Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp628620imm; Fri, 11 May 2018 04:03:11 -0700 (PDT) X-Google-Smtp-Source: AB8JxZoMR6rPhzO/xU4KoP9a9nhZQm0hVH2W10IRbMNqHyihBfYITIu+7IFewzWuyvjrTV3zBRIz X-Received: by 2002:a17:902:2924:: with SMTP id g33-v6mr5119407plb.26.1526036591693; Fri, 11 May 2018 04:03:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526036591; cv=none; d=google.com; s=arc-20160816; b=mU1QF+ckb99YctWSsJspg6Jjn3ijOu3RlwGNU1Cta6Xx6l2fyLdMqD4563K5H1LDvZ Wu7nn+FptW+QHbbZymK6VDbguTa8c2B5uk+azsUB1i3CuoeBV5kQMgzv+FrP3jmAghsu OBBUMYUM4+5+xrCqWhq4U3yLeoG+SMMkXkfb9XVX/c1YTWYuIeHXZTJuBaPYQPh468KR cAnogCGF4kk8UlCAoNnATg1CRCGnX8+32xbH5YOYxFhm3FLf9L3b6CDuB74aORxZMUwf oFGEgZejs7EtI2FMs0vzp7UkTW+fwq2aQck7M3ez/J1e3jxDlK+fh51thHCb8EG7b3aR WaTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:date:message-id:in-reply-to :references:from:subject:cc:to:arc-authentication-results; bh=qDjV8wteOLfGI+CmuZSIbjhyf8RpjP4vySU9Gj0jv0A=; b=QGJDVehU21AUmn4GSEx0+7SUfHuiFXRREVZLaTZs7w61aPmWEldbeJ/oCPYXbxW8QE xAh//wjkzBE0xyHFsUCB1AoMCXzzUFFPLtBc08soM9g0rPPKWd866KQX6uAa3bHk9P9P UVkAtKUrJQvRMfvCj49xlMmqRONKtSOPGTrU9Wd9AvWufnyHCl4h6PZgGsy338xBZDtn DZ8Hh4vslONFArkIYwo/qTT2zk2pC7CDQkkHPH9/1TeC4zeB2f94W/UjeOoXx3RayAui qf/wD2PkPBCG5EmRhxqKCXTrn1ddkgFldCItpyfK/PtfHly07/mO6HL67GHy4ebUQrKM HGCw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e9-v6si2283089pgr.477.2018.05.11.04.02.46; Fri, 11 May 2018 04:03:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752562AbeEKLCf (ORCPT + 99 others); Fri, 11 May 2018 07:02:35 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:11214 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751857AbeEKLCe (ORCPT ); Fri, 11 May 2018 07:02:34 -0400 Received: from fsav304.sakura.ne.jp (fsav304.sakura.ne.jp [153.120.85.135]) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id w4BB2WoU064438; Fri, 11 May 2018 20:02:32 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav304.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav304.sakura.ne.jp); Fri, 11 May 2018 20:02:32 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav304.sakura.ne.jp) Received: from AQUA (softbank126074194044.bbtec.net [126.74.194.44]) (authenticated bits=0) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id w4BB2Wcr064434; Fri, 11 May 2018 20:02:32 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) To: sergey.senozhatsky.work@gmail.com Cc: pmladek@suse.com, dvyukov@google.com, sergey.senozhatsky@gmail.com, syzkaller@googlegroups.com, rostedt@goodmis.org, fengguang.wu@intel.com, linux-kernel@vger.kernel.org, peterz@infradead.org Subject: [PATCH] printk: fix possible reuse of va_list variable From: Tetsuo Handa References: <201805102350.JJH73950.tVJHQLFSOMOOFF@I-love.SAKURA.ne.jp> <20180511014515.GA895@jagdpanzerIV> <201805110238.w4B2cIGH079602@www262.sakura.ne.jp> <20180511062151.GA18160@jagdpanzerIV> In-Reply-To: <20180511062151.GA18160@jagdpanzerIV> Message-Id: <201805112002.GIF21216.OFVHFOMLJtQFSO@I-love.SAKURA.ne.jp> X-Mailer: Winbiff [Version 2.51 PL2] X-Accept-Language: ja,en,zh Date: Fri, 11 May 2018 20:02:31 +0900 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >From 766cf72b5fdc00d1cf5a8ca2c6b23ebb75e2b4d4 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Fri, 11 May 2018 19:54:19 +0900 Subject: [PATCH] printk: fix possible reuse of va_list variable I noticed that there is a possibility that printk_safe_log_store() causes kernel oops because "args" parameter is passed to vsnprintf() again when atomic_cmpxchg() detected that we raced. Fix this by using va_copy(). Signed-off-by: Tetsuo Handa Fixes: 42a0bb3f71383b45 ("printk/nmi: generic solution for safe printk in NMI") Cc: Sergey Senozhatsky Cc: Petr Mladek Cc: Peter Zijlstra Cc: Steven Rostedt --- kernel/printk/printk_safe.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/printk/printk_safe.c b/kernel/printk/printk_safe.c index 3e3c200..449d67e 100644 --- a/kernel/printk/printk_safe.c +++ b/kernel/printk/printk_safe.c @@ -82,6 +82,7 @@ static __printf(2, 0) int printk_safe_log_store(struct printk_safe_seq_buf *s, { int add; size_t len; + va_list ap; again: len = atomic_read(&s->len); @@ -100,7 +101,9 @@ static __printf(2, 0) int printk_safe_log_store(struct printk_safe_seq_buf *s, if (!len) smp_rmb(); - add = vscnprintf(s->buffer + len, sizeof(s->buffer) - len, fmt, args); + va_copy(ap, args); + add = vscnprintf(s->buffer + len, sizeof(s->buffer) - len, fmt, ap); + va_end(ap); if (!add) return 0; -- 1.8.3.1