Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp729355imm; Sat, 22 Sep 2018 09:19:29 -0700 (PDT) X-Google-Smtp-Source: ACcGV60OCkmmk7a9w3CwiRZD7hlC5v1gupeDzWbrgkyHZSg08NcKPivUTqc1K+x7bung5k3Y5p7h X-Received: by 2002:a17:902:f205:: with SMTP id gn5mr3195407plb.41.1537633169229; Sat, 22 Sep 2018 09:19:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537633169; cv=none; d=google.com; s=arc-20160816; b=KZjA3Ig2oxkhdWlRybSCueL9jjgYmp5rDOCIVqp4OBXHiry7xDaTSD/50iJS/ZuDrC Y4Id9b5xyORixQFq+yJ1sYtf8x8oNjCuSe5KPxsBDnWzUmSDuL4+ROFcIjagPLSvV2aq B+jrNWEmZNafK13n5/w7Y5pmd1ePfvO2pJpSF4DLWYMio0+UCmMaHD6j5HHEx4vJv88l K+FbKX4DcSxPlWRLohleW2JtZb+/bzFtvqVogj7GaA69pL8iZ/blYrEqViCZ5XLanUDe uAaOwmdcGHFjUImFwVfV0x95quwbNfhOzxAA9+RfD6gn/sWr90ikD8XArNcxWdflBi7c 0Tww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=3B4Di/RinVXkSISbdkcNeujZJEbOUvE/BkeAdlg3sEY=; b=0zK2tJvfWD3F/9Jo06AeFfjj9KhQXIgOqq1cDugHQHQ0qg/QXyA3E0FkVeLnQYmqdE ZFr6KZiv7l9+Yp379osu4YzkhJ7XR9QNjrrcqZCbOa9AkmHrLV4wkD72YyLYeYPV3zak 9cK0k53kLVJ23bx8HHEEpIfqjlcg0LPoOBWBc3zGDDIu7EXIEunGuRth+NQMTz4QFnKx rsw1wDdoyarLuzGQqUU3PkIb7qX90bKNDuZqDvYW/9STUm7AIkK7DI6YjNYPFVZgzet+ Ohe3vaxXLUTKnOo/uwd32UuGSF5oEJdhzj78bXL28RkNY+Nmv8meJBmuMB+OwVANHADE fAAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n27-v6si334469pgb.628.2018.09.22.09.19.12; Sat, 22 Sep 2018 09:19:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728527AbeIVWNP (ORCPT + 99 others); Sat, 22 Sep 2018 18:13:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:56316 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727993AbeIVWNP (ORCPT ); Sat, 22 Sep 2018 18:13:15 -0400 Received: from vmware.local.home (rrcs-24-39-165-138.nys.biz.rr.com [24.39.165.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id DD52F21522; Sat, 22 Sep 2018 16:19:07 +0000 (UTC) Date: Sat, 22 Sep 2018 12:19:05 -0400 From: Steven Rostedt To: Cc: , , Subject: Re: [PATCH v3 1/2] printk: Fix panic caused by passing log_buf_len to command line Message-ID: <20180922121905.3e4159eb@vmware.local.home> In-Reply-To: <1537630852-247674-1-git-send-email-zhe.he@windriver.com> References: <1537630852-247674-1-git-send-email-zhe.he@windriver.com> X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, 22 Sep 2018 23:40:51 +0800 wrote: > From: He Zhe > > log_buf_len_setup does not check input argument before passing it to > simple_strtoull. The argument would be a NULL pointer if "log_buf_len", > without its value, is set in command line and thus causes the following > panic. > > PANIC: early exception 0xe3 IP 10:ffffffffaaeacd0d error 0 cr2 0x0 > [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc4-yocto-standard+ #1 > [ 0.000000] RIP: 0010:_parse_integer_fixup_radix+0xd/0x70 > ... > [ 0.000000] Call Trace: > [ 0.000000] simple_strtoull+0x29/0x70 > [ 0.000000] memparse+0x26/0x90 > [ 0.000000] log_buf_len_setup+0x17/0x22 > [ 0.000000] do_early_param+0x57/0x8e > [ 0.000000] parse_args+0x208/0x320 > [ 0.000000] ? rdinit_setup+0x30/0x30 > [ 0.000000] parse_early_options+0x29/0x2d > [ 0.000000] ? rdinit_setup+0x30/0x30 > [ 0.000000] parse_early_param+0x36/0x4d > [ 0.000000] setup_arch+0x336/0x99e > [ 0.000000] start_kernel+0x6f/0x4ee > [ 0.000000] x86_64_start_reservations+0x24/0x26 > [ 0.000000] x86_64_start_kernel+0x6f/0x72 > [ 0.000000] secondary_startup_64+0xa4/0xb0 > > This patch adds a check to prevent the panic. > > Signed-off-by: He Zhe > Cc: stable@vger.kernel.org I just tried this on a 2.6.32 kernel, and it crashes there. I guess this goes farther back than git history goes. Perhaps it should be commented that this bug has been here since creation of (git) time. > Cc: pmladek@suse.com > Cc: sergey.senozhatsky@gmail.com > Cc: rostedt@goodmis.org > --- > v2: > Split out the addition of pr_fmt and the unsigned update Which unsigned update? As it does switch to unsigned to "unsigned int", but that change is fine to me with this. > v3: > Use more clear error info > Change unsigned to unsigned in to avoid checkpatch.pl warning > > kernel/printk/printk.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c > index 9bf5404..d9821c0 100644 > --- a/kernel/printk/printk.c > +++ b/kernel/printk/printk.c > @@ -1048,7 +1048,14 @@ static void __init log_buf_len_update(unsigned size) > /* save requested log_buf_len since it's too early to process it */ > static int __init log_buf_len_setup(char *str) > { > - unsigned size = memparse(str, &str); > + unsigned int size; I'm OK with the int update too, as its low risk. Acked-by: Steven Rostedt (VMware) -- Steve > + > + if (!str) { > + pr_err("boot command line parameter value not provided\n"); > + return -EINVAL; > + } > + > + size = memparse(str, &str); > > log_buf_len_update(size); >