From: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
To: Petr Mladek <pmladek@suse.com>
Cc: John Ogness <john.ogness@linutronix.de>,
Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] printk: fix buffer overflow potential for print_text()
Date: Tue, 19 Jan 2021 09:44:56 +0900 [thread overview]
Message-ID: <YAYriDiAl7lajty9@jagdpanzerIV.localdomain> (raw)
In-Reply-To: <YAGFebfPNLwjyhcl@alley>
On (21/01/15 13:07), Petr Mladek wrote:
> On Fri 2021-01-15 13:04:37, Petr Mladek wrote:
> > On Thu 2021-01-14 18:10:12, John Ogness wrote:
> > > Before commit b6cf8b3f3312 ("printk: add lockless ringbuffer"),
> > > msg_print_text() would only write up to size-1 bytes into the
> > > provided buffer. Some callers expect this behavior and append
> > > a terminator to returned string. In particular:
> > >
> > > arch/powerpc/xmon/xmon.c:dump_log_buf()
> > > arch/um/kernel/kmsg_dump.c:kmsg_dumper_stdout()
> > >
> > > msg_print_text() has been replaced by record_print_text(), which
> > > currently fills the full size of the buffer. This causes a
> > > buffer overflow for the above callers.
> > >
> > > Change record_print_text() so that it will only use size-1 bytes
> > > for text data. Also, for paranoia sakes, add a terminator after
> > > the text data.
> > >
> > > And finally, document this behavior so that it is clear that only
> > > size-1 bytes are used and a terminator is added.
> > >
> > > Fixes: b6cf8b3f3312 ("printk: add lockless ringbuffer")
> > > Signed-off-by: John Ogness <john.ogness@linutronix.de>
John, how did you spot these problems?
FWIW, Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
> I forgot one thing. We should add stable here:
>
> Cc: stable@vger.kernel.org # 5.10+
Good point.
-ss
next prev parent reply other threads:[~2021-01-19 0:45 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-14 17:04 [PATCH] printk: fix buffer overflow potential for print_text() John Ogness
2021-01-15 12:04 ` Petr Mladek
2021-01-15 12:07 ` Petr Mladek
2021-01-19 0:44 ` Sergey Senozhatsky [this message]
2021-01-19 8:54 ` John Ogness
2021-01-19 10:29 ` Sergey Senozhatsky
2021-01-19 11:44 ` John Ogness
2021-01-19 12:22 ` Petr Mladek
2021-01-19 11:20 ` Petr Mladek
2021-01-15 14:16 ` John Ogness
2021-01-15 16:04 ` Petr Mladek
2021-01-22 21:21 ` Sven Schnelle
2021-01-22 23:42 ` John Ogness
2021-01-23 21:18 ` Sven Schnelle
2021-01-23 21:41 ` Sven Schnelle
2021-01-24 8:13 ` John Ogness
2021-01-24 8:59 ` Sven Schnelle
2021-02-26 17:19 ` Alexander Gordeev
2021-02-26 17:39 ` John Ogness
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YAYriDiAl7lajty9@jagdpanzerIV.localdomain \
--to=sergey.senozhatsky@gmail.com \
--cc=john.ogness@linutronix.de \
--cc=linux-kernel@vger.kernel.org \
--cc=pmladek@suse.com \
--cc=rostedt@goodmis.org \
--cc=sergey.senozhatsky.work@gmail.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).