On Wed, Mar 23, 2022 at 04:35:36PM +0100, Philipp Rudo wrote: > The old printk mechanism (> v3.5.0 and < v5.10.0) had a fixed size > buffer (log_buf) that contains all messages. The location for the next > message is stored in log_next_idx. In case the log_buf runs full > log_next_idx wraps around and starts overwriting old messages at the > beginning of the buffer. The wraparound is denoted by a message with > msg->len == 0. > > Following the behavior described above blindly is dangerous as e.g. a > memory corruption could overwrite (parts of) the log_buf. If the > corruption adds a message with msg->len == 0 this leads to an endless > loop when dumping the dmesg. Fix this by verifying that not wrapped > around before when it encounters a message with msg->len == 0. > > While at it also verify that the index is within the log_buf and thus > guard against corruptions with msg->len != 0. > > The same bug has been reported and fixed in makedumpfile [1]. > > [1] http://lists.infradead.org/pipermail/kexec/2022-March/024272.html > > Signed-off-by: Philipp Rudo <prudo@xxxxxxxxxx> Thanks Philipp, applied. _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec
