powerpc/boot/main.c +++ b/arch/powerpc/boot/main.c @@ -193,6 +193,16 @@ static inline void prep_esm_blob(struct addr_range vml= inux, void *chosen) { } static char cmdline[BOOT_COMMAND_LINE_SIZE] __attribute__((__section__("__builtin_cmdline"))); =20 +static void print_cmdline(const char *prefix, const char *suffix) +{ + size_t len =3D strnlen(cmdline, BOOT_COMMAND_LINE_SIZE - 1); + + printf("%s", prefix); + if (console_ops.write && len) + console_ops.write(cmdline, len); + printf("%s", suffix); +} + static void prep_cmdline(void *chosen) { unsigned int getline_timeout =3D 5000; @@ -207,7 +217,7 @@ static void prep_cmdline(void *chosen) if (cmdline[0] =3D=3D '\0') getprop(chosen, "bootargs", cmdline, BOOT_COMMAND_LINE_SIZE-1); =20 - printf("\n\rLinux/PowerPC load: %s", cmdline); + print_cmdline("\n\rLinux/PowerPC load: ", ""); =20 /* If possible, edit the command line */ if (console_ops.edit_cmdline && getline_timeout) diff --git a/arch/powerpc/boot/ps3.c b/arch/powerpc/boot/ps3.c index 89ff46b8b225..2f17b99c713c 100644 --- a/arch/powerpc/boot/ps3.c +++ b/arch/powerpc/boot/ps3.c @@ -31,6 +31,16 @@ BSS_STACK(4096); static char cmdline[BOOT_COMMAND_LINE_SIZE] __attribute__((__section__("__builtin_cmdline"))); =20 +static void print_cmdline(const char *prefix, const char *suffix) +{ + size_t len =3D strnlen(cmdline, BOOT_COMMAND_LINE_SIZE - 1); + + printf("%s", prefix); + if (console_ops.write && len) + console_ops.write(cmdline, len); + printf("%s", suffix); +} + static void prep_cmdline(void *chosen) { if (cmdline[0] =3D=3D '\0') @@ -38,7 +48,7 @@ static void prep_cmdline(void *chosen) else setprop_str(chosen, "bootargs", cmdline); =20 - printf("cmdline: '%s'\n", cmdline); + print_cmdline("cmdline: '", "'\n"); } =20 static void ps3_console_write(const char *buf, int len) --=20 2.50.1 (Apple Git-155)