Add support for runtime command lines.

[smoser]

Fixes https://github.com/puzzleos/stubby/issues/20.

If a stubby executable has a builtin command line that includes the "marker" string STUBBY_RT_CLI1 as a whole token, then any runtime command line will be placed in that position in the kernel's command line.

As an example:

builtin: foo=bar root=wark STUBBY_RT_CLI console=tty0
runtime: console=ttyS0
result: foo=bar root=wark console=ttyS0 console=tty0

Some things to note:

• it seems fairly strange to me that get_cmdline_with_print is what is in charge of "allowing" the command line in insecure mode, but that made stub.c read better.
• test-get-cmdline has reasonable test coverage (unverified) on the newly added code and further tests should be easy enough to add.

• Also here is a re-work of the "linux_efilib" stuff. It is really odd, but when compiling with -DLINUX_TEST we end up with a CHAR16 being 4 bytes. The whole reason is to avoid writing Print and UnicodeSPrint ourselves. The hack allows us to use wprintf and friends.

  The long term solution here would be to write CHAR16 version of UnicodeSprint.

[smoser]

fixes #20

[smoser]

So 2 things todo here:

1. reject '--' followed by key=value as serge suggested
2. actually test this. I've done almost all of it with LINUX_TEST, so... actual test would be good.

For 2, i have a test harness in reasonable shape and wlil poke a bit at that now.

[hallyn]

Thanks! Is there anything more you wanted to do before we merge?

[smoser]

Just like to say that we decided to not bother with special handling on -- because anything in the runtime command line is checked against the allowed list. If the user puts the marker after --, then they're probably getting what they expected.

[smoser]

Just some notes on -- that I made from another discussion with serge that may be helpful later.

from kernel-parameters.html:

The kernel parses parameters from the kernel command line up to --; if it doesn’t recognize a parameter and it doesn’t contain a ‘.’, the parameter gets passed to init: parameters with ‘=’ go into init’s environment, others are passed as command line arguments to init. Everything after -- is passed as an argument to init.

My understanding is that systemd doensn't really care much what is on its command line versus what it fishes out of /proc/cmdline. Also, it seems that when an initrd is used, the statement above is simply not true. In that case, the kernel does not pass any arguments to /init, so it would be up to /init to implement policy on what goes through to /sbin/init (probably by reading /proc/cmdline).

My understanding is that initrds do not do what the kernel describes.

• dracut's setting of initargs is in modules.d/99/99base/init.sh. It seems to have different behavior depending on whether or not 'init=' is provided, but does not treat -- specially in any way.
• initramfs-tools (debian/ubuntu) does it in init.sh. It seems like it just passes on whatever parameters it gets (i do not see where it does any 'set --' to re-set the "$@" var).

In my c-i-boot-test for #13, I added code to the initramfs that we build to show the parameters that /init is provided with.