Patch "printk: ringbuffer: Fix truncating buffer size min_t cast" has been added to the 6.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    printk: ringbuffer: Fix truncating buffer size min_t cast

to the 6.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     printk-ringbuffer-fix-truncating-buffer-size-min_t-cast.patch
and it can be found in the queue-6.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 53e9e33ede37a247d926db5e4a9e56b55204e66c Mon Sep 17 00:00:00 2001
From: Kees Cook <keescook@xxxxxxxxxxxx>
Date: Thu, 10 Aug 2023 22:45:32 -0700
Subject: printk: ringbuffer: Fix truncating buffer size min_t cast

From: Kees Cook <keescook@xxxxxxxxxxxx>

commit 53e9e33ede37a247d926db5e4a9e56b55204e66c upstream.

If an output buffer size exceeded U16_MAX, the min_t(u16, ...) cast in
copy_data() was causing writes to truncate. This manifested as output
bytes being skipped, seen as %NUL bytes in pstore dumps when the available
record size was larger than 65536. Fix the cast to no longer truncate
the calculation.

Cc: Petr Mladek <pmladek@xxxxxxxx>
Cc: Sergey Senozhatsky <senozhatsky@xxxxxxxxxxxx>
Cc: Steven Rostedt <rostedt@xxxxxxxxxxx>
Cc: John Ogness <john.ogness@xxxxxxxxxxxxx>
Reported-by: Vijay Balakrishna <vijayb@xxxxxxxxxxxxxxxxxxx>
Link: https://lore.kernel.org/lkml/d8bb1ec7-a4c5-43a2-9de0-9643a70b899f@xxxxxxxxxxxxxxxxxxx/
Fixes: b6cf8b3f3312 ("printk: add lockless ringbuffer")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Tested-by: Vijay Balakrishna <vijayb@xxxxxxxxxxxxxxxxxxx>
Tested-by: Guilherme G. Piccoli <gpiccoli@xxxxxxxxxx> # Steam Deck
Reviewed-by: Tyler Hicks (Microsoft) <code@xxxxxxxxxxx>
Tested-by: Tyler Hicks (Microsoft) <code@xxxxxxxxxxx>
Reviewed-by: John Ogness <john.ogness@xxxxxxxxxxxxx>
Reviewed-by: Sergey Senozhatsky <senozhatsky@xxxxxxxxxxxx>
Reviewed-by: Petr Mladek <pmladek@xxxxxxxx>
Signed-off-by: Petr Mladek <pmladek@xxxxxxxx>
Link: https://lore.kernel.org/r/20230811054528.never.165-kees@xxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 kernel/printk/printk_ringbuffer.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/kernel/printk/printk_ringbuffer.c
+++ b/kernel/printk/printk_ringbuffer.c
@@ -1735,7 +1735,7 @@ static bool copy_data(struct prb_data_ri
 	if (!buf || !buf_size)
 		return true;
 
-	data_size = min_t(u16, buf_size, len);
+	data_size = min_t(unsigned int, buf_size, len);
 
 	memcpy(&buf[0], data, data_size); /* LMM(copy_data:A) */
 	return true;


Patches currently in stable-queue which might be from keescook@xxxxxxxxxxxx are

queue-6.4/selftests-harness-actually-report-skip-for-signal-te.patch
queue-6.4/selftests-memfd-error-out-test-process-when-child-te.patch
queue-6.4/arm-ptrace-restore-syscall-restart-tracing.patch
queue-6.4/printk-ringbuffer-fix-truncating-buffer-size-min_t-cast.patch
queue-6.4/arm-ptrace-restore-syscall-skipping-for-tracers.patch
queue-6.4/mac80211-make-ieee80211_tx_info-padding-explicit.patch
queue-6.4/net-deal-with-integer-overflows-in-kmalloc_reserve.patch
queue-6.4/wifi-brcmfmac-fix-field-spanning-write-in-brcmf_scan.patch



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux