Commit 2561bbbe authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'printk-for-5.11-printk-rework-fixup' of...

Merge tag 'printk-for-5.11-printk-rework-fixup' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux

Pull printk fixes from Petr Mladek:

 - Fix line counting and buffer size calculation. Both regressions
   caused that a reader buffer might not get filled as much as possible.

 - Restore non-documented behavior of printk() reader API and make it
   official.

   It did not fill the last byte of the provided buffer before 5.10. Two
   architectures, powerpc and um, used it to add the trailing '\0'.
   There might theoretically be more callers depending on this behavior
   in userspace.

* tag 'printk-for-5.11-printk-rework-fixup' of git://git.kernel.org/pub/scm/linux/kernel/git/printk/linux:
  printk: fix buffer overflow potential for print_text()
  printk: fix kmsg_dump_get_buffer length calulations
  printk: ringbuffer: fix line counting
parents 6a52f4cf 535b6a12
...@@ -1291,11 +1291,16 @@ static size_t info_print_prefix(const struct printk_info *info, bool syslog, ...@@ -1291,11 +1291,16 @@ static size_t info_print_prefix(const struct printk_info *info, bool syslog,
* done: * done:
* *
* - Add prefix for each line. * - Add prefix for each line.
* - Drop truncated lines that no longer fit into the buffer.
* - Add the trailing newline that has been removed in vprintk_store(). * - Add the trailing newline that has been removed in vprintk_store().
* - Drop truncated lines that do not longer fit into the buffer. * - Add a string terminator.
*
* Since the produced string is always terminated, the maximum possible
* return value is @r->text_buf_size - 1;
* *
* Return: The length of the updated/prepared text, including the added * Return: The length of the updated/prepared text, including the added
* prefixes and the newline. The dropped line(s) are not counted. * prefixes and the newline. The terminator is not counted. The dropped
* line(s) are not counted.
*/ */
static size_t record_print_text(struct printk_record *r, bool syslog, static size_t record_print_text(struct printk_record *r, bool syslog,
bool time) bool time)
...@@ -1338,26 +1343,31 @@ static size_t record_print_text(struct printk_record *r, bool syslog, ...@@ -1338,26 +1343,31 @@ static size_t record_print_text(struct printk_record *r, bool syslog,
/* /*
* Truncate the text if there is not enough space to add the * Truncate the text if there is not enough space to add the
* prefix and a trailing newline. * prefix and a trailing newline and a terminator.
*/ */
if (len + prefix_len + text_len + 1 > buf_size) { if (len + prefix_len + text_len + 1 + 1 > buf_size) {
/* Drop even the current line if no space. */ /* Drop even the current line if no space. */
if (len + prefix_len + line_len + 1 > buf_size) if (len + prefix_len + line_len + 1 + 1 > buf_size)
break; break;
text_len = buf_size - len - prefix_len - 1; text_len = buf_size - len - prefix_len - 1 - 1;
truncated = true; truncated = true;
} }
memmove(text + prefix_len, text, text_len); memmove(text + prefix_len, text, text_len);
memcpy(text, prefix, prefix_len); memcpy(text, prefix, prefix_len);
/*
* Increment the prepared length to include the text and
* prefix that were just moved+copied. Also increment for the
* newline at the end of this line. If this is the last line,
* there is no newline, but it will be added immediately below.
*/
len += prefix_len + line_len + 1; len += prefix_len + line_len + 1;
if (text_len == line_len) { if (text_len == line_len) {
/* /*
* Add the trailing newline removed in * This is the last line. Add the trailing newline
* vprintk_store(). * removed in vprintk_store().
*/ */
text[prefix_len + line_len] = '\n'; text[prefix_len + line_len] = '\n';
break; break;
...@@ -1382,6 +1392,14 @@ static size_t record_print_text(struct printk_record *r, bool syslog, ...@@ -1382,6 +1392,14 @@ static size_t record_print_text(struct printk_record *r, bool syslog,
text_len -= line_len + 1; text_len -= line_len + 1;
} }
/*
* If a buffer was provided, it will be terminated. Space for the
* string terminator is guaranteed to be available. The terminator is
* not counted in the return value.
*/
if (buf_size > 0)
text[len] = 0;
return len; return len;
} }
...@@ -3427,7 +3445,7 @@ bool kmsg_dump_get_buffer(struct kmsg_dumper *dumper, bool syslog, ...@@ -3427,7 +3445,7 @@ bool kmsg_dump_get_buffer(struct kmsg_dumper *dumper, bool syslog,
while (prb_read_valid_info(prb, seq, &info, &line_count)) { while (prb_read_valid_info(prb, seq, &info, &line_count)) {
if (r.info->seq >= dumper->next_seq) if (r.info->seq >= dumper->next_seq)
break; break;
l += get_record_print_text_size(&info, line_count, true, time); l += get_record_print_text_size(&info, line_count, syslog, time);
seq = r.info->seq + 1; seq = r.info->seq + 1;
} }
...@@ -3437,7 +3455,7 @@ bool kmsg_dump_get_buffer(struct kmsg_dumper *dumper, bool syslog, ...@@ -3437,7 +3455,7 @@ bool kmsg_dump_get_buffer(struct kmsg_dumper *dumper, bool syslog,
&info, &line_count)) { &info, &line_count)) {
if (r.info->seq >= dumper->next_seq) if (r.info->seq >= dumper->next_seq)
break; break;
l -= get_record_print_text_size(&info, line_count, true, time); l -= get_record_print_text_size(&info, line_count, syslog, time);
seq = r.info->seq + 1; seq = r.info->seq + 1;
} }
......
...@@ -1718,7 +1718,7 @@ static bool copy_data(struct prb_data_ring *data_ring, ...@@ -1718,7 +1718,7 @@ static bool copy_data(struct prb_data_ring *data_ring,
/* Caller interested in the line count? */ /* Caller interested in the line count? */
if (line_count) if (line_count)
*line_count = count_lines(data, data_size); *line_count = count_lines(data, len);
/* Caller interested in the data content? */ /* Caller interested in the data content? */
if (!buf || !buf_size) if (!buf || !buf_size)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment