This is a note to let you know that I've just added the patch titled printk: ringbuffer: Fix truncating buffer size min_t cast to the 6.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: printk-ringbuffer-fix-truncating-buffer-size-min_t-cast.patch and it can be found in the queue-6.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 53e9e33ede37a247d926db5e4a9e56b55204e66c Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook@xxxxxxxxxxxx> Date: Thu, 10 Aug 2023 22:45:32 -0700 Subject: printk: ringbuffer: Fix truncating buffer size min_t cast From: Kees Cook <keescook@xxxxxxxxxxxx> commit 53e9e33ede37a247d926db5e4a9e56b55204e66c upstream. If an output buffer size exceeded U16_MAX, the min_t(u16, ...) cast in copy_data() was causing writes to truncate. This manifested as output bytes being skipped, seen as %NUL bytes in pstore dumps when the available record size was larger than 65536. Fix the cast to no longer truncate the calculation. Cc: Petr Mladek <pmladek@xxxxxxxx> Cc: Sergey Senozhatsky <senozhatsky@xxxxxxxxxxxx> Cc: Steven Rostedt <rostedt@xxxxxxxxxxx> Cc: John Ogness <john.ogness@xxxxxxxxxxxxx> Reported-by: Vijay Balakrishna <vijayb@xxxxxxxxxxxxxxxxxxx> Link: https://lore.kernel.org/lkml/d8bb1ec7-a4c5-43a2-9de0-9643a70b899f@xxxxxxxxxxxxxxxxxxx/ Fixes: b6cf8b3f3312 ("printk: add lockless ringbuffer") Cc: stable@xxxxxxxxxxxxxxx Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Tested-by: Vijay Balakrishna <vijayb@xxxxxxxxxxxxxxxxxxx> Tested-by: Guilherme G. Piccoli <gpiccoli@xxxxxxxxxx> # Steam Deck Reviewed-by: Tyler Hicks (Microsoft) <code@xxxxxxxxxxx> Tested-by: Tyler Hicks (Microsoft) <code@xxxxxxxxxxx> Reviewed-by: John Ogness <john.ogness@xxxxxxxxxxxxx> Reviewed-by: Sergey Senozhatsky <senozhatsky@xxxxxxxxxxxx> Reviewed-by: Petr Mladek <pmladek@xxxxxxxx> Signed-off-by: Petr Mladek <pmladek@xxxxxxxx> Link: https://lore.kernel.org/r/20230811054528.never.165-kees@xxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- kernel/printk/printk_ringbuffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/printk/printk_ringbuffer.c +++ b/kernel/printk/printk_ringbuffer.c @@ -1735,7 +1735,7 @@ static bool copy_data(struct prb_data_ri if (!buf || !buf_size) return true; - data_size = min_t(u16, buf_size, len); + data_size = min_t(unsigned int, buf_size, len); memcpy(&buf[0], data, data_size); /* LMM(copy_data:A) */ return true; Patches currently in stable-queue which might be from keescook@xxxxxxxxxxxx are queue-6.4/selftests-harness-actually-report-skip-for-signal-te.patch queue-6.4/selftests-memfd-error-out-test-process-when-child-te.patch queue-6.4/arm-ptrace-restore-syscall-restart-tracing.patch queue-6.4/printk-ringbuffer-fix-truncating-buffer-size-min_t-cast.patch queue-6.4/arm-ptrace-restore-syscall-skipping-for-tracers.patch queue-6.4/mac80211-make-ieee80211_tx_info-padding-explicit.patch queue-6.4/net-deal-with-integer-overflows-in-kmalloc_reserve.patch queue-6.4/wifi-brcmfmac-fix-field-spanning-write-in-brcmf_scan.patch