Re: [PATCH REPOST] printk: fix possible printk buffer overrunintroduced with recursion check
From: Ingo Molnar
Date: Wed Feb 13 2008 - 07:46:20 EST
* Tejun Heo <htejun@xxxxxxxxx> wrote:
> printk recursion detection prepends message to printk_buf and offsets
> printk_buf when actual message is printed but it forgets to trim
> buffer length accordingly. This can result in buffer overrun in
> extreme cases.
>
> While at it, make printk_recursion_bug_msg static and move static
> variables for recursion check into vprintk().
> @@ -666,7 +664,7 @@ asmlinkage int vprintk(const char *fmt, va_list args)
> }
> /* Emit the output into the temporary buffer */
> printed_len += vscnprintf(printk_buf + printed_len,
> - sizeof(printk_buf), fmt, args);
> + sizeof(printk_buf) - printed_len, fmt, args);
>
> /*
nice one! I missed that.
Acked-by: Ingo Molnar <mingo@xxxxxxx>
but i'm not sure i agree with the moving of these variables inside
vprintk:
> -/* cpu currently holding logbuf_lock */
> -static volatile unsigned int printk_cpu = UINT_MAX;
> -
> -const char printk_recursion_bug_msg [] =
> - KERN_CRIT "BUG: recent printk recursion!\n";
> -static int printk_recursion_bug;
> -
> asmlinkage int vprintk(const char *fmt, va_list args)
> {
> + /* cpu currently holding logbuf_lock */
> + static volatile unsigned int printk_cpu = UINT_MAX;
> + static const char printk_recursion_bug_msg [] =
> + KERN_CRIT "BUG: recent printk recursion!\n";
> + static int printk_recursion_bug;
> static int log_level_unknown = 1;
> static char printk_buf[1024];
it's easy to miss a static variable inside a function local variables
block. It would b ebetter to move log_level_unknown and printk_buf
_outside_ the function, to the other ones. [and to mark
printk_recursion_bug_msg static]
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/