Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp4634144rwb;
        Tue, 17 Jan 2023 03:34:43 -0800 (PST)
X-Google-Smtp-Source: AMrXdXtU+246ZGaleIYkFSi0jCJ95gqejwRTYlTh/WHU3TJCSU6sSKtL5jiI7vWVr/nFqIyJNXCj
X-Received: by 2002:a17:906:15da:b0:870:9346:ddc9 with SMTP id l26-20020a17090615da00b008709346ddc9mr2364040ejd.45.1673955282781;
        Tue, 17 Jan 2023 03:34:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673955282; cv=none;
        d=google.com; s=arc-20160816;
        b=06xmOGyYg5DJMCVn+cVUBm43YujPt6C/mWveyDN+TpWvyhn7nd4457rr0ABecVu3jT
         THnQyLFRvXGhQx+RqW6DP6nb6wTAWcavtFH/FMC84ASTXiZQ0btBKbFkVHy77KSa6dnP
         +Fh9c5B52Re6og06ZG1IM6Vh2tdOWEJBkQz6r1gqgZxGs5Gs1ofoRMAWES8xYvgwIoAS
         L3h9UZPTb96D9WINsPzKQoDhu+g/NJEV3SXoxOsszCotbhy8IQrPQZ5EjiSxOykvJrz5
         VHd21nbQ4uHHi1VcC1P3FWcB+49wDO4Zif1vJOuYkcYxbWE9TZxzwvGMBGIMJWK+/0Mo
         ojBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=XPjwrcXmuFGkQbX3taDI9ie1BtTBZf9HP9xMBmIbYHg=;
        b=pYH01Om/gA+kVfXFxg48xl83pX8qzAjjtGWxeJf2kQgzlSVuP83Gr6Oui1v+hF5vhl
         ldiWN0R0T3Ee6ufCvNri8YtYUMIA89prBL0h+YUPeqk/lmtTdT0LWybWaMLqN1IgAyrj
         gATMYMnjLImNDqAzrM6E3sqLOJyNINO7Y0PR23yxHjS2/CCeG3PLYVH71vT+hmWe5g2E
         RcCyhsH0cTD06wg1GiHVVQd/o+Qc0knGRHGTduo4cXRQL67dfd8TeezeTHGmZGZJ9xr7
         tHvKYwqOR3klMa+NTAGT1q70b4/togI+mjJ5WDIM+qkTKkGUGwmG6HeWbaO0rkVpeBfh
         OTGw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=QejvsoIM;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id l11-20020a170906794b00b0084514612c2asi37167103ejo.609.2023.01.17.03.34.30;
        Tue, 17 Jan 2023 03:34:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.com header.s=susede1 header.b=QejvsoIM;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236760AbjAQLUx (ORCPT <rfc822;a.beregalov@gmail.com>
        + 49 others); Tue, 17 Jan 2023 06:20:53 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40508 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236638AbjAQLU3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 17 Jan 2023 06:20:29 -0500
Received: from smtp-out2.suse.de (smtp-out2.suse.de [IPv6:2001:67c:2178:6::1d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF3CE33459;
        Tue, 17 Jan 2023 03:20:24 -0800 (PST)
Received: from relay2.suse.de (relay2.suse.de [149.44.160.134])
        by smtp-out2.suse.de (Postfix) with ESMTP id 680FB5CB40;
        Tue, 17 Jan 2023 11:20:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1;
        t=1673954423; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=XPjwrcXmuFGkQbX3taDI9ie1BtTBZf9HP9xMBmIbYHg=;
        b=QejvsoIMCwUtGFOfkF1T35ph+Pp2eQzJX1oyMUJutWnO+tPAsvBOMrdBi4xcU66AK82Jpj
        L2h504x44J6hR1jOtzYRPKj26VV/Z3xpKB/V7Q47FF2SHxkwSJy6QMHUelno/9wipM6ruN
        1sBKFQPCcoYXQYsvjBy5+L5MRMJOt34=
Received: from suse.cz (unknown [10.100.201.202])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by relay2.suse.de (Postfix) with ESMTPS id D90852C141;
        Tue, 17 Jan 2023 11:20:22 +0000 (UTC)
Date:   Tue, 17 Jan 2023 12:20:20 +0100
From:   Petr Mladek <pmladek@suse.com>
To:     Sergey Senozhatsky <senozhatsky@chromium.org>
Cc:     John Ogness <john.ogness@linutronix.de>,
        coverity-bot <keescook@chromium.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        linux-kernel@vger.kernel.org,
        "Gustavo A. R. Silva" <gustavo@embeddedor.com>,
        linux-next@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: Re: Coverity: console_prepend_dropped(): Memory - corruptions
Message-ID: <Y8aEdDxQrQICQtem@alley>
References: <202301131544.D9E804CCD@keescook>
 <Y8KAhaiZQOWTcfyF@google.com>
 <Y8V8tqMJeB7t+rcJ@alley>
 <Y8YRBo7ZmtzWT4J1@google.com>
 <877cxl3abr.fsf@jogness.linutronix.de>
 <Y8ZTlVX3HQUVkU13@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Y8ZTlVX3HQUVkU13@google.com>
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue 2023-01-17 16:51:49, Sergey Senozhatsky wrote:
> On (23/01/17 08:16), John Ogness wrote:
> > On 2023-01-17, Sergey Senozhatsky <senozhatsky@chromium.org> wrote:
> > > On (23/01/16 17:35), Petr Mladek wrote:
> > >> 	len = snprintf(scratchbuf, scratchbuf_sz,
> > >> 		       "** %lu printk messages dropped **\n", dropped);
> > >
> > > Wouldn't
> > >
> > > 	if (WARN_ON_ONCE(len + PRINTK_PREFIX_MAX >= outbuf_sz))
> > > 		return;
> > >
> > > prevent us from doing something harmful?

The problem is that it compares outbuf_sz that is bigger than
scratchbuf.

The above check should prevent crash in:

	memmove(outbuf + len, outbuf, pmsg->outbuf_len + 1);

But it would not prevent out-of-bound access to scratchbuf in:

	memcpy(outbuf, scratchbuf, len);


That said, the coverity report is pretty confusing. It is below
the memmove() so that it looks like the memmove() is dangerous.
But it talks about "scratchbuf" so that it probably describes
the real problem in "memcpy()".


> > Sure. But @0len is supposed to contain the number of bytes in
> > @scratchbuf, which theoretically it does not. snprintf() is the wrong
> > function to use here, even if there is not real danger in this
> > situation.
> 
> Oh, yes, I agree that snprintf() should be replaced. Maybe we can go
> even a bit furhter and replace all snprintf()-s in kernel/printk/*
> (well, in a similar fashion, just in case). I'm just trying to understand
> what type of assumptions does coverity make here and so far everything
> looks rather peculiar.

Note that we sometimes need snprintf() to compute the needed size
of the buffer. For example, vsnprintf() in vprintk_store() is
correct.

It looks to me that snprintf() in console_prepend_dropped() is the
only real problem.

Well, it would be nice to replace the few sprintf() calls. They look safe
because the size of the output is limited by the printf format but...

Best Regards,
Petr