Re: [PATCH] util_lib/elf_info: harden parsing of printk buffer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 23, 2022 at 04:35:36PM +0100, Philipp Rudo wrote:
> The old printk mechanism (> v3.5.0 and < v5.10.0) had a fixed size
> buffer (log_buf) that contains all messages. The location for the next
> message is stored in log_next_idx. In case the log_buf runs full
> log_next_idx wraps around and starts overwriting old messages at the
> beginning of the buffer. The wraparound is denoted by a message with
> msg->len == 0.
> 
> Following the behavior described above blindly is dangerous as e.g. a
> memory corruption could overwrite (parts of) the log_buf. If the
> corruption adds a message with msg->len == 0 this leads to an endless
> loop when dumping the dmesg. Fix this by verifying that not wrapped
> around before when it encounters a message with msg->len == 0.
> 
> While at it also verify that the index is within the log_buf and thus
> guard against corruptions with msg->len != 0.
> 
> The same bug has been reported and fixed in makedumpfile [1].
> 
> [1] http://lists.infradead.org/pipermail/kexec/2022-March/024272.html
> 
> Signed-off-by: Philipp Rudo <prudo@xxxxxxxxxx>

Thanks Philipp, applied.

_______________________________________________
kexec mailing list
kexec@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/kexec



[Index of Archives]     [LM Sensors]     [Linux Sound]     [ALSA Users]     [ALSA Devel]     [Linux Audio Users]     [Linux Media]     [Kernel]     [Gimp]     [Yosemite News]     [Linux Media]

  Powered by Linux