review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
	Tue, 4 Dec 2018 10:00:01 +0000 (19:00 +0900)
committer	Petr Mladek <pmladek@suse.com>
	Mon, 10 Dec 2018 09:45:59 +0000 (10:45 +0100)
commit	e80c1a9d5f514ce5134c6c4263a11607341466c9
tree	9809c5253e849d33edd885322a2a925ae25e1937	tree \| snapshot
parent	9adcfaffc34d53e498637237fb3701560359d50b	commit \| diff

printk: fix printk_time race.

Since printk_time can be toggled via /sys/module/printk/parameters/time ,
it is not safe to assume that output length does not change across
multiple msg_print_text() calls. If we hit this race, we can observe
failures such as SYSLOG_ACTION_READ_ALL writes more bytes than userspace
has supplied, SYSLOG_ACTION_SIZE_UNREAD returns -EFAULT when succeeded,
SYSLOG_ACTION_READ reads garbage memory or even triggers an kernel oops
at _copy_to_user() due to integer overflow.

To close this race, get a snapshot value of printk_time and pass it to
SYSLOG_ACTION_READ, SYSLOG_ACTION_READ_ALL, SYSLOG_ACTION_SIZE_UNREAD and
kmsg_dump_get_buffer().

Link: http://lkml.kernel.org/r/555af37c-b9e0-f940-cb73-a78eba2d4944@i-love.sakura.ne.jp
To: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>