diff options
| author | Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> | 2018-12-04 19:00:01 +0900 |
|---|---|---|
| committer | Petr Mladek <pmladek@suse.com> | 2018-12-10 10:45:59 +0100 |
| commit | e80c1a9d5f514ce5134c6c4263a11607341466c9 (patch) | |
| tree | 9809c5253e849d33edd885322a2a925ae25e1937 /kernel/panic.c | |
| parent | 9adcfaffc34d53e498637237fb3701560359d50b (diff) | |
| download | linux-e80c1a9d5f514ce5134c6c4263a11607341466c9.tar.bz2 | |
printk: fix printk_time race.
Since printk_time can be toggled via /sys/module/printk/parameters/time ,
it is not safe to assume that output length does not change across
multiple msg_print_text() calls. If we hit this race, we can observe
failures such as SYSLOG_ACTION_READ_ALL writes more bytes than userspace
has supplied, SYSLOG_ACTION_SIZE_UNREAD returns -EFAULT when succeeded,
SYSLOG_ACTION_READ reads garbage memory or even triggers an kernel oops
at _copy_to_user() due to integer overflow.
To close this race, get a snapshot value of printk_time and pass it to
SYSLOG_ACTION_READ, SYSLOG_ACTION_READ_ALL, SYSLOG_ACTION_SIZE_UNREAD and
kmsg_dump_get_buffer().
Link: http://lkml.kernel.org/r/555af37c-b9e0-f940-cb73-a78eba2d4944@i-love.sakura.ne.jp
To: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Diffstat (limited to 'kernel/panic.c')
0 files changed, 0 insertions, 0 deletions