Re: [PATCH v2 1/2] printk: Fix panic caused by passing log_buf_len to command line
From: Steven Rostedt
Date: Tue Sep 18 2018 - 22:43:17 EST
On Wed, 19 Sep 2018 11:39:32 +0900
Sergey Senozhatsky <sergey.senozhatsky.work@xxxxxxxxx> wrote:
> On (09/19/18 10:27), He Zhe wrote:
> > On 2018å09æ19æ 09:50, Sergey Senozhatsky wrote:
> > > On (09/19/18 01:17), zhe.he@xxxxxxxxxxxxx wrote:
> > >> @@ -1048,7 +1048,14 @@ static void __init log_buf_len_update(unsigned size)
> > >> /* save requested log_buf_len since it's too early to process it */
> > >> static int __init log_buf_len_setup(char *str)
> > >> {
> > >> - unsigned size = memparse(str, &str);
> > >> + unsigned size;
> > > unsigned int size;
> >
> > This is in v1 but then Steven suggested that it should be split out
> > and only keep the pure fix part here.
>
> Ah, I see.
>
> Hmm... memparse() returns u64 value. A user *probably* can ask the kernel
> to allocate log_buf larger than 'unsigned int'.
>
> So may be I'd do two fixes here:
>
> First - switch to u64 size.
> Second - check for NULL str.
>
>
> Steven, Petr, what do you think?
>
I think I would switch it around. Check for NULL first, and then switch
to u64. It was always an int, do we need to backport converting it to
u64 to stable? The NULL check is a definite, the overflow of int
shouldn't crash anything.
-- Steve