--- /dev/null
+From f0e386ee0c0b71ea6f7238506a4d0965a2dbef11 Mon Sep 17 00:00:00 2001
+From: John Ogness <john.ogness@linutronix.de>
+Date: Thu, 14 Jan 2021 18:10:12 +0106
+Subject: printk: fix buffer overflow potential for print_text()
+
+From: John Ogness <john.ogness@linutronix.de>
+
+commit f0e386ee0c0b71ea6f7238506a4d0965a2dbef11 upstream.
+
+Before the commit 896fbe20b4e2333fb55 ("printk: use the lockless
+ringbuffer"), msg_print_text() would only write up to size-1 bytes
+into the provided buffer. Some callers expect this behavior and
+append a terminator to returned string. In particular:
+
+arch/powerpc/xmon/xmon.c:dump_log_buf()
+arch/um/kernel/kmsg_dump.c:kmsg_dumper_stdout()
+
+msg_print_text() has been replaced by record_print_text(), which
+currently fills the full size of the buffer. This causes a
+buffer overflow for the above callers.
+
+Change record_print_text() so that it will only use size-1 bytes
+for text data. Also, for paranoia sakes, add a terminator after
+the text data.
+
+And finally, document this behavior so that it is clear that only
+size-1 bytes are used and a terminator is added.
+
+Fixes: 896fbe20b4e2333fb55 ("printk: use the lockless ringbuffer")
+Cc: stable@vger.kernel.org # 5.10+
+Signed-off-by: John Ogness <john.ogness@linutronix.de>
+Reviewed-by: Petr Mladek <pmladek@suse.com>
+Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+Link: https://lore.kernel.org/r/20210114170412.4819-1-john.ogness@linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/printk/printk.c | 36 +++++++++++++++++++++++++++---------
+ 1 file changed, 27 insertions(+), 9 deletions(-)
+
+--- a/kernel/printk/printk.c
++++ b/kernel/printk/printk.c
+@@ -1338,11 +1338,16 @@ static size_t info_print_prefix(const st
+ * done:
+ *
+ * - Add prefix for each line.
++ * - Drop truncated lines that no longer fit into the buffer.
+ * - Add the trailing newline that has been removed in vprintk_store().
+- * - Drop truncated lines that do not longer fit into the buffer.
++ * - Add a string terminator.
++ *
++ * Since the produced string is always terminated, the maximum possible
++ * return value is @r->text_buf_size - 1;
+ *
+ * Return: The length of the updated/prepared text, including the added
+- * prefixes and the newline. The dropped line(s) are not counted.
++ * prefixes and the newline. The terminator is not counted. The dropped
++ * line(s) are not counted.
+ */
+ static size_t record_print_text(struct printk_record *r, bool syslog,
+ bool time)
+@@ -1385,26 +1390,31 @@ static size_t record_print_text(struct p
+
+ /*
+ * Truncate the text if there is not enough space to add the
+- * prefix and a trailing newline.
++ * prefix and a trailing newline and a terminator.
+ */
+- if (len + prefix_len + text_len + 1 > buf_size) {
++ if (len + prefix_len + text_len + 1 + 1 > buf_size) {
+ /* Drop even the current line if no space. */
+- if (len + prefix_len + line_len + 1 > buf_size)
++ if (len + prefix_len + line_len + 1 + 1 > buf_size)
+ break;
+
+- text_len = buf_size - len - prefix_len - 1;
++ text_len = buf_size - len - prefix_len - 1 - 1;
+ truncated = true;
+ }
+
+ memmove(text + prefix_len, text, text_len);
+ memcpy(text, prefix, prefix_len);
+
++ /*
++ * Increment the prepared length to include the text and
++ * prefix that were just moved+copied. Also increment for the
++ * newline at the end of this line. If this is the last line,
++ * there is no newline, but it will be added immediately below.
++ */
+ len += prefix_len + line_len + 1;
+-
+ if (text_len == line_len) {
+ /*
+- * Add the trailing newline removed in
+- * vprintk_store().
++ * This is the last line. Add the trailing newline
++ * removed in vprintk_store().
+ */
+ text[prefix_len + line_len] = '\n';
+ break;
+@@ -1429,6 +1439,14 @@ static size_t record_print_text(struct p
+ text_len -= line_len + 1;
+ }
+
++ /*
++ * If a buffer was provided, it will be terminated. Space for the
++ * string terminator is guaranteed to be available. The terminator is
++ * not counted in the return value.
++ */
++ if (buf_size > 0)
++ text[len] = 0;
++
+ return len;
+ }
+
--- /dev/null
+From 08d60e5999540110576e7c1346d486220751b7f9 Mon Sep 17 00:00:00 2001
+From: John Ogness <john.ogness@linutronix.de>
+Date: Sun, 24 Jan 2021 21:33:28 +0106
+Subject: printk: fix string termination for record_print_text()
+
+From: John Ogness <john.ogness@linutronix.de>
+
+commit 08d60e5999540110576e7c1346d486220751b7f9 upstream.
+
+Commit f0e386ee0c0b ("printk: fix buffer overflow potential for
+print_text()") added string termination in record_print_text().
+However it used the wrong base pointer for adding the terminator.
+This led to a 0-byte being written somewhere beyond the buffer.
+
+Use the correct base pointer when adding the terminator.
+
+Fixes: f0e386ee0c0b ("printk: fix buffer overflow potential for print_text()")
+Reported-by: Sven Schnelle <svens@linux.ibm.com>
+Signed-off-by: John Ogness <john.ogness@linutronix.de>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+Link: https://lore.kernel.org/r/20210124202728.4718-1-john.ogness@linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/printk/printk.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/printk/printk.c
++++ b/kernel/printk/printk.c
+@@ -1445,7 +1445,7 @@ static size_t record_print_text(struct p
+ * not counted in the return value.
