* [GIT PULL] printk urgent fix for 5.11-rc6
@ 2021-01-25 14:42 Petr Mladek
2021-01-25 20:25 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: Petr Mladek @ 2021-01-25 14:42 UTC (permalink / raw)
To: Linus Torvalds
Cc: Sergey Senozhatsky, Steven Rostedt, John Ogness, Peter Zijlstra,
linux-kernel, syzkaller-bugs, Sven Schnelle
Linus,
please pull an urgent fixup from
git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux.git tags/printk-for-5.11-urgent-fixup
===============================
- Prevent writing the trailing '\0' past the reader buffer.
===============================
The fix of a potential buffer overflow in 5.11-rc5 introduced another one.
The trailing '\0' might be written up to the message "len" past the buffer.
Fortunately, it is not that easy to hit[*].
Most readers use 1kB buffers for a single message. Typical messages fit into
the temporary buffer with enough reserve.
Also readers do not rely on the '\0'. It is related to the previous
fix. Some readers required the space for the trailing '\0'. We decided
to write it there to avoid such regressions in the future.
The most realistic victims are message dumpers using kmsg_dump_get_buffer().
They are filling the entire buffer with as many messages as possible. They
are typically used when handling panic().
The problem has been reported twice by a test suite and a robot:
https://lore.kernel.org/r/yt9dk0s48y70.fsf@linux.ibm.com
https://lore.kernel.org/r/000000000000bc67d205b9b8feb2@google.com
[*] This is not an excuse for such a mistake. We really should have caught
it during development,review, or testing.
----------------------------------------------------------------
John Ogness (1):
printk: fix string termination for record_print_text()
Petr Mladek (1):
Merge branch 'printk-rework' into for-linus
kernel/printk/printk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [GIT PULL] printk urgent fix for 5.11-rc6
2021-01-25 14:42 [GIT PULL] printk urgent fix for 5.11-rc6 Petr Mladek
@ 2021-01-25 20:25 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2021-01-25 20:25 UTC (permalink / raw)
To: Petr Mladek
Cc: Linus Torvalds, Sergey Senozhatsky, Steven Rostedt, John Ogness,
Peter Zijlstra, linux-kernel, syzkaller-bugs, Sven Schnelle
The pull request you sent on Mon, 25 Jan 2021 15:42:29 +0100:
> git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux.git tags/printk-for-5.11-urgent-fixup
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/007ad27d7bafc6df36e1d6ad4a13f6d602376193
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-01-25 20:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-25 14:42 [GIT PULL] printk urgent fix for 5.11-rc6 Petr Mladek
2021-01-25 20:25 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).