lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 3 Dec 2018 14:16:31 +0100
From:   Petr Mladek <pmladek@...e.com>
To:     Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>
Cc:     Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] printk: don't unconditionally shortcut print_time()

On Sun 2018-12-02 14:02:28, Tetsuo Handa wrote:
> On 2018/12/02 8:49, kbuild test robot wrote:
> >> kernel/printk/printk.c:2396:5: error: 'printk_time' undeclared (first use in this function)
>         ^~~~~~~~~~~
> Thanks. printk_time depends on CONFIG_PRINTK=y. Added a dummy definition.
> 
> 
> 
> >From f903b9fa36159472a207f93e2405e45e3999f650 Mon Sep 17 00:00:00 2001
> From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
> Date: Sun, 2 Dec 2018 13:57:01 +0900
> Subject: [PATCH v2] printk: fix printk_time race.
> 
> Since printk_time can be toggled via /sys/module/printk/parameters/time ,
> it is not safe to assume that output length does not change across
> multiple msg_print_text() calls. If we hit this race, we can observe
> failures such as SYSLOG_ACTION_READ_ALL writes more bytes than userspace
> has supplied, SYSLOG_ACTION_SIZE_UNREAD returns -EFAULT when succeeded,
> SYSLOG_ACTION_READ reads garbage memory or even triggers an kernel oops
> at _copy_to_user() due to integer overflow.
> 
> To close this race, get a snapshot value of printk_time and pass it to
> SYSLOG_ACTION_READ, SYSLOG_ACTION_READ_ALL, SYSLOG_ACTION_SIZE_UNREAD and
> kmsg_dump_get_buffer().
> 
> Signed-off-by: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
> Signed-off-by: Petr Mladek <pmladek@...e.com>

The patch looks good to me.

Acked-by: Petr Mladek <pmladek@...e.com>

I'll wait few more days for an eventual feedback before I push it
into printk.git.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