+ */
+ if (buf_size > 0)
+- text[len] = 0;
++ r->text_buf[len] = 0;
+
+ return len;
+ }
objtool-don-t-fail-on-missing-symbol-table.patch
mm-page_alloc-add-a-missing-mm_page_alloc_zone_locked-tracepoint.patch
mm-fix-a-race-on-nr_swap_pages.patch
+tools-factor-hostcc-hostld-hostar-definitions.patch
+printk-fix-buffer-overflow-potential-for-print_text.patch
+printk-fix-string-termination-for-record_print_text.patch
--- /dev/null
+From c8a950d0d3b926a02c7b2e713850d38217cec3d1 Mon Sep 17 00:00:00 2001
+From: Jean-Philippe Brucker <jean-philippe@linaro.org>
+Date: Tue, 10 Nov 2020 17:43:05 +0100
+Subject: tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
+
+From: Jean-Philippe Brucker <jean-philippe@linaro.org>
+
+commit c8a950d0d3b926a02c7b2e713850d38217cec3d1 upstream.
+
+Several Makefiles in tools/ need to define the host toolchain variables.
+Move their definition to tools/scripts/Makefile.include
+
+Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
+Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
+Acked-by: Jiri Olsa <jolsa@redhat.com>
+Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Link: https://lore.kernel.org/bpf/20201110164310.2600671-2-jean-philippe@linaro.org
+Cc: Alistair Delva <adelva@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/bpf/resolve_btfids/Makefile | 9 ---------
+ tools/build/Makefile | 4 ----
+ tools/objtool/Makefile | 9 ---------
+ tools/perf/Makefile.perf | 4 ----
+ tools/power/acpi/Makefile.config | 1 -
+ tools/scripts/Makefile.include | 10 ++++++++++
+ 6 files changed, 10 insertions(+), 27 deletions(-)
+
+--- a/tools/bpf/resolve_btfids/Makefile
++++ b/tools/bpf/resolve_btfids/Makefile
+@@ -18,15 +18,6 @@ else
+ endif
+
+ # always use the host compiler
+-ifneq ($(LLVM),)
+-HOSTAR ?= llvm-ar
+-HOSTCC ?= clang
+-HOSTLD ?= ld.lld
+-else
+-HOSTAR ?= ar
+-HOSTCC ?= gcc
+-HOSTLD ?= ld
+-endif
+ AR = $(HOSTAR)
+ CC = $(HOSTCC)
+ LD = $(HOSTLD)
+--- a/tools/build/Makefile
++++ b/tools/build/Makefile
+@@ -15,10 +15,6 @@ endef
+ $(call allow-override,CC,$(CROSS_COMPILE)gcc)
+ $(call allow-override,LD,$(CROSS_COMPILE)ld)
+
+-HOSTCC ?= gcc
+-HOSTLD ?= ld
+-HOSTAR ?= ar
+-
+ export HOSTCC HOSTLD HOSTAR
+
+ ifeq ($(V),1)
+--- a/tools/objtool/Makefile
++++ b/tools/objtool/Makefile
+@@ -3,15 +3,6 @@ include ../scripts/Makefile.include
+ include ../scripts/Makefile.arch
+
+ # always use the host compiler
+-ifneq ($(LLVM),)
+-HOSTAR ?= llvm-ar
+-HOSTCC ?= clang
+-HOSTLD ?= ld.lld
+-else
+-HOSTAR ?= ar
+-HOSTCC ?= gcc
+-HOSTLD ?= ld
+-endif
+ AR = $(HOSTAR)
+ CC = $(HOSTCC)
+ LD = $(HOSTLD)
+--- a/tools/perf/Makefile.perf
++++ b/tools/perf/Makefile.perf
+@@ -175,10 +175,6 @@ endef
+
+ LD += $(EXTRA_LDFLAGS)
+
+-HOSTCC ?= gcc
+-HOSTLD ?= ld
+-HOSTAR ?= ar
+-
+ PKG_CONFIG = $(CROSS_COMPILE)pkg-config
+ LLVM_CONFIG ?= llvm-config
+
+--- a/tools/power/acpi/Makefile.config
++++ b/tools/power/acpi/Makefile.config
+@@ -54,7 +54,6 @@ INSTALL_SCRIPT = ${INSTALL_PROGRAM}
+ CROSS = #/usr/i386-linux-uclibc/usr/bin/i386-uclibc-
+ CROSS_COMPILE ?= $(CROSS)
+ LD = $(CC)
+-HOSTCC = gcc
+
+ # check if compiler option is supported
+ cc-supports = ${shell if $(CC) ${1} -S -o /dev/null -x c /dev/null > /dev/null 2>&1; then echo "$(1)"; fi;}
+--- a/tools/scripts/Makefile.include
++++ b/tools/scripts/Makefile.include
+@@ -59,6 +59,16 @@ $(call allow-override,LD,$(CROSS_COMPILE
+ $(call allow-override,CXX,$(CROSS_COMPILE)g++)
+ $(call allow-override,STRIP,$(CROSS_COMPILE)strip)
+
++ifneq ($(LLVM),)
++HOSTAR ?= llvm-ar
++HOSTCC ?= clang
++HOSTLD ?= ld.lld
++else
++HOSTAR ?= ar
++HOSTCC ?= gcc
++HOSTLD ?= ld
++endif
++
+ ifeq ($(CC_NO_CLANG), 1)
+ EXTRA_WARNINGS += -Wstrict-aliasing=3
+ endif
projects / thirdparty / kernel / stable-queue.git / commitdiff
