diff options
| author | John Ogness <john.ogness@linutronix.de> | 2021-01-14 18:10:12 +0106 |
|---|---|---|
| committer | Petr Mladek <pmladek@suse.com> | 2021-01-19 11:42:14 +0100 |
| commit | f0e386ee0c0b71ea6f7238506a4d0965a2dbef11 (patch) | |
| tree | fcb64a3869333c1e7e415bced21a6b7e00d1012e /scripts/mkuboot.sh | |
| parent | 89ccf18f032f26946e2ea6258120472eec6aa745 (diff) | |
| download | linux-f0e386ee0c0b71ea6f7238506a4d0965a2dbef11.tar.bz2 | |
printk: fix buffer overflow potential for print_text()
Before the commit 896fbe20b4e2333fb55 ("printk: use the lockless
ringbuffer"), msg_print_text() would only write up to size-1 bytes
into the provided buffer. Some callers expect this behavior and
append a terminator to returned string. In particular:
arch/powerpc/xmon/xmon.c:dump_log_buf()
arch/um/kernel/kmsg_dump.c:kmsg_dumper_stdout()
msg_print_text() has been replaced by record_print_text(), which
currently fills the full size of the buffer. This causes a
buffer overflow for the above callers.
Change record_print_text() so that it will only use size-1 bytes
for text data. Also, for paranoia sakes, add a terminator after
the text data.
And finally, document this behavior so that it is clear that only
size-1 bytes are used and a terminator is added.
Fixes: 896fbe20b4e2333fb55 ("printk: use the lockless ringbuffer")
Cc: stable@vger.kernel.org # 5.10+
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/20210114170412.4819-1-john.ogness@linutronix.de
Diffstat (limited to 'scripts/mkuboot.sh')
0 files changed, 0 insertions, 0 deletions