Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp316122pxb; Fri, 15 Jan 2021 04:09:24 -0800 (PST) X-Google-Smtp-Source: ABdhPJzBCC9lHPuN+IQbkXxENpNZ1xGPJ+o/gZ0hIoLhn7x3dl96eSZgwVtIqazlVkbUB0hpWgEb X-Received: by 2002:a17:906:3553:: with SMTP id s19mr8331907eja.95.1610712564546; Fri, 15 Jan 2021 04:09:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610712564; cv=none; d=google.com; s=arc-20160816; b=MccEOXthnCOkgeuusU0EQms4s2dIxDfAxNMQ3fnUz2MNsvwNAng6ZgKAsP5lINbRWG ANA7rLArPQmjcmVELPz+2SvbBBKhDZt7RLKyFQghcdzkQ8hkp3+Kyh5Oo+LTFTG8lwty rG9BKzUyYGDowXRHNXI53B/b3tshy7zwN4ZAQ88mG8dYuq4+y6HYxImyTkC7ilciM8t3 QeDNlFdoUK4+Y+grlczdjh8xuiKsyDbiCdUvlf1x7G+HTGwpgkRjvP0uoR382K2m1uCc x8WAWD6J9wmAJvs4OmKsSAa7lbSoloku+nROVgNnnJ++GoT+cQNmFJ1gTIK9P6LQDGMj PX/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=MUCy1SQ0o4x8Wtv0k08Ub3mFXz5f8q3f/r3Ggt02lEY=; b=U71Tq4PIjGTFUi3ADhNkpdJ8QnnsxVTO9Fao3ANNnLkhpxfctu5zu4S8eU1CBz+ZBX ZYP9q4UUqiq01SMVrtD/9ZuSjlrLCljpVdhy/b6cSUqvevbUjAut/VtemeetqQtTPsjW Cr/c/+gUvu+2y4lGBZPf+lpR6kKLlNBqi/+8caS6oH13NYdR5nP+vXiaff2LjNYgTA3i ouUZIf6lGYCy0fgvYuIVdhnCB3DypnrFZhRk43SsorC5aQwJxDQdoOA4BPQdXa7KCHeo PvgZ/91POOp95gIhoBYooRYqwrJVprwkL3ghSZE+hfaGYGdFdP7qwgaMv2NGOz2ZcX1F 9opg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=AoBO0m2O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b2si3709825ejc.551.2021.01.15.04.09.00; Fri, 15 Jan 2021 04:09:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=AoBO0m2O; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729050AbhAOMIJ (ORCPT + 99 others); Fri, 15 Jan 2021 07:08:09 -0500 Received: from mx2.suse.de ([195.135.220.15]:59830 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728439AbhAOMII (ORCPT ); Fri, 15 Jan 2021 07:08:08 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1610712442; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=MUCy1SQ0o4x8Wtv0k08Ub3mFXz5f8q3f/r3Ggt02lEY=; b=AoBO0m2O2AABV6+ZcHLKc06diYXoIP5lfFS1PMe2onCIrau2Dpak5iuERGNHWGQRSvcoQO cH2rHSjZuxlXTKCV5iGTr/XoljNKxmuWH8U95dBDfAi9w8QdhKooocddcCdCr38+MKpTAc lDmqF5IdBfkULk9K+Aqaj+Qa1da/wHQ= Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id EA028AC63; Fri, 15 Jan 2021 12:07:21 +0000 (UTC) Date: Fri, 15 Jan 2021 13:07:21 +0100 From: Petr Mladek To: John Ogness Cc: Sergey Senozhatsky , Sergey Senozhatsky , Steven Rostedt , Linus Torvalds , linux-kernel@vger.kernel.org Subject: Re: [PATCH] printk: fix buffer overflow potential for print_text() Message-ID: References: <20210114170412.4819-1-john.ogness@linutronix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri 2021-01-15 13:04:37, Petr Mladek wrote: > On Thu 2021-01-14 18:10:12, John Ogness wrote: > > Before commit b6cf8b3f3312 ("printk: add lockless ringbuffer"), > > msg_print_text() would only write up to size-1 bytes into the > > provided buffer. Some callers expect this behavior and append > > a terminator to returned string. In particular: > > > > arch/powerpc/xmon/xmon.c:dump_log_buf() > > arch/um/kernel/kmsg_dump.c:kmsg_dumper_stdout() > > > > msg_print_text() has been replaced by record_print_text(), which > > currently fills the full size of the buffer. This causes a > > buffer overflow for the above callers. > > > > Change record_print_text() so that it will only use size-1 bytes > > for text data. Also, for paranoia sakes, add a terminator after > > the text data. > > > > And finally, document this behavior so that it is clear that only > > size-1 bytes are used and a terminator is added. > > > > Fixes: b6cf8b3f3312 ("printk: add lockless ringbuffer") > > Signed-off-by: John Ogness I forgot one thing. We should add stable here: Cc: stable@vger.kernel.org # 5.10+ No need to resend the patch. I'll add it when pushing the patch. Best Regards, Petr