From: Petr Mladek <pmladek@suse.com>
To: John Ogness <john.ogness@linutronix.de>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>,
Steven Rostedt <rostedt@goodmis.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH printk v2 1/2] printk_ringbuffer: Fix get_data() size sanity check
Date: Fri, 27 Mar 2026 17:20:14 +0100 [thread overview]
Message-ID: <acauPlmV4RayduW_@pathway.suse.cz> (raw)
In-Reply-To: <20260326133809.8045-1-john.ogness@linutronix.de>
On Thu 2026-03-26 14:44:01, John Ogness wrote:
> Commit cc3bad11de6e ("printk_ringbuffer: Fix check of valid data
> size when blk_lpos overflows") added sanity checking to get_data()
> to avoid returning data of illegal sizes (too large or too small).
> It uses the helper function data_check_size() for the check.
> However, data_check_size() expects the size of the data, not the
> size of the data block. get_data() is providing the size of the
> data block. This means that if the data size (text_buf_size) is
> at or near the maximum legal size:
>
> sizeof(prb_data_block) + text_buf_size == DATA_SIZE(data_ring) / 2
>
> data_check_size() will report failure because it adds
> sizeof(prb_data_block) to the provided size. The sanity check in
> get_data() is counting the data block header twice. The result is
> that the reader fails to read the legal record.
>
> Since get_data() subtracts the data block header size before returning,
> move the sanity check to after the subtraction.
>
> Luckily printk() is not vulnerable to this problem because
> truncate_msg() limits printk-messages to 1/4 of the ringbuffer.
> Indeed, by adjusting the printk_ringbuffer KUnit test, which does not
> use printk() and its truncate_msg() check, it is easy to see that the
> reader fails and the WARN_ON is triggered.
>
> Fixes: cc3bad11de6e ("printk_ringbuffer: Fix check of valid data size when blk_lpos overflows")
> Signed-off-by: John Ogness <john.ogness@linutronix.de>
JFYI, both patches have been comitted into printk/linux.git,
branch rework/prb-fixes.
They are queued for the next merge window (7.1).
Best Regards,
Petr
prev parent reply other threads:[~2026-03-27 16:20 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-26 13:38 [PATCH printk v2 1/2] printk_ringbuffer: Fix get_data() size sanity check John Ogness
2026-03-26 13:38 ` [PATCH printk v2 2/2] printk_ringbuffer: Add sanity check for 0-size data John Ogness
2026-03-27 16:08 ` Petr Mladek
2026-03-27 16:07 ` [PATCH printk v2 1/2] printk_ringbuffer: Fix get_data() size sanity check Petr Mladek
2026-03-27 16:20 ` Petr Mladek [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acauPlmV4RayduW_@pathway.suse.cz \
--to=pmladek@suse.com \
--cc=john.ogness@linutronix.de \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
--cc=senozhatsky@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.