Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp844809imm; Fri, 28 Sep 2018 07:46:49 -0700 (PDT) X-Google-Smtp-Source: ACcGV61w7WlCqqV0VIi2iAWBTv+kDWYF4ulFa4D9IIz1i0CMeJiL5RBw33cx82P9z1edmo4PQsEt X-Received: by 2002:a62:3241:: with SMTP id y62-v6mr17243648pfy.4.1538146009050; Fri, 28 Sep 2018 07:46:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538146009; cv=none; d=google.com; s=arc-20160816; b=nX1E8y+VRAxc9+YR1o36R1Ekb1IppGs+mAUkXqQC/VwdGivE3VK+j9qy/nb56ypIWs Q78iZiZHjaodNO4mNXw/MaEkrM/ExpcRbTTw0RvQCKy2gJGV0Y8jg8VHQrRmERlbfe7f e7bFnqy1B4UDf7Q5+gWDR+kx1h1jRXpEVCYmPHQN4LqO43HrLNrZ9ckuGfNM/03pYVX5 t7vHeTvSCoDPMB3TY8v0XFyUK2JlEtnjdxP5FeDquKoXrpeSQ8428lLcJKolybqM9uPC ugmuBYBmuQ+9hD9dTQohKOzJ7Q1L0x2jmmus/ALHehbuqAN6gmaNzaP965tfhwY7pD6H vcSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:to :from; bh=ky0GtPnytQHs/gKvGfDv8ZGhIznoburL2ZhbtnRrp7E=; b=xgjKNnDWVhwGhaI6ApFFH3voaFdiFmExd8qGzqY487+hF+2BGOUyLvTMomJLdHlrmy g6TQyq2j4pMrrdFqRg4YP9P4QzgNn9CJFt3uwvBQlgMdqp9g7sVSg3QhqgWydM0KC2sW a/2DCOYSz5eY6P5romnJqwBnIvLMG/MVBc82OzQw0j+OntE7Y5uesUFqKLewFWkx3oqp ntHRmSWVTLqboCdLlaf06MhnEs1JM4YkNlEtUVSCNezh13C2pF+poWsz0LQu6+hqNYa9 Lk4m57oT6Xr/rHyxk+HkTt9BSoQUwfiX5yGfKWM2DJA0BZ9UlmGbPd6oVuhRG+cnNamh cmHQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t23-v6si4586092pgu.285.2018.09.28.07.46.33; Fri, 28 Sep 2018 07:46:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729368AbeI1VKQ (ORCPT + 99 others); Fri, 28 Sep 2018 17:10:16 -0400 Received: from mail.windriver.com ([147.11.1.11]:57480 "EHLO mail.windriver.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726867AbeI1VKQ (ORCPT ); Fri, 28 Sep 2018 17:10:16 -0400 Received: from ALA-HCA.corp.ad.wrs.com ([147.11.189.40]) by mail.windriver.com (8.15.2/8.15.1) with ESMTPS id w8SEk4VX023354 (version=TLSv1 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 28 Sep 2018 07:46:04 -0700 (PDT) Received: from pek-lpg-core2.corp.ad.wrs.com (128.224.153.41) by ALA-HCA.corp.ad.wrs.com (147.11.189.40) with Microsoft SMTP Server id 14.3.408.0; Fri, 28 Sep 2018 07:46:03 -0700 From: To: , , , , Subject: [PATCH v3 1/2] printk: Fix panic caused by passing log_buf_len to command line Date: Fri, 28 Sep 2018 22:46:00 +0800 Message-ID: <1538145961-52724-1-git-send-email-zhe.he@windriver.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: He Zhe log_buf_len_setup does not check input argument before passing it to simple_strtoull. The argument would be a NULL pointer if "log_buf_len", without its value, is set in command line and thus causes the following panic. PANIC: early exception 0xe3 IP 10:ffffffffaaeacd0d error 0 cr2 0x0 [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc4-yocto-standard+ #1 [ 0.000000] RIP: 0010:_parse_integer_fixup_radix+0xd/0x70 ... [ 0.000000] Call Trace: [ 0.000000] simple_strtoull+0x29/0x70 [ 0.000000] memparse+0x26/0x90 [ 0.000000] log_buf_len_setup+0x17/0x22 [ 0.000000] do_early_param+0x57/0x8e [ 0.000000] parse_args+0x208/0x320 [ 0.000000] ? rdinit_setup+0x30/0x30 [ 0.000000] parse_early_options+0x29/0x2d [ 0.000000] ? rdinit_setup+0x30/0x30 [ 0.000000] parse_early_param+0x36/0x4d [ 0.000000] setup_arch+0x336/0x99e [ 0.000000] start_kernel+0x6f/0x4ee [ 0.000000] x86_64_start_reservations+0x24/0x26 [ 0.000000] x86_64_start_kernel+0x6f/0x72 [ 0.000000] secondary_startup_64+0xa4/0xb0 This patch adds a check to prevent the panic and a check to report if someone is setting it over 4G. Signed-off-by: He Zhe Cc: stable@vger.kernel.org Cc: pmladek@suse.com Cc: sergey.senozhatsky@gmail.com Cc: rostedt@goodmis.org --- v2: Split out the addition of pr_fmt and the unsigned update v3: Remove error message for NULL pointer Add check and error message for over 4G use kernel/printk/printk.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index 9bf5404..1c932b6 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -1037,18 +1037,29 @@ void log_buf_vmcoreinfo_setup(void) static unsigned long __initdata new_log_buf_len; /* we practice scaling the ring buffer by powers of 2 */ -static void __init log_buf_len_update(unsigned size) +static void __init log_buf_len_update(u64 size) { + if (size > UINT_MAX) { + size = UINT_MAX; + pr_err("log_buf over 4G is not supported.\n"); + } + if (size) size = roundup_pow_of_two(size); if (size > log_buf_len) - new_log_buf_len = size; + new_log_buf_len = (unsigned long)size; } /* save requested log_buf_len since it's too early to process it */ static int __init log_buf_len_setup(char *str) { - unsigned size = memparse(str, &str); + u64 size; + + if (!str) { + return -EINVAL; + } + + size = memparse(str, &str); log_buf_len_update(size); -- 2.7.4