Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4724485pxj; Wed, 12 May 2021 11:46:28 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx4X0se85dLigZUs7ZJQFeFHqyJPsT6aC7njqvCM7iROGBDFyEig2Z4lF5X13JPNF2HU3SC X-Received: by 2002:a9d:69c5:: with SMTP id v5mr31364107oto.108.1620845188774; Wed, 12 May 2021 11:46:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620845188; cv=none; d=google.com; s=arc-20160816; b=mgMH/ONdsqq3UiAREMcYfzVnsNllBv5+fBa5Q7VoZaa/Kj8OW8TOQuEPJxkqd+qX36 prwPzqXWcwqISJMxJs7iQdjUgefWB4lFL5uEk0JTh4R0NNlne5IFJ60q28F6+QIKGNX3 HEoJCcEuqjX/xR4PSSd//Sx+upwgGnRZfr9YY2XbTxK6GFadnUxqMIJJFU9Boyd6E03k UXetehN9yCeV6+gXu28WLSWpUeN3Sr89vIf0n7SCxlEIqNK1iJ2qfqwlISXXDSPDiAYA 1+V6gMyoLWwPbR0BNUCy//7kJ3q4M8XJjQKKEbAG2X4UBWkEhRAiwrypGy70iawOcG9W Xn7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=KSinXs3AByfqvoSATkSWjdN7TtZC5A6GRVoFMIMRVOM=; b=MtfU4DK4J8Q5Qc5z+P5jqoijsSyIUNuhhSSQplLdMy9qoEz2fpSJi/1S0/0s5h4w85 VictgPXtq7Aovh+j/pkVC3Ba8TWu/5XYG2+tLu9AOv1r42GKR5mcmqXqZC+k0VnEdxCH TDdr/GYH4z1mtaAhkM91thP7bnnyCNJVYHUU6KbkYxw0vH7FVUTra6bY04eO7e7OI6G5 lYZuUavCYRmsTgBOXfhEH2ZjD8RQNBm9uaMiQIHW25wS/Znl63k9pmrBprGxXTZNRBVI DSBvEqBn1xxeEoRGGDXCxpe1tdPiVqusjZ40Yn/vo6tG0AaZr4JI/UNtBuM9N9dyQt1L VL7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yoczmEIX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n17si777132ooj.61.2021.05.12.11.46.15; Wed, 12 May 2021 11:46:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yoczmEIX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357936AbhELSmA (ORCPT + 99 others); Wed, 12 May 2021 14:42:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:35714 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243420AbhELQlJ (ORCPT ); Wed, 12 May 2021 12:41:09 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id D227661E3F; Wed, 12 May 2021 16:04:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1620835442; bh=SfNP/GQECSkZeIGOR0B7vM9t5zWSbsxJFDeCrUlQTwQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=yoczmEIXfSRP8A89d87z7vAgAcjZLJubny4qBec4zY9m2ugBTjA/rh+k0t84DeowR NGH9h6JSerZPNTRdHhuO+pXEdzR4Ls5VuNjMJjOObthxnpBkf0Ci8+uQmAhk/XUYTp JH9khy3ToqBLMwHJb6tDFAPRPp5/nDTy/nvg8IFA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, John Ogness , Petr Mladek , Sasha Levin Subject: [PATCH 5.12 347/677] printk: limit second loop of syslog_print_all Date: Wed, 12 May 2021 16:46:33 +0200 Message-Id: <20210512144848.836628902@linuxfoundation.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210512144837.204217980@linuxfoundation.org> References: <20210512144837.204217980@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: John Ogness [ Upstream commit bb07b16c44b2c6ddbafa44bb06454719002e828e ] The second loop of syslog_print_all() subtracts lengths that were added in the first loop. With commit b031a684bfd0 ("printk: remove logbuf_lock writer-protection of ringbuffer") it is possible that records are (over)written during syslog_print_all(). This allows the possibility of the second loop subtracting lengths that were never added in the first loop. This situation can result in syslog_print_all() filling the buffer starting from a later record, even though there may have been room to fit the earlier record(s) as well. Fixes: b031a684bfd0 ("printk: remove logbuf_lock writer-protection of ringbuffer") Signed-off-by: John Ogness Reviewed-by: Petr Mladek Signed-off-by: Petr Mladek Link: https://lore.kernel.org/r/20210303101528.29901-4-john.ogness@linutronix.de Signed-off-by: Sasha Levin --- kernel/printk/printk.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c index 575a34b88936..77ae2704e979 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -1494,6 +1494,7 @@ static int syslog_print_all(char __user *buf, int size, bool clear) struct printk_info info; unsigned int line_count; struct printk_record r; + u64 max_seq; char *text; int len = 0; u64 seq; @@ -1512,9 +1513,15 @@ static int syslog_print_all(char __user *buf, int size, bool clear) prb_for_each_info(clear_seq, prb, seq, &info, &line_count) len += get_record_print_text_size(&info, line_count, true, time); + /* + * Set an upper bound for the next loop to avoid subtracting lengths + * that were never added. + */ + max_seq = seq; + /* move first record forward until length fits into the buffer */ prb_for_each_info(clear_seq, prb, seq, &info, &line_count) { - if (len <= size) + if (len <= size || info.seq >= max_seq) break; len -= get_record_print_text_size(&info, line_count, true, time); } -- 2.30.2