5.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook keescook@chromium.org
commit 53e9e33ede37a247d926db5e4a9e56b55204e66c upstream.
If an output buffer size exceeded U16_MAX, the min_t(u16, ...) cast in copy_data() was causing writes to truncate. This manifested as output bytes being skipped, seen as %NUL bytes in pstore dumps when the available record size was larger than 65536. Fix the cast to no longer truncate the calculation.
Cc: Petr Mladek pmladek@suse.com Cc: Sergey Senozhatsky senozhatsky@chromium.org Cc: Steven Rostedt rostedt@goodmis.org Cc: John Ogness john.ogness@linutronix.de Reported-by: Vijay Balakrishna vijayb@linux.microsoft.com Link: https://lore.kernel.org/lkml/d8bb1ec7-a4c5-43a2-9de0-9643a70b899f@linux.micr... Fixes: b6cf8b3f3312 ("printk: add lockless ringbuffer") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook keescook@chromium.org Tested-by: Vijay Balakrishna vijayb@linux.microsoft.com Tested-by: Guilherme G. Piccoli gpiccoli@igalia.com # Steam Deck Reviewed-by: Tyler Hicks (Microsoft) code@tyhicks.com Tested-by: Tyler Hicks (Microsoft) code@tyhicks.com Reviewed-by: John Ogness john.ogness@linutronix.de Reviewed-by: Sergey Senozhatsky senozhatsky@chromium.org Reviewed-by: Petr Mladek pmladek@suse.com Signed-off-by: Petr Mladek pmladek@suse.com Link: https://lore.kernel.org/r/20230811054528.never.165-kees@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- kernel/printk/printk_ringbuffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/printk/printk_ringbuffer.c +++ b/kernel/printk/printk_ringbuffer.c @@ -1726,7 +1726,7 @@ static bool copy_data(struct prb_data_ri if (!buf || !buf_size) return true;
- data_size = min_t(u16, buf_size, len); + data_size = min_t(unsigned int, buf_size, len);
memcpy(&buf[0], data, data_size); /* LMM(copy_data:A) */ return true;