| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87r1mh5mso.fsf@jogness.linutronix.de>
Date: Tue, 19 Jan 2021 10:00:47 +0106
From: John Ogness <john.ogness@...utronix.de>
To: Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Petr Mladek <pmladek@...e.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@...il.com>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] printk: fix buffer overflow potential for print_text()
On 2021-01-19, Sergey Senozhatsky <sergey.senozhatsky@...il.com> wrote:
> John, how did you spot these problems?
I am preparing my series to remove the logbuf_lock, which also refactors
and consolidates code from syslog_print_all() and
kmsg_dump_get_buffer(). While testing/verifying my series, I noticed the
these oddities in the semantics and decided I should research where they
came from and if they were actually necessary.
I wouldn't say the oddities are necessary (in fact, they are quite
annoying), but we have decided to keep them in out of fear of breaking
out-of-tree modules and/or interesting userspace code.
One positive effect of the rework is that we are finding these oddities
and documenting them. I think you and Petr are going down a similar path
with the console registration stuff now.
John
Powered by blists - more mailing lists