printk: fix printk_time race. - linux

diff options

author	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>	2018-12-04 11:00:01 +0100
committer	Petr Mladek <pmladek@suse.com>	2018-12-10 10:45:59 +0100
commit	e80c1a9d5f514ce5134c6c4263a11607341466c9 (patch)
tree	9809c5253e849d33edd885322a2a925ae25e1937 /kernel/panic.c
parent	printk: Make printk_emit() local function. (diff)
download	linux-e80c1a9d5f514ce5134c6c4263a11607341466c9.tar.xz linux-e80c1a9d5f514ce5134c6c4263a11607341466c9.zip

printk: fix printk_time race.

Since printk_time can be toggled via /sys/module/printk/parameters/time , it is not safe to assume that output length does not change across multiple msg_print_text() calls. If we hit this race, we can observe failures such as SYSLOG_ACTION_READ_ALL writes more bytes than userspace has supplied, SYSLOG_ACTION_SIZE_UNREAD returns -EFAULT when succeeded, SYSLOG_ACTION_READ reads garbage memory or even triggers an kernel oops at _copy_to_user() due to integer overflow. To close this race, get a snapshot value of printk_time and pass it to SYSLOG_ACTION_READ, SYSLOG_ACTION_READ_ALL, SYSLOG_ACTION_SIZE_UNREAD and kmsg_dump_get_buffer(). Link: http://lkml.kernel.org/r/555af37c-b9e0-f940-cb73-a78eba2d4944@i-love.sakura.ne.jp To: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com> Cc: linux-kernel@vger.kernel.org Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Petr Mladek <pmladek@suse.com>

Diffstat (limited to 'kernel/panic.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: