From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BE9431A07B
	for <linux-kernel@vger.kernel.org>; Fri, 27 Mar 2026 16:07:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.48
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1774627678; cv=none; b=H8n6X7qhyjSmhi4C4sz4EosGNa+X6mEM8QQt0AfFQc3rRQbOHlQtb5qkmlWpv3RTI/GWvYDNA8uuSNK3i3LDN0gI/9wmeeTYSV5C8CXfjvWM47xAX+yDqrmyO2F8vFK0OSXOpXcCDMJjXtBSKal5AO6gAOs2sw/qjAznADotRx8=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1774627678; c=relaxed/simple;
	bh=LgPcTp0aoLvH/BeIpubQFKcLCsZMR1WJhS9dWpX9shA=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=OK4T0NA+Frm8DtBaONhhPtlrS+Vb70apLcscSl6XEhzEncNwzrIHyWocnjxcIhzR/Kn6QRPZRIScU3OZCHkDsDX4Ct5pjR/6Vwid5gfCk7EgzB030I9U9cYlTOOcRjl6qhPVYHzKgaUxlIcxO674zFTw3Z1UtnVGcIvheoCLSWE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com; spf=pass smtp.mailfrom=suse.com; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b=Q08eQ1C4; arc=none smtp.client-ip=209.85.128.48
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=suse.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=suse.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="Q08eQ1C4"
Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-486ff3a0fc1so22462855e9.2
        for <linux-kernel@vger.kernel.org>; Fri, 27 Mar 2026 09:07:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=suse.com; s=google; t=1774627676; x=1775232476; darn=vger.kernel.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=1804Fppw2H7b2no1CBhcw3hczGY87wT9QOvsHOSqJ+k=;
        b=Q08eQ1C4QCFIERBsFEzu8+nWqTS2Vo0Opozx4Qan+MPhnM7MIM/VJbX4EZVhsiZE+9
         SVYWsAlgT4SkEPoPmpdATUYWg7GqOpOIaNnajl+/Ok7DWx5q4oCOfQv9m9tCku7yml0A
         +RUJCrthsXvTBdLeX9cYR0O+CQkZJjcHcC4WkeZfA4JhoNGRYVNavVgBmIswIw8VOPKS
         alXLPg+5jfegF7mVaWSBcsr9fdR2BZY0VmX76qn/21hdQyhsAS2Au95zWMNdeqnsRtQf
         6MRe0fHXU9BsWLmXFXqbjaWx7a+sRXZemtlhbitVf/VfbJIc1p/sdJrTmiznCTlJFb7O
         OIfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774627676; x=1775232476;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1804Fppw2H7b2no1CBhcw3hczGY87wT9QOvsHOSqJ+k=;
        b=QmqXU4hl1lhBMII9cFmx8gC7OUkGdHTcqO4cLl0neSbvNAas7UXuYrjkWgyAd/w04n
         iQOD4R8Y4ikDGDXEQeoNHajkCaFfcDpDHKlHoA9VhELEryG1x5yxl81qoP05snDhPvXE
         aEgUTu2zRsJnQMLPs+Gsei+UwSSJlZHU6aWmluKH6RTe+Snkvw/5kZQguI6saeLsNdPE
         Q+KPwA1OmUAmF/SvkgN/95uAFphwCqkW9T5VDJeMNaZwyaOEs5N3NjmiogTvH2xGGFby
         vtrMwjFphjBdaG17RqEjcIsyJMyorcnl8e309/2ET2TWhTBL4EEGckuFZ5MCFO+F2okQ
         PgmQ==
X-Forwarded-Encrypted: i=1; AJvYcCXmUpzXQri6zQ7kUptj67D5JjJMruczzHvUZx47RujbUoGVDzkzSPjTuNwpY4JYPpS8sSbJXQz4kfV+WdY=@vger.kernel.org
X-Gm-Message-State: AOJu0YyIhUuQ3knpF+tupk4gqymiVovNRBI8pillbX4B3h2QD8UY7+9a
	raqaTh0O99yPau5ut3Y0djS6wu/9b1jMVtEnhkZcbftNJORMSE5S6f4mEkQRM60cNFU=
X-Gm-Gg: ATEYQzxPhSV6jtLv1/EQrLbrO3rF/yyPEQyfJu4HEKZgwo2b9+ByAlO5t2HoQPdeQDO
	mybjWFOUTyALS81bjasYCwBHCNmuEFU1qulvViLAZzhcQpS+Y1H27JMojAjcxsIpisum2tm9jCr
	lVcPT4FsuhfqhWLLWEYDosNycutR7f87vo+lm8Gg3QKEyoIJ9ICjvkaTIWkt9jw4dAcj22Kdpc+
	hTRxTCrSDXDnSvYt4Fb2eQa4kCqAaRMFtu+CvajDJ/SOV5+iJlBLbuOolao+O5soa4Ae0A53i3f
	JukZevp1ZlDBVT6Fz0pd+E+ExwdbR5/+cRrNq3uj2q04OVdDxHO2GKjEj9CsiV2d1u7ZlnUrrvR
	Dy8BdQKlYpHuCCzq8ZgaTwDL5vyLkBhcQngHzCwmbknW39hTyf8bz8Fb8AJlLCZoA2/TnWVbD1I
	tBhFJrHWY5zGzR3YpQ7yWoBFav0EjCILTZ55f1
X-Received: by 2002:a05:600c:1d15:b0:485:2fc5:3a5 with SMTP id 5b1f17b1804b1-48727edf4f5mr50536855e9.26.1774627675609;
        Fri, 27 Mar 2026 09:07:55 -0700 (PDT)
Received: from pathway.suse.cz ([176.114.240.130])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48722d4d884sm137419735e9.15.2026.03.27.09.07.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 27 Mar 2026 09:07:55 -0700 (PDT)
Date: Fri, 27 Mar 2026 17:07:53 +0100
From: Petr Mladek <pmladek@suse.com>
To: John Ogness <john.ogness@linutronix.de>
Cc: Sergey Senozhatsky <senozhatsky@chromium.org>,
	Steven Rostedt <rostedt@goodmis.org>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH printk v2 1/2] printk_ringbuffer: Fix get_data() size
 sanity check
Message-ID: <acarWeINTLmVCPaL@pathway.suse.cz>
References: <20260326133809.8045-1-john.ogness@linutronix.de>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20260326133809.8045-1-john.ogness@linutronix.de>

On Thu 2026-03-26 14:44:01, John Ogness wrote:
> Commit cc3bad11de6e ("printk_ringbuffer: Fix check of valid data
> size when blk_lpos overflows") added sanity checking to get_data()
> to avoid returning data of illegal sizes (too large or too small).
> It uses the helper function data_check_size() for the check.
> However, data_check_size() expects the size of the data, not the
> size of the data block. get_data() is providing the size of the
> data block.  This means that if the data size (text_buf_size) is
> at or near the maximum legal size:
> 
> sizeof(prb_data_block) + text_buf_size == DATA_SIZE(data_ring) / 2
> 
> data_check_size() will report failure because it adds
> sizeof(prb_data_block) to the provided size. The sanity check in
> get_data() is counting the data block header twice. The result is
> that the reader fails to read the legal record.
> 
> Since get_data() subtracts the data block header size before returning,
> move the sanity check to after the subtraction.
> 
> Luckily printk() is not vulnerable to this problem because
> truncate_msg() limits printk-messages to 1/4 of the ringbuffer.
> Indeed, by adjusting the printk_ringbuffer KUnit test, which does not
> use printk() and its truncate_msg() check, it is easy to see that the
> reader fails and the WARN_ON is triggered.
> 
> Fixes: cc3bad11de6e ("printk_ringbuffer: Fix check of valid data size when blk_lpos overflows")
> Signed-off-by: John Ogness <john.ogness@linutronix.de>

Great catch. Looks good to me.

Reviewed-by: Petr Mladek <pmladek@suse.com>
Tested-by: Petr Mladek <pmladek@suse.com>

Best Regards,
Petr